test_x86.py
import unittest
import functools
from manticore.core.cpu.x86 import *
from manticore.core.smtlib import *
from manticore.core.memory import *
def skipIfNotImplemented(f):
# XXX(yan) the inner function name must start with test_
@functools.wraps(f)
def test_inner(*args, **kwargs):
try:
return f(*args, **kwargs)
except NotImplementedError as e:
raise unittest.SkipTest(str(e))
return test_inner
def forAllTests(decorator):
def decorate(cls):
for attr in cls.__dict__:
if not attr.startswith('test_'):
continue
method = getattr(cls, attr)
if callable(method):
setattr(cls, attr, decorator(method))
return cls
return decorate
@forAllTests(skipIfNotImplemented)
class CPUTest(unittest.TestCase):
_multiprocess_can_split_ = True
# Used while transitioning to py3
def assertEqual(self, a, b):
if isinstance(b, str):
b = bytes([ord(c) for c in b])
return super().assertEqual(a, b)
class ROOperand(object):
''' Mocking class for operand ronly '''
def __init__(self, size, value):
self.size = size
self.value = value
def read(self):
return self.value & ((1<<self.size)-1)
class RWOperand(ROOperand):
''' Mocking class for operand rw '''
def write(self, value):
self.value = value & ((1<<self.size)-1)
return self.value
def test_AAD_1(self):
''' Instruction AAD_1
Groups: not64bitmode
0x80702ff: aad 0xff
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x08070300] = '\xff'
mem[0x080702ff] = '\xd5'
cpu.EIP = 0x80702ff
cpu.AH = 0x0
cpu.ZF = False
cpu.AL = 0x30
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x8070300], '\xff')
self.assertEqual(mem[0x80702ff], '\xd5')
self.assertEqual(cpu.EIP, 134677249)
self.assertEqual(cpu.AH, 0)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.AL, 48)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_AAD_2(self):
''' Instruction AAD_2
Groups: not64bitmode
0x8070301: aad 0
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x08070301] = '\xd5'
mem[0x08070302] = '\x00'
cpu.EIP = 0x8070301
cpu.AH = 0x0
cpu.ZF = False
cpu.AL = 0x30
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x8070301], '\xd5')
self.assertEqual(mem[0x8070302], '\x00')
self.assertEqual(cpu.EIP, 134677251)
self.assertEqual(cpu.AH, 0)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.AL, 48)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_AAD_3(self):
''' Instruction AAD_3
Groups: not64bitmode
0x8070303: aad 0
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x08070303] = '\xd5'
mem[0x08070304] = '\x00'
cpu.EIP = 0x8070303
cpu.AH = 0x0
cpu.ZF = False
cpu.AL = 0x30
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x8070303], '\xd5')
self.assertEqual(mem[0x8070304], '\x00')
self.assertEqual(cpu.EIP, 134677253)
self.assertEqual(cpu.AH, 0)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.AL, 48)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_AAD_4(self):
''' Instruction AAD_4
Groups: not64bitmode
0x80702fb: aad
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x080702fb] = '\xd5'
mem[0x080702fc] = '\n'
cpu.EIP = 0x80702fb
cpu.AH = 0xec
cpu.ZF = True
cpu.AL = 0xf8
cpu.PF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x80702fb], '\xd5')
self.assertEqual(mem[0x80702fc], '\n')
self.assertEqual(cpu.EIP, 134677245)
self.assertEqual(cpu.AH, 0)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.AL, 48)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_AAD_5(self):
''' Instruction AAD_5
Groups: not64bitmode
0x80702fd: aad 0xf
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x080702fd] = '\xd5'
mem[0x080702fe] = '\x0f'
cpu.EIP = 0x80702fd
cpu.AH = 0x0
cpu.ZF = False
cpu.AL = 0x30
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x80702fd], '\xd5')
self.assertEqual(mem[0x80702fe], '\x0f')
self.assertEqual(cpu.EIP, 134677247)
self.assertEqual(cpu.AH, 0)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.AL, 48)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_AAM_1(self):
''' Instruction AAM_1
Groups: not64bitmode
0x8070306: aam
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x08070306] = '\xd4'
mem[0x08070307] = '\n'
cpu.EIP = 0x8070306
cpu.AH = 0x0
cpu.ZF = True
cpu.AL = 0x0
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x8070306], '\xd4')
self.assertEqual(mem[0x8070307], '\n')
self.assertEqual(cpu.EIP, 134677256)
self.assertEqual(cpu.AH, 0)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.AL, 0)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_AAM_2(self):
''' Instruction AAM_2
Groups: not64bitmode
0x807030a: aam 0xff
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x0807030a] = '\xd4'
mem[0x0807030b] = '\xff'
cpu.EIP = 0x807030a
cpu.AH = 0x0
cpu.ZF = True
cpu.AL = 0x0
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x807030a], '\xd4')
self.assertEqual(mem[0x807030b], '\xff')
self.assertEqual(cpu.EIP, 134677260)
self.assertEqual(cpu.AH, 0)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.AL, 0)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_AAM_3(self):
''' Instruction AAM_3
Groups: not64bitmode
0x8070308: aam 0xf
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x08070308] = '\xd4'
mem[0x08070309] = '\x0f'
cpu.EIP = 0x8070308
cpu.AH = 0x0
cpu.ZF = True
cpu.AL = 0x0
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x8070308], '\xd4')
self.assertEqual(mem[0x8070309], '\x0f')
self.assertEqual(cpu.EIP, 134677258)
self.assertEqual(cpu.AH, 0)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.AL, 0)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_ADD_1(self):
''' Instruction ADD_1
Groups:
0xf7fec387: add ecx, edi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec388] = '\xf9'
mem[0xf7fec387] = '\x01'
cpu.EIP = 0xf7fec387
cpu.PF = False
cpu.ECX = 0x5c6b
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.EDI = 0xf7e22474
cpu.CF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fec388], '\xf9')
self.assertEqual(mem[0xf7fec387], '\x01')
self.assertEqual(cpu.EIP, 4160668553)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.ECX, 4158816479)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.EDI, 4158792820)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, True)
def test_ADD_10(self):
''' Instruction ADD_10
Groups:
0xf7fe71b9: add dword ptr [eax], edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fbf000, 0x1000, 'rwx')
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fbf780] = '\xa0'
mem[0xf7fbf781] = '\xe9'
mem[0xf7fbf782] = '\x06'
mem[0xf7fbf783] = '\x00'
mem[0xf7fe71b9] = '\x01'
mem[0xf7fe71ba] = '\x10'
cpu.EIP = 0xf7fe71b9
cpu.EAX = 0xf7fbf780
cpu.PF = False
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EDX = 0xf7e15000
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fbf780], '\xa0')
self.assertEqual(mem[0xf7fbf781], '9')
self.assertEqual(mem[0xf7fbf782], '\xe8')
self.assertEqual(mem[0xf7fbf783], '\xf7')
self.assertEqual(mem[0xf7fe71b9], '\x01')
self.assertEqual(mem[0xf7fe71ba], '\x10')
self.assertEqual(cpu.EIP, 4160647611)
self.assertEqual(cpu.EAX, 4160485248)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EDX, 4158738432)
self.assertEqual(cpu.SF, True)
def test_ADD_11(self):
''' Instruction ADD_11
Groups:
0xf7ff41d7: add ebx, 0x1315
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff41d7] = '\x81'
mem[0xf7ff41d8] = '\xc3'
mem[0xf7ff41d9] = '\x15'
mem[0xf7ff41da] = '\x13'
mem[0xf7ff41db] = '\x00'
mem[0xf7ff41dc] = '\x00'
cpu.EIP = 0xf7ff41d7
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.EBX = 0xf7ff41d7
cpu.CF = True
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7ff41d7], '\x81')
self.assertEqual(mem[0xf7ff41d8], '\xc3')
self.assertEqual(mem[0xf7ff41d9], '\x15')
self.assertEqual(mem[0xf7ff41da], '\x13')
self.assertEqual(mem[0xf7ff41db], '\x00')
self.assertEqual(mem[0xf7ff41dc], '\x00')
self.assertEqual(cpu.EIP, 4160700893)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.EBX, 4160705772)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, True)
def test_ADD_12(self):
''' Instruction ADD_12
Groups:
0xf7fe71b9: add dword ptr [eax], edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fbf000, 0x1000, 'rwx')
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fbfb0c] = '\xf0'
mem[0xf7fbfb0d] = '\x1e'
mem[0xf7fbfb0e] = '\x07'
mem[0xf7fbfb0f] = '\x00'
mem[0xf7fe71b9] = '\x01'
mem[0xf7fe71ba] = '\x10'
cpu.EIP = 0xf7fe71b9
cpu.EAX = 0xf7fbfb0c
cpu.PF = True
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EDX = 0xf7e15000
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fbfb0c], '\xf0')
self.assertEqual(mem[0xf7fbfb0d], 'n')
self.assertEqual(mem[0xf7fbfb0e], '\xe8')
self.assertEqual(mem[0xf7fbfb0f], '\xf7')
self.assertEqual(mem[0xf7fe71b9], '\x01')
self.assertEqual(mem[0xf7fe71ba], '\x10')
self.assertEqual(cpu.EIP, 4160647611)
self.assertEqual(cpu.EAX, 4160486156)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EDX, 4158738432)
self.assertEqual(cpu.SF, True)
def test_ADD_13(self):
''' Instruction ADD_13
Groups:
0xf7fe7299: add eax, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7299] = '\x01'
mem[0xf7fe729a] = '\xc0'
cpu.EIP = 0xf7fe7299
cpu.EAX = 0x0
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe7299], '\x01')
self.assertEqual(mem[0xf7fe729a], '\xc0')
self.assertEqual(cpu.EIP, 4160647835)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_ADD_14(self):
''' Instruction ADD_14
Groups:
0xf7fe71aa: add eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71aa] = '\x01'
mem[0xf7fe71ab] = '\xd0'
cpu.EIP = 0xf7fe71aa
cpu.EAX = 0x1aacdc
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EDX = 0xf7e15000
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe71aa], '\x01')
self.assertEqual(mem[0xf7fe71ab], '\xd0')
self.assertEqual(cpu.EIP, 4160647596)
self.assertEqual(cpu.EAX, 4160486620)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EDX, 4158738432)
self.assertEqual(cpu.SF, True)
def test_ADD_15(self):
''' Instruction ADD_15
Groups:
0xf7fe9c44: add dword ptr [ebp - 0x20], 1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe9c44] = '\x83'
mem[0xf7fe9c45] = 'E'
mem[0xf7fe9c46] = '\xe0'
mem[0xf7fe9c47] = '\x01'
mem[0xffffd478] = '\x0e'
mem[0xffffd479] = '\x00'
mem[0xffffd47a] = '\x00'
mem[0xffffd47b] = '\x00'
cpu.EIP = 0xf7fe9c44
cpu.EBP = 0xffffd498
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = True
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe9c44], '\x83')
self.assertEqual(mem[0xf7fe9c45], 'E')
self.assertEqual(mem[0xf7fe9c46], '\xe0')
self.assertEqual(mem[0xf7fe9c47], '\x01')
self.assertEqual(mem[0xffffd478], '\x0f')
self.assertEqual(mem[0xffffd479], '\x00')
self.assertEqual(mem[0xffffd47a], '\x00')
self.assertEqual(mem[0xffffd47b], '\x00')
self.assertEqual(cpu.EIP, 4160658504)
self.assertEqual(cpu.EBP, 4294956184)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_ADD_16(self):
''' Instruction ADD_16
Groups:
0xf7fe56a2: add edx, 1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a2] = '\x83'
mem[0xf7fe56a3] = '\xc2'
mem[0xf7fe56a4] = '\x01'
cpu.EIP = 0xf7fe56a2
cpu.EDX = 0xf7e25acc
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe56a2], '\x83')
self.assertEqual(mem[0xf7fe56a3], '\xc2')
self.assertEqual(mem[0xf7fe56a4], '\x01')
self.assertEqual(cpu.EIP, 4160640677)
self.assertEqual(cpu.EDX, 4158806733)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, True)
def test_ADD_17(self):
''' Instruction ADD_17
Groups:
0xf7fe71b9: add dword ptr [eax], edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fbf000, 0x1000, 'rwx')
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71b9] = '\x01'
mem[0xf7fe71ba] = '\x10'
mem[0xf7fbf09c] = '\x88'
mem[0xf7fbf09d] = '\x1e'
mem[0xf7fbf09e] = '\x16'
mem[0xf7fbf09f] = '\x00'
cpu.EIP = 0xf7fe71b9
cpu.EAX = 0xf7fbf09c
cpu.PF = False
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EDX = 0xf7e15000
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fe71b9], '\x01')
self.assertEqual(mem[0xf7fe71ba], '\x10')
self.assertEqual(mem[0xf7fbf09c], '\x88')
self.assertEqual(mem[0xf7fbf09d], 'n')
self.assertEqual(mem[0xf7fbf09e], '\xf7')
self.assertEqual(mem[0xf7fbf09f], '\xf7')
self.assertEqual(cpu.EIP, 4160647611)
self.assertEqual(cpu.EAX, 4160483484)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EDX, 4158738432)
self.assertEqual(cpu.SF, True)
def test_ADD_18(self):
''' Instruction ADD_18
Groups:
0xf7fe71aa: add eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71aa] = '\x01'
mem[0xf7fe71ab] = '\xd0'
cpu.EIP = 0xf7fe71aa
cpu.EAX = 0x1aa628
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EDX = 0xf7e15000
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe71aa], '\x01')
self.assertEqual(mem[0xf7fe71ab], '\xd0')
self.assertEqual(cpu.EIP, 4160647596)
self.assertEqual(cpu.EAX, 4160484904)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EDX, 4158738432)
self.assertEqual(cpu.SF, True)
def test_ADD_19(self):
''' Instruction ADD_19
Groups:
0xf7fe4d33: add esp, 0x2c
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4d33] = '\x83'
mem[0xf7fe4d34] = '\xc4'
mem[0xf7fe4d35] = ','
cpu.EIP = 0xf7fe4d33
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = True
cpu.ESP = 0xffffd2b0
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe4d33], '\x83')
self.assertEqual(mem[0xf7fe4d34], '\xc4')
self.assertEqual(mem[0xf7fe4d35], ',')
self.assertEqual(cpu.EIP, 4160638262)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.ESP, 4294955740)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, True)
def test_ADD_2(self):
''' Instruction ADD_2
Groups:
0xf7fe7213: add ecx, dword ptr [ebp - 0x78]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd480] = '\xd4'
mem[0xffffd481] = '\x8e'
mem[0xffffd482] = '\xe1'
mem[0xffffd483] = '\xf7'
mem[0xf7fe7213] = '\x03'
mem[0xf7fe7214] = 'M'
mem[0xf7fe7215] = '\x88'
cpu.EIP = 0xf7fe7213
cpu.EBP = 0xffffd4f8
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = True
cpu.ECX = 0x0
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xffffd480], '\xd4')
self.assertEqual(mem[0xffffd481], '\x8e')
self.assertEqual(mem[0xffffd482], '\xe1')
self.assertEqual(mem[0xffffd483], '\xf7')
self.assertEqual(mem[0xf7fe7213], '\x03')
self.assertEqual(mem[0xf7fe7214], 'M')
self.assertEqual(mem[0xf7fe7215], '\x88')
self.assertEqual(cpu.EIP, 4160647702)
self.assertEqual(cpu.EBP, 4294956280)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.ECX, 4158754516)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, True)
def test_ADD_20(self):
''' Instruction ADD_20
Groups:
0xf7fe71fc: add esi, dword ptr [edi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e2c000, 0x1000, 'rwx')
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7e2c18c] = '\x18'
mem[0xf7e2c18d] = '\xaf'
mem[0xf7e2c18e] = '\x1a'
mem[0xf7e2c18f] = '\x00'
mem[0xf7fe71fc] = '\x03'
mem[0xf7fe71fd] = '7'
cpu.EIP = 0xf7fe71fc
cpu.PF = False
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.EDI = 0xf7e2c18c
cpu.CF = False
cpu.ESI = 0xf7e15000
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7e2c18c], '\x18')
self.assertEqual(mem[0xf7e2c18d], '\xaf')
self.assertEqual(mem[0xf7e2c18e], '\x1a')
self.assertEqual(mem[0xf7e2c18f], '\x00')
self.assertEqual(mem[0xf7fe71fc], '\x03')
self.assertEqual(mem[0xf7fe71fd], '7')
self.assertEqual(cpu.EIP, 4160647678)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.EDI, 4158833036)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.ESI, 4160487192)
self.assertEqual(cpu.SF, True)
def test_ADD_21(self):
''' Instruction ADD_21
Groups:
0xf7fe56aa: add edi, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56aa] = '\x01'
mem[0xf7fe56ab] = '\xc7'
cpu.EIP = 0xf7fe56aa
cpu.EAX = 0x72
cpu.PF = False
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.EDI = 0x2f2c5d89
cpu.CF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe56aa], '\x01')
self.assertEqual(mem[0xf7fe56ab], '\xc7')
self.assertEqual(cpu.EIP, 4160640684)
self.assertEqual(cpu.EAX, 114)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.EDI, 791436795)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_ADD_3(self):
''' Instruction ADD_3
Groups:
0xf7fe56aa: add edi, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56aa] = '\x01'
mem[0xf7fe56ab] = '\xc7'
cpu.EIP = 0xf7fe56aa
cpu.EAX = 0x69
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.EDI = 0x6f268490
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe56aa], '\x01')
self.assertEqual(mem[0xf7fe56ab], '\xc7')
self.assertEqual(cpu.EIP, 4160640684)
self.assertEqual(cpu.EAX, 105)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.EDI, 1864795385)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_ADD_4(self):
''' Instruction ADD_4
Groups:
0xf7eaa0d9: add eax, 1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa0d9] = '\x83'
mem[0xf7eaa0da] = '\xc0'
mem[0xf7eaa0db] = '\x01'
cpu.EIP = 0xf7eaa0d9
cpu.EAX = 0x26
cpu.PF = False
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7eaa0d9], '\x83')
self.assertEqual(mem[0xf7eaa0da], '\xc0')
self.assertEqual(mem[0xf7eaa0db], '\x01')
self.assertEqual(cpu.EIP, 4159348956)
self.assertEqual(cpu.EAX, 39)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_ADD_5(self):
''' Instruction ADD_5
Groups:
0x8070234: add byte ptr [ebp], 0xff
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\xfe'
mem[0x08070234] = '\x80'
mem[0x08070235] = 'E'
mem[0x08070236] = '\x00'
mem[0x08070237] = '\xff'
cpu.EIP = 0x8070234
cpu.EBP = 0xffffb600
cpu.PF = False
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xffffb600], '\xfd')
self.assertEqual(mem[0x8070234], '\x80')
self.assertEqual(mem[0x8070235], 'E')
self.assertEqual(mem[0x8070236], '\x00')
self.assertEqual(mem[0x8070237], '\xff')
self.assertEqual(cpu.EIP, 134677048)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.SF, True)
def test_ADD_6(self):
''' Instruction ADD_6
Groups:
0xf7fe71b6: add esi, 8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71b8] = '\x08'
mem[0xf7fe71b6] = '\x83'
mem[0xf7fe71b7] = '\xc6'
cpu.EIP = 0xf7fe71b6
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = True
cpu.CF = False
cpu.ESI = 0xf7e2b534
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe71b8], '\x08')
self.assertEqual(mem[0xf7fe71b6], '\x83')
self.assertEqual(mem[0xf7fe71b7], '\xc6')
self.assertEqual(cpu.EIP, 4160647609)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.ESI, 4158829884)
self.assertEqual(cpu.SF, True)
def test_ADD_7(self):
''' Instruction ADD_7
Groups:
0xf7fe71aa: add eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71aa] = '\x01'
mem[0xf7fe71ab] = '\xd0'
cpu.EIP = 0xf7fe71aa
cpu.EAX = 0x1a9498
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EDX = 0xf7e15000
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe71aa], '\x01')
self.assertEqual(mem[0xf7fe71ab], '\xd0')
self.assertEqual(cpu.EIP, 4160647596)
self.assertEqual(cpu.EAX, 4160480408)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EDX, 4158738432)
self.assertEqual(cpu.SF, True)
def test_ADD_8(self):
''' Instruction ADD_8
Groups:
0xf7fe56a2: add edx, 1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a2] = '\x83'
mem[0xf7fe56a3] = '\xc2'
mem[0xf7fe56a4] = '\x01'
cpu.EIP = 0xf7fe56a2
cpu.EDX = 0xf7e23c44
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe56a2], '\x83')
self.assertEqual(mem[0xf7fe56a3], '\xc2')
self.assertEqual(mem[0xf7fe56a4], '\x01')
self.assertEqual(cpu.EIP, 4160640677)
self.assertEqual(cpu.EDX, 4158798917)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, True)
def test_ADD_9(self):
''' Instruction ADD_9
Groups:
0xf7fe56a8: add edi, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a8] = '\x01'
mem[0xf7fe56a9] = '\xcf'
cpu.EIP = 0xf7fe56a8
cpu.PF = False
cpu.ECX = 0xfecf2720
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.EDI = 0xc7f67939
cpu.CF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fe56a8], '\x01')
self.assertEqual(mem[0xf7fe56a9], '\xcf')
self.assertEqual(cpu.EIP, 4160640682)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.ECX, 4274988832)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.EDI, 3334840409)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.SF, True)
def test_AND_1(self):
''' Instruction AND_1
Groups:
0x806c452: and dword ptr [ebp], 0xff
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0806c000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x0806c452] = '\x81'
mem[0x0806c453] = 'e'
mem[0x0806c454] = '\x00'
mem[0x0806c455] = '\xff'
mem[0x0806c456] = '\x00'
mem[0x0806c457] = '\x00'
mem[0x0806c458] = '\x00'
cpu.EIP = 0x806c452
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EBP = 0xffffb600
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x806c452], '\x81')
self.assertEqual(mem[0x806c453], 'e')
self.assertEqual(mem[0x806c454], '\x00')
self.assertEqual(mem[0x806c455], '\xff')
self.assertEqual(mem[0x806c456], '\x00')
self.assertEqual(mem[0x806c457], '\x00')
self.assertEqual(mem[0x806c458], '\x00')
self.assertEqual(cpu.EIP, 134661209)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.SF, False)
def test_AND_10(self):
''' Instruction AND_10
Groups:
0xf7fe88dd: and edx, 3
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe8000, 0x1000, 'rwx')
mem[0xf7fe88dd] = '\x83'
mem[0xf7fe88de] = '\xe2'
mem[0xf7fe88df] = '\x03'
cpu.EIP = 0xf7fe88dd
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.PF = True
cpu.EDX = 0x21
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fe88dd], '\x83')
self.assertEqual(mem[0xf7fe88de], '\xe2')
self.assertEqual(mem[0xf7fe88df], '\x03')
self.assertEqual(cpu.EIP, 4160653536)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.EDX, 1)
self.assertEqual(cpu.SF, False)
def test_AND_11(self):
''' Instruction AND_11
Groups:
0xf7ff3eed: and edx, 0x1010100
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3eed] = '\x81'
mem[0xf7ff3eee] = '\xe2'
mem[0xf7ff3eef] = '\x00'
mem[0xf7ff3ef0] = '\x01'
mem[0xf7ff3ef1] = '\x01'
mem[0xf7ff3ef2] = '\x01'
cpu.EIP = 0xf7ff3eed
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.EDX = 0xfefcfef8
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7ff3eed], '\x81')
self.assertEqual(mem[0xf7ff3eee], '\xe2')
self.assertEqual(mem[0xf7ff3eef], '\x00')
self.assertEqual(mem[0xf7ff3ef0], '\x01')
self.assertEqual(mem[0xf7ff3ef1], '\x01')
self.assertEqual(mem[0xf7ff3ef2], '\x01')
self.assertEqual(cpu.EIP, 4160700147)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.SF, False)
def test_AND_12(self):
''' Instruction AND_12
Groups:
0x804a3e4: and dword ptr [ebp], 0xff
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804a000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x0804a3e4] = '\x81'
mem[0x0804a3e5] = 'e'
mem[0x0804a3e6] = '\x00'
mem[0x0804a3e7] = '\xff'
mem[0x0804a3e8] = '\x00'
mem[0x0804a3e9] = '\x00'
mem[0x0804a3ea] = '\x00'
cpu.EIP = 0x804a3e4
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EBP = 0xffffb600
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x804a3e4], '\x81')
self.assertEqual(mem[0x804a3e5], 'e')
self.assertEqual(mem[0x804a3e6], '\x00')
self.assertEqual(mem[0x804a3e7], '\xff')
self.assertEqual(mem[0x804a3e8], '\x00')
self.assertEqual(mem[0x804a3e9], '\x00')
self.assertEqual(mem[0x804a3ea], '\x00')
self.assertEqual(cpu.EIP, 134521835)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.SF, False)
def test_AND_13(self):
''' Instruction AND_13
Groups:
0x8069701: and edx, 0xff
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08069000, 0x1000, 'rwx')
mem[0x08069701] = '\x81'
mem[0x08069702] = '\xe2'
mem[0x08069703] = '\xff'
mem[0x08069704] = '\x00'
mem[0x08069705] = '\x00'
mem[0x08069706] = '\x00'
cpu.EIP = 0x8069701
cpu.OF = False
cpu.ZF = True
cpu.CF = False
cpu.PF = True
cpu.EDX = 0x0
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x8069701], '\x81')
self.assertEqual(mem[0x8069702], '\xe2')
self.assertEqual(mem[0x8069703], '\xff')
self.assertEqual(mem[0x8069704], '\x00')
self.assertEqual(mem[0x8069705], '\x00')
self.assertEqual(mem[0x8069706], '\x00')
self.assertEqual(cpu.EIP, 134649607)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.SF, False)
def test_AND_14(self):
''' Instruction AND_14
Groups:
0x8065b70: and dword ptr [ebp], 0xff
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x10'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x08065b70] = '\x81'
mem[0x08065b71] = 'e'
mem[0x08065b72] = '\x00'
mem[0x08065b73] = '\xff'
mem[0x08065b74] = '\x00'
mem[0x08065b75] = '\x00'
mem[0x08065b76] = '\x00'
cpu.EIP = 0x8065b70
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EBP = 0xffffb600
cpu.PF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x10')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x8065b70], '\x81')
self.assertEqual(mem[0x8065b71], 'e')
self.assertEqual(mem[0x8065b72], '\x00')
self.assertEqual(mem[0x8065b73], '\xff')
self.assertEqual(mem[0x8065b74], '\x00')
self.assertEqual(mem[0x8065b75], '\x00')
self.assertEqual(mem[0x8065b76], '\x00')
self.assertEqual(cpu.EIP, 134634359)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.SF, False)
def test_AND_15(self):
''' Instruction AND_15
Groups:
0x8064eb1: and dword ptr [ebp], 0xff
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08064000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x10'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x08064eb1] = '\x81'
mem[0x08064eb2] = 'e'
mem[0x08064eb3] = '\x00'
mem[0x08064eb4] = '\xff'
mem[0x08064eb5] = '\x00'
mem[0x08064eb6] = '\x00'
mem[0x08064eb7] = '\x00'
cpu.EIP = 0x8064eb1
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EBP = 0xffffb600
cpu.PF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x10')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x8064eb1], '\x81')
self.assertEqual(mem[0x8064eb2], 'e')
self.assertEqual(mem[0x8064eb3], '\x00')
self.assertEqual(mem[0x8064eb4], '\xff')
self.assertEqual(mem[0x8064eb5], '\x00')
self.assertEqual(mem[0x8064eb6], '\x00')
self.assertEqual(mem[0x8064eb7], '\x00')
self.assertEqual(cpu.EIP, 134631096)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.SF, False)
def test_AND_16(self):
''' Instruction AND_16
Groups:
0x806b598: and dword ptr [ebp], 0xff
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0806b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x0806b598] = '\x81'
mem[0x0806b599] = 'e'
mem[0x0806b59a] = '\x00'
mem[0x0806b59b] = '\xff'
mem[0x0806b59c] = '\x00'
mem[0x0806b59d] = '\x00'
mem[0x0806b59e] = '\x00'
cpu.EIP = 0x806b598
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EBP = 0xffffb600
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x806b598], '\x81')
self.assertEqual(mem[0x806b599], 'e')
self.assertEqual(mem[0x806b59a], '\x00')
self.assertEqual(mem[0x806b59b], '\xff')
self.assertEqual(mem[0x806b59c], '\x00')
self.assertEqual(mem[0x806b59d], '\x00')
self.assertEqual(mem[0x806b59e], '\x00')
self.assertEqual(cpu.EIP, 134657439)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.SF, False)
def test_AND_17(self):
''' Instruction AND_17
Groups:
0x805b447: and eax, 0xff
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x0805b448] = '\xff'
mem[0x0805b449] = '\x00'
mem[0x0805b44a] = '\x00'
mem[0x0805b44b] = '\x00'
mem[0x0805b447] = '%'
cpu.EIP = 0x805b447
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0xeb
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x805b448], '\xff')
self.assertEqual(mem[0x805b449], '\x00')
self.assertEqual(mem[0x805b44a], '\x00')
self.assertEqual(mem[0x805b44b], '\x00')
self.assertEqual(mem[0x805b447], '%')
self.assertEqual(cpu.EIP, 134591564)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 235)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_AND_18(self):
''' Instruction AND_18
Groups:
0x805a902: and eax, 0xff
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805a000, 0x1000, 'rwx')
mem[0x0805a902] = '%'
mem[0x0805a903] = '\xff'
mem[0x0805a904] = '\x00'
mem[0x0805a905] = '\x00'
mem[0x0805a906] = '\x00'
cpu.EIP = 0x805a902
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0xeb
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x805a902], '%')
self.assertEqual(mem[0x805a903], '\xff')
self.assertEqual(mem[0x805a904], '\x00')
self.assertEqual(mem[0x805a905], '\x00')
self.assertEqual(mem[0x805a906], '\x00')
self.assertEqual(cpu.EIP, 134588679)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 235)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_AND_19(self):
''' Instruction AND_19
Groups:
0x806aae2: and dword ptr [ebp], 0xff
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0806a000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x0806aae2] = '\x81'
mem[0x0806aae3] = 'e'
mem[0x0806aae4] = '\x00'
mem[0x0806aae5] = '\xff'
mem[0x0806aae6] = '\x00'
mem[0x0806aae7] = '\x00'
mem[0x0806aae8] = '\x00'
cpu.EIP = 0x806aae2
cpu.OF = False
cpu.ZF = True
cpu.CF = False
cpu.EBP = 0xffffb600
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x806aae2], '\x81')
self.assertEqual(mem[0x806aae3], 'e')
self.assertEqual(mem[0x806aae4], '\x00')
self.assertEqual(mem[0x806aae5], '\xff')
self.assertEqual(mem[0x806aae6], '\x00')
self.assertEqual(mem[0x806aae7], '\x00')
self.assertEqual(mem[0x806aae8], '\x00')
self.assertEqual(cpu.EIP, 134654697)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.SF, False)
def test_AND_2(self):
''' Instruction AND_2
Groups:
0x805dc21: and dword ptr [ebp], 0xff
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x0805dc21] = '\x81'
mem[0x0805dc22] = 'e'
mem[0x0805dc23] = '\x00'
mem[0x0805dc24] = '\xff'
mem[0x0805dc25] = '\x00'
mem[0x0805dc26] = '\x00'
mem[0x0805dc27] = '\x00'
cpu.EIP = 0x805dc21
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EBP = 0xffffb600
cpu.PF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x805dc21], '\x81')
self.assertEqual(mem[0x805dc22], 'e')
self.assertEqual(mem[0x805dc23], '\x00')
self.assertEqual(mem[0x805dc24], '\xff')
self.assertEqual(mem[0x805dc25], '\x00')
self.assertEqual(mem[0x805dc26], '\x00')
self.assertEqual(mem[0x805dc27], '\x00')
self.assertEqual(cpu.EIP, 134601768)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.SF, False)
def test_AND_20(self):
''' Instruction AND_20
Groups:
0x805a4fc: and eax, 0xff
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805a000, 0x1000, 'rwx')
mem[0x0805a500] = '\x00'
mem[0x0805a4fc] = '%'
mem[0x0805a4fd] = '\xff'
mem[0x0805a4fe] = '\x00'
mem[0x0805a4ff] = '\x00'
cpu.EIP = 0x805a4fc
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0xeb
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x805a500], '\x00')
self.assertEqual(mem[0x805a4fc], '%')
self.assertEqual(mem[0x805a4fd], '\xff')
self.assertEqual(mem[0x805a4fe], '\x00')
self.assertEqual(mem[0x805a4ff], '\x00')
self.assertEqual(cpu.EIP, 134587649)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 235)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_AND_21(self):
''' Instruction AND_21
Groups:
0x8060799: and dword ptr [ebp], 0xff
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08060000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x08060799] = '\x81'
mem[0x0806079a] = 'e'
mem[0x0806079b] = '\x00'
mem[0x0806079c] = '\xff'
mem[0x0806079d] = '\x00'
mem[0x0806079e] = '\x00'
mem[0x0806079f] = '\x00'
cpu.EIP = 0x8060799
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EBP = 0xffffb600
cpu.PF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x8060799], '\x81')
self.assertEqual(mem[0x806079a], 'e')
self.assertEqual(mem[0x806079b], '\x00')
self.assertEqual(mem[0x806079c], '\xff')
self.assertEqual(mem[0x806079d], '\x00')
self.assertEqual(mem[0x806079e], '\x00')
self.assertEqual(mem[0x806079f], '\x00')
self.assertEqual(cpu.EIP, 134612896)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.SF, False)
def test_AND_3(self):
''' Instruction AND_3
Groups:
0x806e0cf: and dword ptr [ebp], 0xff
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0806e000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x0806e0cf] = '\x81'
mem[0x0806e0d0] = 'e'
mem[0x0806e0d1] = '\x00'
mem[0x0806e0d2] = '\xff'
mem[0x0806e0d3] = '\x00'
mem[0x0806e0d4] = '\x00'
mem[0x0806e0d5] = '\x00'
cpu.EIP = 0x806e0cf
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EBP = 0xffffb600
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x806e0cf], '\x81')
self.assertEqual(mem[0x806e0d0], 'e')
self.assertEqual(mem[0x806e0d1], '\x00')
self.assertEqual(mem[0x806e0d2], '\xff')
self.assertEqual(mem[0x806e0d3], '\x00')
self.assertEqual(mem[0x806e0d4], '\x00')
self.assertEqual(mem[0x806e0d5], '\x00')
self.assertEqual(cpu.EIP, 134668502)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.SF, False)
def test_AND_4(self):
''' Instruction AND_4
Groups:
0x806cf9f: and edx, 0xff
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0806c000, 0x1000, 'rwx')
mem[0x0806cfa0] = '\xe2'
mem[0x0806cfa1] = '\xff'
mem[0x0806cfa2] = '\x00'
mem[0x0806cfa3] = '\x00'
mem[0x0806cfa4] = '\x00'
mem[0x0806cf9f] = '\x81'
cpu.EIP = 0x806cf9f
cpu.OF = False
cpu.ZF = True
cpu.CF = False
cpu.PF = True
cpu.EDX = 0xfa
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x806cfa0], '\xe2')
self.assertEqual(mem[0x806cfa1], '\xff')
self.assertEqual(mem[0x806cfa2], '\x00')
self.assertEqual(mem[0x806cfa3], '\x00')
self.assertEqual(mem[0x806cfa4], '\x00')
self.assertEqual(mem[0x806cf9f], '\x81')
self.assertEqual(cpu.EIP, 134664101)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EDX, 250)
self.assertEqual(cpu.SF, False)
def test_AND_5(self):
''' Instruction AND_5
Groups:
0x8062394: and dword ptr [ebp], 0xff
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08062000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x10'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x08062394] = '\x81'
mem[0x08062395] = 'e'
mem[0x08062396] = '\x00'
mem[0x08062397] = '\xff'
mem[0x08062398] = '\x00'
mem[0x08062399] = '\x00'
mem[0x0806239a] = '\x00'
cpu.EIP = 0x8062394
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EBP = 0xffffb600
cpu.PF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x10')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x8062394], '\x81')
self.assertEqual(mem[0x8062395], 'e')
self.assertEqual(mem[0x8062396], '\x00')
self.assertEqual(mem[0x8062397], '\xff')
self.assertEqual(mem[0x8062398], '\x00')
self.assertEqual(mem[0x8062399], '\x00')
self.assertEqual(mem[0x806239a], '\x00')
self.assertEqual(cpu.EIP, 134620059)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.SF, False)
def test_AND_6(self):
''' Instruction AND_6
Groups:
0xf7fe212b: and ecx, 7
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe2000, 0x1000, 'rwx')
mem[0xf7fe212b] = '\x83'
mem[0xf7fe212c] = '\xe1'
mem[0xf7fe212d] = '\x07'
cpu.EIP = 0xf7fe212b
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.PF = True
cpu.SF = False
cpu.ECX = 0x6
cpu.execute()
self.assertEqual(mem[0xf7fe212b], '\x83')
self.assertEqual(mem[0xf7fe212c], '\xe1')
self.assertEqual(mem[0xf7fe212d], '\x07')
self.assertEqual(cpu.EIP, 4160626990)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ECX, 6)
def test_AND_7(self):
''' Instruction AND_7
Groups:
0x804bf30: and edx, 0xff
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804b000, 0x1000, 'rwx')
mem[0x0804bf30] = '\x81'
mem[0x0804bf31] = '\xe2'
mem[0x0804bf32] = '\xff'
mem[0x0804bf33] = '\x00'
mem[0x0804bf34] = '\x00'
mem[0x0804bf35] = '\x00'
cpu.EIP = 0x804bf30
cpu.OF = False
cpu.ZF = True
cpu.CF = False
cpu.PF = True
cpu.EDX = 0xf0
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x804bf30], '\x81')
self.assertEqual(mem[0x804bf31], '\xe2')
self.assertEqual(mem[0x804bf32], '\xff')
self.assertEqual(mem[0x804bf33], '\x00')
self.assertEqual(mem[0x804bf34], '\x00')
self.assertEqual(mem[0x804bf35], '\x00')
self.assertEqual(cpu.EIP, 134528822)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EDX, 240)
self.assertEqual(cpu.SF, False)
def test_AND_8(self):
''' Instruction AND_8
Groups:
0xf7fec3da: and edx, 0x7fff
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec3da] = '\x81'
mem[0xf7fec3db] = '\xe2'
mem[0xf7fec3dc] = '\xff'
mem[0xf7fec3dd] = '\x7f'
mem[0xf7fec3de] = '\x00'
mem[0xf7fec3df] = '\x00'
cpu.EIP = 0xf7fec3da
cpu.OF = False
cpu.ZF = True
cpu.CF = False
cpu.PF = True
cpu.EDX = 0x19
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fec3da], '\x81')
self.assertEqual(mem[0xf7fec3db], '\xe2')
self.assertEqual(mem[0xf7fec3dc], '\xff')
self.assertEqual(mem[0xf7fec3dd], '\x7f')
self.assertEqual(mem[0xf7fec3de], '\x00')
self.assertEqual(mem[0xf7fec3df], '\x00')
self.assertEqual(cpu.EIP, 4160668640)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.EDX, 25)
self.assertEqual(cpu.SF, False)
def test_AND_9(self):
''' Instruction AND_9
Groups:
0x80494c9: and edx, 0xff
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08049000, 0x1000, 'rwx')
mem[0x080494c9] = '\x81'
mem[0x080494ca] = '\xe2'
mem[0x080494cb] = '\xff'
mem[0x080494cc] = '\x00'
mem[0x080494cd] = '\x00'
mem[0x080494ce] = '\x00'
cpu.EIP = 0x80494c9
cpu.OF = False
cpu.ZF = True
cpu.CF = False
cpu.PF = True
cpu.EDX = 0xf0
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x80494c9], '\x81')
self.assertEqual(mem[0x80494ca], '\xe2')
self.assertEqual(mem[0x80494cb], '\xff')
self.assertEqual(mem[0x80494cc], '\x00')
self.assertEqual(mem[0x80494cd], '\x00')
self.assertEqual(mem[0x80494ce], '\x00')
self.assertEqual(cpu.EIP, 134517967)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EDX, 240)
self.assertEqual(cpu.SF, False)
def test_BSF_1(self):
''' Instruction BSF_1
Groups:
0x806b25c: bsf cx, dx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0806b000, 0x1000, 'rwx')
mem[0x0806b25c] = 'f'
mem[0x0806b25d] = '\x0f'
mem[0x0806b25e] = '\xbc'
mem[0x0806b25f] = '\xca'
cpu.EIP = 0x806b25c
cpu.ZF = True
cpu.CX = 0x746e
cpu.DX = 0xfa
cpu.execute()
self.assertEqual(mem[0x806b25c], 'f')
self.assertEqual(mem[0x806b25d], '\x0f')
self.assertEqual(mem[0x806b25e], '\xbc')
self.assertEqual(mem[0x806b25f], '\xca')
self.assertEqual(cpu.EIP, 134656608)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CX, 1)
self.assertEqual(cpu.DX, 250)
def test_BSF_2(self):
''' Instruction BSF_2
Groups:
0x806b294: bsf cx, word ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0806b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0x0806b294] = 'f'
mem[0x0806b295] = '\x0f'
mem[0x0806b296] = '\xbc'
mem[0x0806b297] = 'M'
mem[0x0806b298] = '\x00'
cpu.EIP = 0x806b294
cpu.ZF = True
cpu.CX = 0x1
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0x806b294], 'f')
self.assertEqual(mem[0x806b295], '\x0f')
self.assertEqual(mem[0x806b296], '\xbc')
self.assertEqual(mem[0x806b297], 'M')
self.assertEqual(mem[0x806b298], '\x00')
self.assertEqual(cpu.EIP, 134656665)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CX, 1)
self.assertEqual(cpu.EBP, 4294948352)
def test_BSF_3(self):
''' Instruction BSF_3
Groups:
0x806b335: bsf ecx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0806b000, 0x1000, 'rwx')
mem[0x0806b335] = '\x0f'
mem[0x0806b336] = '\xbc'
mem[0x0806b337] = '\xca'
cpu.EIP = 0x806b335
cpu.ZF = True
cpu.EDX = 0xfa
cpu.ECX = 0x6c650001
cpu.execute()
self.assertEqual(mem[0x806b335], '\x0f')
self.assertEqual(mem[0x806b336], '\xbc')
self.assertEqual(mem[0x806b337], '\xca')
self.assertEqual(cpu.EIP, 134656824)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.EDX, 250)
self.assertEqual(cpu.ECX, 1)
def test_BSF_4(self):
''' Instruction BSF_4
Groups:
0x806b36c: bsf ecx, dword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0806b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x0806b36c] = '\x0f'
mem[0x0806b36d] = '\xbc'
mem[0x0806b36e] = 'M'
mem[0x0806b36f] = '\x00'
cpu.EIP = 0x806b36c
cpu.ZF = True
cpu.EBP = 0xffffb600
cpu.ECX = 0x1
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x806b36c], '\x0f')
self.assertEqual(mem[0x806b36d], '\xbc')
self.assertEqual(mem[0x806b36e], 'M')
self.assertEqual(mem[0x806b36f], '\x00')
self.assertEqual(cpu.EIP, 134656880)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.ECX, 1)
def test_BSR_1(self):
''' Instruction BSR_1
Groups:
0x80661a3: bsr cx, word ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08066000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0x080661a3] = 'f'
mem[0x080661a4] = '\x0f'
mem[0x080661a5] = '\xbd'
mem[0x080661a6] = 'M'
mem[0x080661a7] = '\x00'
cpu.EIP = 0x80661a3
cpu.ZF = True
cpu.CX = 0xfc00
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0x80661a3], 'f')
self.assertEqual(mem[0x80661a4], '\x0f')
self.assertEqual(mem[0x80661a5], '\xbd')
self.assertEqual(mem[0x80661a6], 'M')
self.assertEqual(mem[0x80661a7], '\x00')
self.assertEqual(cpu.EIP, 134635944)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CX, 64512)
self.assertEqual(cpu.EBP, 4294948352)
def test_BSR_2(self):
''' Instruction BSR_2
Groups:
0xf7e2e8e8: bsr ecx, dword ptr [esp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e2e000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd600] = '\x1f'
mem[0xffffd601] = '\x00'
mem[0xffffd602] = '\x00'
mem[0xffffd603] = '\x00'
mem[0xf7e2e8e8] = '\x0f'
mem[0xf7e2e8e9] = '\xbd'
mem[0xf7e2e8ea] = '\x0c'
mem[0xf7e2e8eb] = '$'
cpu.EIP = 0xf7e2e8e8
cpu.ZF = True
cpu.ECX = 0x200
cpu.ESP = 0xffffd600
cpu.execute()
self.assertEqual(mem[0xffffd600], '\x1f')
self.assertEqual(mem[0xffffd601], '\x00')
self.assertEqual(mem[0xffffd602], '\x00')
self.assertEqual(mem[0xffffd603], '\x00')
self.assertEqual(mem[0xf7e2e8e8], '\x0f')
self.assertEqual(mem[0xf7e2e8e9], '\xbd')
self.assertEqual(mem[0xf7e2e8ea], '\x0c')
self.assertEqual(mem[0xf7e2e8eb], '$')
self.assertEqual(cpu.EIP, 4158843116)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.ESP, 4294956544)
self.assertEqual(cpu.ECX, 4)
def test_BSR_3(self):
''' Instruction BSR_3
Groups:
0x806627b: bsr ecx, dword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08066000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x0806627b] = '\x0f'
mem[0x0806627c] = '\xbd'
mem[0x0806627d] = 'M'
mem[0x0806627e] = '\x00'
cpu.EIP = 0x806627b
cpu.ZF = True
cpu.EBP = 0xffffb600
cpu.ECX = 0x80f1fc00
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x806627b], '\x0f')
self.assertEqual(mem[0x806627c], '\xbd')
self.assertEqual(mem[0x806627d], 'M')
self.assertEqual(mem[0x806627e], '\x00')
self.assertEqual(cpu.EIP, 134636159)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.ECX, 2163342336)
def test_BSR_4(self):
''' Instruction BSR_4
Groups:
0x8066244: bsr ecx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08066000, 0x1000, 'rwx')
mem[0x08066244] = '\x0f'
mem[0x08066245] = '\xbd'
mem[0x08066246] = '\xca'
cpu.EIP = 0x8066244
cpu.ZF = True
cpu.EDX = 0x0
cpu.ECX = 0x80f1fc00
cpu.execute()
self.assertEqual(mem[0x8066244], '\x0f')
self.assertEqual(mem[0x8066245], '\xbd')
self.assertEqual(mem[0x8066246], '\xca')
self.assertEqual(cpu.EIP, 134636103)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.ECX, 2163342336)
def test_BSR_5(self):
''' Instruction BSR_5
Groups:
0x806616b: bsr cx, dx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08066000, 0x1000, 'rwx')
mem[0x0806616b] = 'f'
mem[0x0806616c] = '\x0f'
mem[0x0806616d] = '\xbd'
mem[0x0806616e] = '\xca'
cpu.EIP = 0x806616b
cpu.ZF = True
cpu.CX = 0xfc00
cpu.DX = 0x0
cpu.execute()
self.assertEqual(mem[0x806616b], 'f')
self.assertEqual(mem[0x806616c], '\x0f')
self.assertEqual(mem[0x806616d], '\xbd')
self.assertEqual(mem[0x806616e], '\xca')
self.assertEqual(cpu.EIP, 134635887)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CX, 64512)
self.assertEqual(cpu.DX, 0)
def test_BSWAP_1(self):
''' Instruction BSWAP_1
Groups:
0x807937c: bswap ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x0807937c] = '\x0f'
mem[0x0807937d] = '\xc9'
cpu.EIP = 0x807937c
cpu.ECX = 0x80008001
cpu.execute()
self.assertEqual(mem[0x807937c], '\x0f')
self.assertEqual(mem[0x807937d], '\xc9')
self.assertEqual(cpu.EIP, 134714238)
self.assertEqual(cpu.ECX, 25165952)
def test_BTC_1(self):
''' Instruction BTC_1
Groups:
0x8061077: btc ecx, 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08061000, 0x1000, 'rwx')
mem[0x08061078] = '\xba'
mem[0x08061079] = '\xf9'
mem[0x0806107a] = '\x04'
mem[0x08061077] = '\x0f'
cpu.EIP = 0x8061077
cpu.CF = False
cpu.ECX = 0xffffffef
cpu.execute()
self.assertEqual(mem[0x8061078], '\xba')
self.assertEqual(mem[0x8061079], '\xf9')
self.assertEqual(mem[0x806107a], '\x04')
self.assertEqual(mem[0x8061077], '\x0f')
self.assertEqual(cpu.EIP, 134615163)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.ECX, 4294967295)
def test_BTC_2(self):
''' Instruction BTC_2
Groups:
0x8060f33: btc cx, dx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08060000, 0x1000, 'rwx')
mem[0x08060f33] = 'f'
mem[0x08060f34] = '\x0f'
mem[0x08060f35] = '\xbb'
mem[0x08060f36] = '\xd1'
cpu.EIP = 0x8060f33
cpu.CX = 0xffff
cpu.CF = False
cpu.DX = 0xec
cpu.execute()
self.assertEqual(mem[0x8060f33], 'f')
self.assertEqual(mem[0x8060f34], '\x0f')
self.assertEqual(mem[0x8060f35], '\xbb')
self.assertEqual(mem[0x8060f36], '\xd1')
self.assertEqual(cpu.EIP, 134614839)
self.assertEqual(cpu.CX, 61439)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.DX, 236)
def test_BTC_3(self):
''' Instruction BTC_3
Groups:
0x80610a2: btc ecx, -1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08061000, 0x1000, 'rwx')
mem[0x080610a2] = '\x0f'
mem[0x080610a3] = '\xba'
mem[0x080610a4] = '\xf9'
mem[0x080610a5] = '\xff'
cpu.EIP = 0x80610a2
cpu.CF = False
cpu.ECX = 0xffffffff
cpu.execute()
self.assertEqual(mem[0x80610a2], '\x0f')
self.assertEqual(mem[0x80610a3], '\xba')
self.assertEqual(mem[0x80610a4], '\xf9')
self.assertEqual(mem[0x80610a5], '\xff')
self.assertEqual(cpu.EIP, 134615206)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.ECX, 2147483647)
def test_BTC_4(self):
''' Instruction BTC_4
Groups:
0x8060fac: btc cx, 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08060000, 0x1000, 'rwx')
mem[0x08060fb0] = '\x04'
mem[0x08060fac] = 'f'
mem[0x08060fad] = '\x0f'
mem[0x08060fae] = '\xba'
mem[0x08060faf] = '\xf9'
cpu.EIP = 0x8060fac
cpu.CX = 0xefff
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0x8060fb0], '\x04')
self.assertEqual(mem[0x8060fac], 'f')
self.assertEqual(mem[0x8060fad], '\x0f')
self.assertEqual(mem[0x8060fae], '\xba')
self.assertEqual(mem[0x8060faf], '\xf9')
self.assertEqual(cpu.EIP, 134614961)
self.assertEqual(cpu.CX, 61423)
self.assertEqual(cpu.CF, True)
def test_BTC_5(self):
''' Instruction BTC_5
Groups:
0x806100c: btc ecx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08061000, 0x1000, 'rwx')
mem[0x0806100c] = '\x0f'
mem[0x0806100d] = '\xbb'
mem[0x0806100e] = '\xd1'
cpu.EIP = 0x806100c
cpu.EDX = 0xec
cpu.CF = False
cpu.ECX = 0xffffefef
cpu.execute()
self.assertEqual(mem[0x806100c], '\x0f')
self.assertEqual(mem[0x806100d], '\xbb')
self.assertEqual(mem[0x806100e], '\xd1')
self.assertEqual(cpu.EIP, 134615055)
self.assertEqual(cpu.EDX, 236)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.ECX, 4294967279)
def test_BTR_1(self):
''' Instruction BTR_1
Groups:
0x805beed: btr ecx, -1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x0805bef0] = '\xff'
mem[0x0805beed] = '\x0f'
mem[0x0805beee] = '\xba'
mem[0x0805beef] = '\xf1'
cpu.EIP = 0x805beed
cpu.CF = False
cpu.ECX = 0x80000000
cpu.execute()
self.assertEqual(mem[0x805bef0], '\xff')
self.assertEqual(mem[0x805beed], '\x0f')
self.assertEqual(mem[0x805beee], '\xba')
self.assertEqual(mem[0x805beef], '\xf1')
self.assertEqual(cpu.EIP, 134594289)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.ECX, 0)
def test_BTR_2(self):
''' Instruction BTR_2
Groups:
0x805bec2: btr ecx, 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x0805bec2] = '\x0f'
mem[0x0805bec3] = '\xba'
mem[0x0805bec4] = '\xf1'
mem[0x0805bec5] = '\x04'
cpu.EIP = 0x805bec2
cpu.CF = False
cpu.ECX = 0x80000000
cpu.execute()
self.assertEqual(mem[0x805bec2], '\x0f')
self.assertEqual(mem[0x805bec3], '\xba')
self.assertEqual(mem[0x805bec4], '\xf1')
self.assertEqual(mem[0x805bec5], '\x04')
self.assertEqual(cpu.EIP, 134594246)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.ECX, 2147483648)
def test_BTR_3(self):
''' Instruction BTR_3
Groups:
0x805bdf7: btr cx, 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x0805bdf8] = '\x0f'
mem[0x0805bdf9] = '\xba'
mem[0x0805bdfa] = '\xf1'
mem[0x0805bdfb] = '\x04'
mem[0x0805bdf7] = 'f'
cpu.EIP = 0x805bdf7
cpu.CX = 0x10
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0x805bdf8], '\x0f')
self.assertEqual(mem[0x805bdf9], '\xba')
self.assertEqual(mem[0x805bdfa], '\xf1')
self.assertEqual(mem[0x805bdfb], '\x04')
self.assertEqual(mem[0x805bdf7], 'f')
self.assertEqual(cpu.EIP, 134594044)
self.assertEqual(cpu.CX, 0)
self.assertEqual(cpu.CF, True)
def test_BTR_4(self):
''' Instruction BTR_4
Groups:
0x805be57: btr ecx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x0805be58] = '\xb3'
mem[0x0805be59] = '\xd1'
mem[0x0805be57] = '\x0f'
cpu.EIP = 0x805be57
cpu.EDX = 0xec
cpu.CF = False
cpu.ECX = 0x80000000
cpu.execute()
self.assertEqual(mem[0x805be58], '\xb3')
self.assertEqual(mem[0x805be59], '\xd1')
self.assertEqual(mem[0x805be57], '\x0f')
self.assertEqual(cpu.EIP, 134594138)
self.assertEqual(cpu.EDX, 236)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.ECX, 2147483648)
def test_BTR_5(self):
''' Instruction BTR_5
Groups:
0x805bd7e: btr cx, dx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x0805bd80] = '\xb3'
mem[0x0805bd81] = '\xd1'
mem[0x0805bd7e] = 'f'
mem[0x0805bd7f] = '\x0f'
cpu.EIP = 0x805bd7e
cpu.CX = 0x1010
cpu.CF = False
cpu.DX = 0xec
cpu.execute()
self.assertEqual(mem[0x805bd80], '\xb3')
self.assertEqual(mem[0x805bd81], '\xd1')
self.assertEqual(mem[0x805bd7e], 'f')
self.assertEqual(mem[0x805bd7f], '\x0f')
self.assertEqual(cpu.EIP, 134593922)
self.assertEqual(cpu.CX, 16)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.DX, 236)
def test_BTS_1(self):
''' Instruction BTS_1
Groups:
0x805bbab: bts ecx, 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x0805bbab] = '\x0f'
mem[0x0805bbac] = '\xba'
mem[0x0805bbad] = '\xe9'
mem[0x0805bbae] = '\x04'
cpu.EIP = 0x805bbab
cpu.CF = True
cpu.ECX = 0x1010
cpu.execute()
self.assertEqual(mem[0x805bbab], '\x0f')
self.assertEqual(mem[0x805bbac], '\xba')
self.assertEqual(mem[0x805bbad], '\xe9')
self.assertEqual(mem[0x805bbae], '\x04')
self.assertEqual(cpu.EIP, 134593455)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.ECX, 4112)
def test_BTS_2(self):
''' Instruction BTS_2
Groups:
0x805bba8: bts ecx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x0805bba8] = '\x0f'
mem[0x0805bba9] = '\xab'
mem[0x0805bbaa] = '\xd1'
cpu.EIP = 0x805bba8
cpu.EDX = 0x3ec
cpu.CF = False
cpu.ECX = 0x1010
cpu.execute()
self.assertEqual(mem[0x805bba8], '\x0f')
self.assertEqual(mem[0x805bba9], '\xab')
self.assertEqual(mem[0x805bbaa], '\xd1')
self.assertEqual(cpu.EIP, 134593451)
self.assertEqual(cpu.EDX, 1004)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.ECX, 4112)
def test_BTS_3(self):
''' Instruction BTS_3
Groups:
0x805bba3: bts cx, 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x0805bba3] = 'f'
mem[0x0805bba4] = '\x0f'
mem[0x0805bba5] = '\xba'
mem[0x0805bba6] = '\xe9'
mem[0x0805bba7] = '\x04'
cpu.EIP = 0x805bba3
cpu.CX = 0x1000
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0x805bba3], 'f')
self.assertEqual(mem[0x805bba4], '\x0f')
self.assertEqual(mem[0x805bba5], '\xba')
self.assertEqual(mem[0x805bba6], '\xe9')
self.assertEqual(mem[0x805bba7], '\x04')
self.assertEqual(cpu.EIP, 134593448)
self.assertEqual(cpu.CX, 4112)
self.assertEqual(cpu.CF, False)
def test_BTS_4(self):
''' Instruction BTS_4
Groups:
0x805bb9f: bts cx, dx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x0805bba0] = '\x0f'
mem[0x0805bba1] = '\xab'
mem[0x0805bba2] = '\xd1'
mem[0x0805bb9f] = 'f'
cpu.EIP = 0x805bb9f
cpu.CX = 0x0
cpu.CF = False
cpu.DX = 0x3ec
cpu.execute()
self.assertEqual(mem[0x805bba0], '\x0f')
self.assertEqual(mem[0x805bba1], '\xab')
self.assertEqual(mem[0x805bba2], '\xd1')
self.assertEqual(mem[0x805bb9f], 'f')
self.assertEqual(cpu.EIP, 134593443)
self.assertEqual(cpu.CX, 4096)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.DX, 1004)
def test_BTS_5(self):
''' Instruction BTS_5
Groups:
0x805bbaf: bts ecx, -1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x0805bbb0] = '\xba'
mem[0x0805bbb1] = '\xe9'
mem[0x0805bbb2] = '\xff'
mem[0x0805bbaf] = '\x0f'
cpu.EIP = 0x805bbaf
cpu.CF = True
cpu.ECX = 0x1010
cpu.execute()
self.assertEqual(mem[0x805bbb0], '\xba')
self.assertEqual(mem[0x805bbb1], '\xe9')
self.assertEqual(mem[0x805bbb2], '\xff')
self.assertEqual(mem[0x805bbaf], '\x0f')
self.assertEqual(cpu.EIP, 134593459)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.ECX, 2147487760)
def test_BT_1(self):
''' Instruction BT_1
Groups:
0x80486c3: bt ecx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem[0x080486c3] = '\x0f'
mem[0x080486c4] = '\xa3'
mem[0x080486c5] = '\xd1'
cpu.EIP = 0x80486c3
cpu.EDX = 0xf0
cpu.CF = False
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0x80486c3], '\x0f')
self.assertEqual(mem[0x80486c4], '\xa3')
self.assertEqual(mem[0x80486c5], '\xd1')
self.assertEqual(cpu.EIP, 134514374)
self.assertEqual(cpu.EDX, 240)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.ECX, 0)
def test_BT_10(self):
''' Instruction BT_10
Groups:
0xf7fe4cc0: bt eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = 0x1
cpu.CF = False
cpu.EAX = 0x467
cpu.execute()
self.assertEqual(mem[0xf7fe4cc0], '\x0f')
self.assertEqual(mem[0xf7fe4cc1], '\xa3')
self.assertEqual(mem[0xf7fe4cc2], '\xd0')
self.assertEqual(cpu.EIP, 4160638147)
self.assertEqual(cpu.EDX, 1)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.EAX, 1127)
def test_BT_11(self):
''' Instruction BT_11
Groups:
0xf7fe4cc0: bt eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = 0x2
cpu.CF = False
cpu.EAX = 0x467
cpu.execute()
self.assertEqual(mem[0xf7fe4cc0], '\x0f')
self.assertEqual(mem[0xf7fe4cc1], '\xa3')
self.assertEqual(mem[0xf7fe4cc2], '\xd0')
self.assertEqual(cpu.EIP, 4160638147)
self.assertEqual(cpu.EDX, 2)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.EAX, 1127)
def test_BT_12(self):
''' Instruction BT_12
Groups:
0xf7fe4cc0: bt eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = 0x1
cpu.CF = False
cpu.EAX = 0x467
cpu.execute()
self.assertEqual(mem[0xf7fe4cc0], '\x0f')
self.assertEqual(mem[0xf7fe4cc1], '\xa3')
self.assertEqual(mem[0xf7fe4cc2], '\xd0')
self.assertEqual(cpu.EIP, 4160638147)
self.assertEqual(cpu.EDX, 1)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.EAX, 1127)
def test_BT_13(self):
''' Instruction BT_13
Groups:
0xf7fe4cc0: bt eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = 0x1
cpu.CF = False
cpu.EAX = 0x467
cpu.execute()
self.assertEqual(mem[0xf7fe4cc0], '\x0f')
self.assertEqual(mem[0xf7fe4cc1], '\xa3')
self.assertEqual(mem[0xf7fe4cc2], '\xd0')
self.assertEqual(cpu.EIP, 4160638147)
self.assertEqual(cpu.EDX, 1)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.EAX, 1127)
def test_BT_14(self):
''' Instruction BT_14
Groups:
0xf7fe4cc0: bt eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = 0x1
cpu.CF = False
cpu.EAX = 0x467
cpu.execute()
self.assertEqual(mem[0xf7fe4cc0], '\x0f')
self.assertEqual(mem[0xf7fe4cc1], '\xa3')
self.assertEqual(mem[0xf7fe4cc2], '\xd0')
self.assertEqual(cpu.EIP, 4160638147)
self.assertEqual(cpu.EDX, 1)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.EAX, 1127)
def test_BT_15(self):
''' Instruction BT_15
Groups:
0xf7fe4cc0: bt eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = 0x1
cpu.CF = False
cpu.EAX = 0x467
cpu.execute()
self.assertEqual(mem[0xf7fe4cc0], '\x0f')
self.assertEqual(mem[0xf7fe4cc1], '\xa3')
self.assertEqual(mem[0xf7fe4cc2], '\xd0')
self.assertEqual(cpu.EIP, 4160638147)
self.assertEqual(cpu.EDX, 1)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.EAX, 1127)
def test_BT_16(self):
''' Instruction BT_16
Groups:
0x80485ea: bt cx, dx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem[0x080485ea] = 'f'
mem[0x080485eb] = '\x0f'
mem[0x080485ec] = '\xa3'
mem[0x080485ed] = '\xd1'
cpu.EIP = 0x80485ea
cpu.CX = 0x0
cpu.CF = False
cpu.DX = 0xf0
cpu.execute()
self.assertEqual(mem[0x80485ea], 'f')
self.assertEqual(mem[0x80485eb], '\x0f')
self.assertEqual(mem[0x80485ec], '\xa3')
self.assertEqual(mem[0x80485ed], '\xd1')
self.assertEqual(cpu.EIP, 134514158)
self.assertEqual(cpu.CX, 0)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.DX, 240)
def test_BT_17(self):
''' Instruction BT_17
Groups:
0xf7fe4cc0: bt eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = 0x1
cpu.CF = False
cpu.EAX = 0x467
cpu.execute()
self.assertEqual(mem[0xf7fe4cc0], '\x0f')
self.assertEqual(mem[0xf7fe4cc1], '\xa3')
self.assertEqual(mem[0xf7fe4cc2], '\xd0')
self.assertEqual(cpu.EIP, 4160638147)
self.assertEqual(cpu.EDX, 1)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.EAX, 1127)
def test_BT_18(self):
''' Instruction BT_18
Groups:
0xf7fe4cc0: bt eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = 0x1
cpu.CF = False
cpu.EAX = 0x467
cpu.execute()
self.assertEqual(mem[0xf7fe4cc0], '\x0f')
self.assertEqual(mem[0xf7fe4cc1], '\xa3')
self.assertEqual(mem[0xf7fe4cc2], '\xd0')
self.assertEqual(cpu.EIP, 4160638147)
self.assertEqual(cpu.EDX, 1)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.EAX, 1127)
def test_BT_19(self):
''' Instruction BT_19
Groups:
0xf7fe4cc0: bt eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = 0x1
cpu.CF = False
cpu.EAX = 0x467
cpu.execute()
self.assertEqual(mem[0xf7fe4cc0], '\x0f')
self.assertEqual(mem[0xf7fe4cc1], '\xa3')
self.assertEqual(mem[0xf7fe4cc2], '\xd0')
self.assertEqual(cpu.EIP, 4160638147)
self.assertEqual(cpu.EDX, 1)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.EAX, 1127)
def test_BT_2(self):
''' Instruction BT_2
Groups:
0xf7fe4cc0: bt eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = 0x1
cpu.CF = False
cpu.EAX = 0x467
cpu.execute()
self.assertEqual(mem[0xf7fe4cc0], '\x0f')
self.assertEqual(mem[0xf7fe4cc1], '\xa3')
self.assertEqual(mem[0xf7fe4cc2], '\xd0')
self.assertEqual(cpu.EIP, 4160638147)
self.assertEqual(cpu.EDX, 1)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.EAX, 1127)
def test_BT_20(self):
''' Instruction BT_20
Groups:
0xf7fe4cc0: bt eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = 0x1
cpu.CF = False
cpu.EAX = 0x467
cpu.execute()
self.assertEqual(mem[0xf7fe4cc0], '\x0f')
self.assertEqual(mem[0xf7fe4cc1], '\xa3')
self.assertEqual(mem[0xf7fe4cc2], '\xd0')
self.assertEqual(cpu.EIP, 4160638147)
self.assertEqual(cpu.EDX, 1)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.EAX, 1127)
def test_BT_21(self):
''' Instruction BT_21
Groups:
0xf7fe4cc0: bt eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = 0x1
cpu.CF = False
cpu.EAX = 0x467
cpu.execute()
self.assertEqual(mem[0xf7fe4cc0], '\x0f')
self.assertEqual(mem[0xf7fe4cc1], '\xa3')
self.assertEqual(mem[0xf7fe4cc2], '\xd0')
self.assertEqual(cpu.EIP, 4160638147)
self.assertEqual(cpu.EDX, 1)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.EAX, 1127)
def test_BT_3(self):
''' Instruction BT_3
Groups:
0xf7fe4cc0: bt eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = 0x1
cpu.CF = False
cpu.EAX = 0x467
cpu.execute()
self.assertEqual(mem[0xf7fe4cc0], '\x0f')
self.assertEqual(mem[0xf7fe4cc1], '\xa3')
self.assertEqual(mem[0xf7fe4cc2], '\xd0')
self.assertEqual(cpu.EIP, 4160638147)
self.assertEqual(cpu.EDX, 1)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.EAX, 1127)
def test_BT_4(self):
''' Instruction BT_4
Groups:
0xf7fe4cc0: bt eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = 0x1
cpu.CF = False
cpu.EAX = 0x467
cpu.execute()
self.assertEqual(mem[0xf7fe4cc0], '\x0f')
self.assertEqual(mem[0xf7fe4cc1], '\xa3')
self.assertEqual(mem[0xf7fe4cc2], '\xd0')
self.assertEqual(cpu.EIP, 4160638147)
self.assertEqual(cpu.EDX, 1)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.EAX, 1127)
def test_BT_5(self):
''' Instruction BT_5
Groups:
0xf7fe4cc0: bt eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = 0x1
cpu.CF = False
cpu.EAX = 0x467
cpu.execute()
self.assertEqual(mem[0xf7fe4cc0], '\x0f')
self.assertEqual(mem[0xf7fe4cc1], '\xa3')
self.assertEqual(mem[0xf7fe4cc2], '\xd0')
self.assertEqual(cpu.EIP, 4160638147)
self.assertEqual(cpu.EDX, 1)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.EAX, 1127)
def test_BT_6(self):
''' Instruction BT_6
Groups:
0xf7fe4cc0: bt eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = 0x1
cpu.CF = False
cpu.EAX = 0x467
cpu.execute()
self.assertEqual(mem[0xf7fe4cc0], '\x0f')
self.assertEqual(mem[0xf7fe4cc1], '\xa3')
self.assertEqual(mem[0xf7fe4cc2], '\xd0')
self.assertEqual(cpu.EIP, 4160638147)
self.assertEqual(cpu.EDX, 1)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.EAX, 1127)
def test_BT_7(self):
''' Instruction BT_7
Groups:
0xf7fe4cc0: bt eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = 0x1
cpu.CF = False
cpu.EAX = 0x467
cpu.execute()
self.assertEqual(mem[0xf7fe4cc0], '\x0f')
self.assertEqual(mem[0xf7fe4cc1], '\xa3')
self.assertEqual(mem[0xf7fe4cc2], '\xd0')
self.assertEqual(cpu.EIP, 4160638147)
self.assertEqual(cpu.EDX, 1)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.EAX, 1127)
def test_BT_8(self):
''' Instruction BT_8
Groups:
0x8048759: bt ecx, -1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem[0x08048759] = '\x0f'
mem[0x0804875a] = '\xba'
mem[0x0804875b] = '\xe1'
mem[0x0804875c] = '\xff'
cpu.EIP = 0x8048759
cpu.CF = False
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0x8048759], '\x0f')
self.assertEqual(mem[0x804875a], '\xba')
self.assertEqual(mem[0x804875b], '\xe1')
self.assertEqual(mem[0x804875c], '\xff')
self.assertEqual(cpu.EIP, 134514525)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.ECX, 0)
def test_BT_9(self):
''' Instruction BT_9
Groups:
0xf7fe4cc0: bt eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = 0x1
cpu.CF = False
cpu.EAX = 0x467
cpu.execute()
self.assertEqual(mem[0xf7fe4cc0], '\x0f')
self.assertEqual(mem[0xf7fe4cc1], '\xa3')
self.assertEqual(mem[0xf7fe4cc2], '\xd0')
self.assertEqual(cpu.EIP, 4160638147)
self.assertEqual(cpu.EDX, 1)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.EAX, 1127)
def test_CALL_1(self):
''' Instruction CALL_1
Groups: call, not64bitmode
0xf7fec303: call 0xf7fdc820
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd400] = '\x03'
mem[0xffffd401] = '\x00'
mem[0xffffd402] = '\x00'
mem[0xf7fec303] = '\xe8'
mem[0xf7fec304] = '\x18'
mem[0xf7fec305] = '\x05'
mem[0xf7fec306] = '\xff'
mem[0xf7fec307] = '\xff'
mem[0xffffd403] = '\x00'
mem[0xffffd404] = '\x10'
mem[0xffffd3fc] = '\xc1'
mem[0xffffd3fd] = '\xc1'
mem[0xffffd3fe] = '\xfe'
mem[0xffffd3ff] = '\xf7'
cpu.EIP = 0xf7fec303
cpu.EBP = 0xffffd488
cpu.ESP = 0xffffd400
cpu.execute()
self.assertEqual(mem[0xffffd400], '\x03')
self.assertEqual(mem[0xffffd401], '\x00')
self.assertEqual(mem[0xffffd402], '\x00')
self.assertEqual(mem[0xf7fec303], '\xe8')
self.assertEqual(mem[0xf7fec304], '\x18')
self.assertEqual(mem[0xf7fec305], '\x05')
self.assertEqual(mem[0xf7fec306], '\xff')
self.assertEqual(mem[0xf7fec307], '\xff')
self.assertEqual(mem[0xffffd403], '\x00')
self.assertEqual(mem[0xffffd404], '\x10')
self.assertEqual(mem[0xffffd3fc], '\x08')
self.assertEqual(mem[0xffffd3fd], '\xc3')
self.assertEqual(mem[0xffffd3fe], '\xfe')
self.assertEqual(mem[0xffffd3ff], '\xf7')
self.assertEqual(cpu.EIP, 4160604192)
self.assertEqual(cpu.EBP, 4294956168)
self.assertEqual(cpu.ESP, 4294956028)
def test_CALL_10(self):
''' Instruction CALL_10
Groups: call, not64bitmode
0xf7ff0819: call 0xf7ff0590
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7ff0819] = '\xe8'
mem[0xf7ff081a] = 'r'
mem[0xf7ff081b] = '\xfd'
mem[0xffffd01c] = '\x1e'
mem[0xffffd01d] = '\x08'
mem[0xffffd01e] = '\xff'
mem[0xffffd01f] = '\xf7'
mem[0xffffd020] = '\xcd'
mem[0xffffd021] = '^'
mem[0xffffd022] = '\xff'
mem[0xffffd023] = '\xf7'
mem[0xffffd024] = '\x00'
mem[0xf7ff081c] = '\xff'
mem[0xf7ff081d] = '\xff'
cpu.EIP = 0xf7ff0819
cpu.EBP = 0x306
cpu.ESP = 0xffffd020
cpu.execute()
self.assertEqual(mem[0xf7ff0819], '\xe8')
self.assertEqual(mem[0xf7ff081a], 'r')
self.assertEqual(mem[0xf7ff081b], '\xfd')
self.assertEqual(mem[0xf7ff081c], '\xff')
self.assertEqual(mem[0xf7ff081d], '\xff')
self.assertEqual(mem[0xffffd01e], '\xff')
self.assertEqual(mem[0xffffd01f], '\xf7')
self.assertEqual(mem[0xffffd020], '\xcd')
self.assertEqual(mem[0xffffd021], '^')
self.assertEqual(mem[0xffffd022], '\xff')
self.assertEqual(mem[0xffffd023], '\xf7')
self.assertEqual(mem[0xffffd024], '\x00')
self.assertEqual(mem[0xffffd01c], '\x1e')
self.assertEqual(mem[0xffffd01d], '\x08')
self.assertEqual(cpu.EIP, 4160685456)
self.assertEqual(cpu.EBP, 774)
self.assertEqual(cpu.ESP, 4294955036)
def test_CALL_11(self):
''' Instruction CALL_11
Groups: call, not64bitmode
0xf7fe54ef: call 0xf7fe4c80
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd2f3] = '\xf7'
mem[0xffffd2ef] = '\xf7'
mem[0xf7fe54f0] = '\x8c'
mem[0xf7fe54f1] = '\xf7'
mem[0xffffd2ec] = '4'
mem[0xffffd2ed] = 'N'
mem[0xffffd2ee] = '\xfe'
mem[0xf7fe54ef] = '\xe8'
mem[0xffffd2f0] = '\xc4'
mem[0xffffd2f1] = '\xb1'
mem[0xf7fe54f2] = '\xff'
mem[0xf7fe54f3] = '\xff'
mem[0xffffd2f4] = '\xdc'
mem[0xffffd2f2] = '\xfd'
cpu.EIP = 0xf7fe54ef
cpu.EBP = 0xf7fdab18
cpu.ESP = 0xffffd2f0
cpu.execute()
self.assertEqual(mem[0xffffd2f3], '\xf7')
self.assertEqual(mem[0xffffd2ef], '\xf7')
self.assertEqual(mem[0xffffd2f0], '\xc4')
self.assertEqual(mem[0xffffd2f1], '\xb1')
self.assertEqual(mem[0xffffd2ec], '\xf4')
self.assertEqual(mem[0xffffd2ed], 'T')
self.assertEqual(mem[0xffffd2ee], '\xfe')
self.assertEqual(mem[0xf7fe54ef], '\xe8')
self.assertEqual(mem[0xf7fe54f0], '\x8c')
self.assertEqual(mem[0xf7fe54f1], '\xf7')
self.assertEqual(mem[0xf7fe54f2], '\xff')
self.assertEqual(mem[0xf7fe54f3], '\xff')
self.assertEqual(mem[0xffffd2f4], '\xdc')
self.assertEqual(mem[0xffffd2f2], '\xfd')
self.assertEqual(cpu.EIP, 4160638080)
self.assertEqual(cpu.EBP, 4160596760)
self.assertEqual(cpu.ESP, 4294955756)
def test_CALL_12(self):
''' Instruction CALL_12
Groups: call, not64bitmode
0xf7fe72f3: call 0xf7fe5670
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd440] = '\x10'
mem[0xffffd441] = '\xaa'
mem[0xffffd442] = '\xfd'
mem[0xffffd443] = '\xf7'
mem[0xffffd444] = '\xa8'
mem[0xf7fe72f3] = '\xe8'
mem[0xf7fe72f4] = 'x'
mem[0xf7fe72f5] = '\xe3'
mem[0xf7fe72f6] = '\xff'
mem[0xf7fe72f7] = '\xff'
mem[0xffffd43c] = '\xf8'
mem[0xffffd43d] = 'r'
mem[0xffffd43e] = '\xfe'
mem[0xffffd43f] = '\xf7'
cpu.EIP = 0xf7fe72f3
cpu.EBP = 0xffffd4f8
cpu.ESP = 0xffffd440
cpu.execute()
self.assertEqual(mem[0xffffd440], '\x10')
self.assertEqual(mem[0xffffd441], '\xaa')
self.assertEqual(mem[0xffffd442], '\xfd')
self.assertEqual(mem[0xffffd443], '\xf7')
self.assertEqual(mem[0xffffd444], '\xa8')
self.assertEqual(mem[0xf7fe72f3], '\xe8')
self.assertEqual(mem[0xf7fe72f4], 'x')
self.assertEqual(mem[0xf7fe72f5], '\xe3')
self.assertEqual(mem[0xf7fe72f6], '\xff')
self.assertEqual(mem[0xf7fe72f7], '\xff')
self.assertEqual(mem[0xffffd43c], '\xf8')
self.assertEqual(mem[0xffffd43d], 'r')
self.assertEqual(mem[0xffffd43e], '\xfe')
self.assertEqual(mem[0xffffd43f], '\xf7')
self.assertEqual(cpu.EIP, 4160640624)
self.assertEqual(cpu.EBP, 4294956280)
self.assertEqual(cpu.ESP, 4294956092)
def test_CALL_13(self):
''' Instruction CALL_13
Groups: call, not64bitmode
0xf7fe8bc3: call 0xf7ff45f0
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe8000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe8bc3] = '\xe8'
mem[0xf7fe8bc4] = '('
mem[0xf7fe8bc5] = '\xba'
mem[0xf7fe8bc6] = '\x00'
mem[0xf7fe8bc7] = '\x00'
mem[0xffffd34c] = '\x9d'
mem[0xffffd34d] = '\x8b'
mem[0xffffd34e] = '\xfe'
mem[0xffffd34f] = '\xf7'
mem[0xffffd350] = '\xf4'
mem[0xffffd351] = '\xaa'
mem[0xffffd352] = '\xfd'
mem[0xffffd353] = '\xf7'
mem[0xffffd354] = '\x80'
cpu.EIP = 0xf7fe8bc3
cpu.EBP = 0xffffd4f8
cpu.ESP = 0xffffd350
cpu.execute()
self.assertEqual(mem[0xf7fe8bc3], '\xe8')
self.assertEqual(mem[0xf7fe8bc4], '(')
self.assertEqual(mem[0xf7fe8bc5], '\xba')
self.assertEqual(mem[0xf7fe8bc6], '\x00')
self.assertEqual(mem[0xf7fe8bc7], '\x00')
self.assertEqual(mem[0xffffd34c], '\xc8')
self.assertEqual(mem[0xffffd34d], '\x8b')
self.assertEqual(mem[0xffffd34e], '\xfe')
self.assertEqual(mem[0xffffd34f], '\xf7')
self.assertEqual(mem[0xffffd350], '\xf4')
self.assertEqual(mem[0xffffd351], '\xaa')
self.assertEqual(mem[0xffffd352], '\xfd')
self.assertEqual(mem[0xffffd353], '\xf7')
self.assertEqual(mem[0xffffd354], '\x80')
self.assertEqual(cpu.EIP, 4160701936)
self.assertEqual(cpu.EBP, 4294956280)
self.assertEqual(cpu.ESP, 4294955852)
def test_CALL_14(self):
''' Instruction CALL_14
Groups: call, not64bitmode
0xf7eaa007: call 0xf7f3b7db
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd580] = '\x00'
mem[0xffffd581] = '\x00'
mem[0xffffd582] = '\x00'
mem[0xffffd583] = '\x00'
mem[0xffffd584] = '\x00'
mem[0xf7eaa007] = '\xe8'
mem[0xf7eaa008] = '\xcf'
mem[0xf7eaa009] = '\x17'
mem[0xf7eaa00a] = '\t'
mem[0xf7eaa00b] = '\x00'
mem[0xffffd57c] = '\x0c'
mem[0xffffd57d] = '\xa0'
mem[0xffffd57e] = '\xea'
mem[0xffffd57f] = '\xf7'
cpu.EIP = 0xf7eaa007
cpu.EBP = 0xc2
cpu.ESP = 0xffffd580
cpu.execute()
self.assertEqual(mem[0xffffd580], '\x00')
self.assertEqual(mem[0xffffd581], '\x00')
self.assertEqual(mem[0xffffd582], '\x00')
self.assertEqual(mem[0xffffd583], '\x00')
self.assertEqual(mem[0xffffd584], '\x00')
self.assertEqual(mem[0xf7eaa007], '\xe8')
self.assertEqual(mem[0xf7eaa008], '\xcf')
self.assertEqual(mem[0xf7eaa009], '\x17')
self.assertEqual(mem[0xf7eaa00a], '\t')
self.assertEqual(mem[0xf7eaa00b], '\x00')
self.assertEqual(mem[0xffffd57c], '\x0c')
self.assertEqual(mem[0xffffd57d], '\xa0')
self.assertEqual(mem[0xffffd57e], '\xea')
self.assertEqual(mem[0xffffd57f], '\xf7')
self.assertEqual(cpu.EIP, 4159944667)
self.assertEqual(cpu.EBP, 194)
self.assertEqual(cpu.ESP, 4294956412)
def test_CALL_15(self):
''' Instruction CALL_15
Groups: call, not64bitmode
0xf7feabc3: call dword ptr [ebx + 0x558]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fea000, 0x1000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd340] = '\x00'
mem[0xffffd341] = '\x00'
mem[0xffffd342] = '\x00'
mem[0xf7feabc3] = '\xff'
mem[0xf7feabc4] = '\x93'
mem[0xf7feabc5] = 'X'
mem[0xf7feabc6] = '\x05'
mem[0xf7feabc7] = '\x00'
mem[0xf7feabc8] = '\x00'
mem[0xffffd344] = '\x00'
mem[0xffffd343] = '\x00'
mem[0xf7ffd558] = ' '
mem[0xf7ffd559] = '\xd1'
mem[0xf7ffd55a] = '\xfd'
mem[0xf7ffd55b] = '\xf7'
mem[0xffffd33c] = '\x00'
mem[0xffffd33d] = '\x00'
mem[0xffffd33e] = '\x00'
mem[0xffffd33f] = '\x00'
cpu.EIP = 0xf7feabc3
cpu.EBP = 0xffffd4f8
cpu.EBX = 0xf7ffd000
cpu.ESP = 0xffffd340
cpu.execute()
self.assertEqual(mem[0xffffd340], '\x00')
self.assertEqual(mem[0xffffd341], '\x00')
self.assertEqual(mem[0xffffd342], '\x00')
self.assertEqual(mem[0xf7feabc3], '\xff')
self.assertEqual(mem[0xf7feabc4], '\x93')
self.assertEqual(mem[0xf7feabc5], 'X')
self.assertEqual(mem[0xf7feabc6], '\x05')
self.assertEqual(mem[0xf7feabc7], '\x00')
self.assertEqual(mem[0xf7feabc8], '\x00')
self.assertEqual(mem[0xffffd344], '\x00')
self.assertEqual(mem[0xffffd343], '\x00')
self.assertEqual(mem[0xf7ffd558], ' ')
self.assertEqual(mem[0xf7ffd559], '\xd1')
self.assertEqual(mem[0xf7ffd55a], '\xfd')
self.assertEqual(mem[0xf7ffd55b], '\xf7')
self.assertEqual(mem[0xffffd33c], '\xc9')
self.assertEqual(mem[0xffffd33d], '\xab')
self.assertEqual(mem[0xffffd33e], '\xfe')
self.assertEqual(mem[0xffffd33f], '\xf7')
self.assertEqual(cpu.EIP, 4160606496)
self.assertEqual(cpu.EBP, 4294956280)
self.assertEqual(cpu.EBX, 4160737280)
self.assertEqual(cpu.ESP, 4294955836)
def test_CALL_16(self):
''' Instruction CALL_16
Groups: call, not64bitmode
0xf7fe72f3: call 0xf7fe5670
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd440] = '\x10'
mem[0xffffd441] = '\xaa'
mem[0xffffd442] = '\xfd'
mem[0xffffd443] = '\xf7'
mem[0xffffd444] = '\xa8'
mem[0xf7fe72f3] = '\xe8'
mem[0xf7fe72f4] = 'x'
mem[0xf7fe72f5] = '\xe3'
mem[0xf7fe72f6] = '\xff'
mem[0xf7fe72f7] = '\xff'
mem[0xffffd43c] = '\xf8'
mem[0xffffd43d] = 'r'
mem[0xffffd43e] = '\xfe'
mem[0xffffd43f] = '\xf7'
cpu.EIP = 0xf7fe72f3
cpu.EBP = 0xffffd4f8
cpu.ESP = 0xffffd440
cpu.execute()
self.assertEqual(mem[0xffffd440], '\x10')
self.assertEqual(mem[0xffffd441], '\xaa')
self.assertEqual(mem[0xffffd442], '\xfd')
self.assertEqual(mem[0xffffd443], '\xf7')
self.assertEqual(mem[0xffffd444], '\xa8')
self.assertEqual(mem[0xf7fe72f3], '\xe8')
self.assertEqual(mem[0xf7fe72f4], 'x')
self.assertEqual(mem[0xf7fe72f5], '\xe3')
self.assertEqual(mem[0xf7fe72f6], '\xff')
self.assertEqual(mem[0xf7fe72f7], '\xff')
self.assertEqual(mem[0xffffd43c], '\xf8')
self.assertEqual(mem[0xffffd43d], 'r')
self.assertEqual(mem[0xffffd43e], '\xfe')
self.assertEqual(mem[0xffffd43f], '\xf7')
self.assertEqual(cpu.EIP, 4160640624)
self.assertEqual(cpu.EBP, 4294956280)
self.assertEqual(cpu.ESP, 4294956092)
def test_CALL_17(self):
''' Instruction CALL_17
Groups: call, not64bitmode
0xf7fe568c: call 0xf7ff4768
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd380] = '\xe8'
mem[0xffffd381] = '\xd3'
mem[0xffffd382] = '\xff'
mem[0xffffd383] = '\xff'
mem[0xffffd384] = '\xd4'
mem[0xf7fe568c] = '\xe8'
mem[0xf7fe568d] = '\xd7'
mem[0xf7fe568e] = '\xf0'
mem[0xf7fe568f] = '\x00'
mem[0xf7fe5690] = '\x00'
mem[0xffffd37c] = 'z'
mem[0xffffd37d] = 'W'
mem[0xffffd37e] = '\xfe'
mem[0xffffd37f] = '\xf7'
cpu.EIP = 0xf7fe568c
cpu.EBP = 0xffffd438
cpu.ESP = 0xffffd380
cpu.execute()
self.assertEqual(mem[0xffffd380], '\xe8')
self.assertEqual(mem[0xffffd381], '\xd3')
self.assertEqual(mem[0xffffd382], '\xff')
self.assertEqual(mem[0xffffd383], '\xff')
self.assertEqual(mem[0xffffd384], '\xd4')
self.assertEqual(mem[0xf7fe568c], '\xe8')
self.assertEqual(mem[0xf7fe568d], '\xd7')
self.assertEqual(mem[0xf7fe568e], '\xf0')
self.assertEqual(mem[0xf7fe568f], '\x00')
self.assertEqual(mem[0xf7fe5690], '\x00')
self.assertEqual(mem[0xffffd37c], '\x91')
self.assertEqual(mem[0xffffd37d], 'V')
self.assertEqual(mem[0xffffd37e], '\xfe')
self.assertEqual(mem[0xffffd37f], '\xf7')
self.assertEqual(cpu.EIP, 4160702312)
self.assertEqual(cpu.EBP, 4294956088)
self.assertEqual(cpu.ESP, 4294955900)
def test_CALL_18(self):
''' Instruction CALL_18
Groups: call, not64bitmode
0xf7ff0a62: call 0xf7ff0590
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd022] = '\xff'
mem[0xffffd023] = '\xf7'
mem[0xffffd024] = '\x00'
mem[0xffffd01c] = '\x1e'
mem[0xffffd01d] = '\x08'
mem[0xffffd01e] = '\xff'
mem[0xffffd01f] = '\xf7'
mem[0xffffd020] = '\xcd'
mem[0xffffd021] = '^'
mem[0xf7ff0a62] = '\xe8'
mem[0xf7ff0a63] = ')'
mem[0xf7ff0a64] = '\xfb'
mem[0xf7ff0a65] = '\xff'
mem[0xf7ff0a66] = '\xff'
cpu.EIP = 0xf7ff0a62
cpu.EBP = 0x340
cpu.ESP = 0xffffd020
cpu.execute()
self.assertEqual(mem[0xffffd022], '\xff')
self.assertEqual(mem[0xffffd023], '\xf7')
self.assertEqual(mem[0xffffd024], '\x00')
self.assertEqual(mem[0xffffd01c], 'g')
self.assertEqual(mem[0xffffd01d], '\n')
self.assertEqual(mem[0xffffd01e], '\xff')
self.assertEqual(mem[0xffffd01f], '\xf7')
self.assertEqual(mem[0xffffd020], '\xcd')
self.assertEqual(mem[0xffffd021], '^')
self.assertEqual(mem[0xf7ff0a62], '\xe8')
self.assertEqual(mem[0xf7ff0a63], ')')
self.assertEqual(mem[0xf7ff0a64], '\xfb')
self.assertEqual(mem[0xf7ff0a65], '\xff')
self.assertEqual(mem[0xf7ff0a66], '\xff')
self.assertEqual(cpu.EIP, 4160685456)
self.assertEqual(cpu.EBP, 832)
self.assertEqual(cpu.ESP, 4294955036)
def test_CALL_19(self):
''' Instruction CALL_19
Groups: call, not64bitmode
0xf7fe4d98: call 0xf7ff3e60
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe4d98] = '\xe8'
mem[0xf7fe4d99] = '\xc3'
mem[0xf7fe4d9a] = '\xf0'
mem[0xf7fe4d9b] = '\x00'
mem[0xf7fe4d9c] = '\x00'
mem[0xffffd2ac] = '\x97'
mem[0xffffd2ad] = 'L'
mem[0xffffd2ae] = '\xfe'
mem[0xffffd2af] = '\xf7'
mem[0xffffd2b0] = 'a'
mem[0xffffd2b1] = '\x80'
mem[0xffffd2b2] = '\xe2'
mem[0xffffd2b3] = '\xf7'
mem[0xffffd2b4] = 'a'
cpu.EIP = 0xf7fe4d98
cpu.EBP = 0xf7fdaba8
cpu.ESP = 0xffffd2b0
cpu.execute()
self.assertEqual(mem[0xf7fe4d98], '\xe8')
self.assertEqual(mem[0xf7fe4d99], '\xc3')
self.assertEqual(mem[0xf7fe4d9a], '\xf0')
self.assertEqual(mem[0xf7fe4d9b], '\x00')
self.assertEqual(mem[0xf7fe4d9c], '\x00')
self.assertEqual(mem[0xffffd2ac], '\x9d')
self.assertEqual(mem[0xffffd2ad], 'M')
self.assertEqual(mem[0xffffd2ae], '\xfe')
self.assertEqual(mem[0xffffd2af], '\xf7')
self.assertEqual(mem[0xffffd2b0], 'a')
self.assertEqual(mem[0xffffd2b1], '\x80')
self.assertEqual(mem[0xffffd2b2], '\xe2')
self.assertEqual(mem[0xffffd2b3], '\xf7')
self.assertEqual(mem[0xffffd2b4], 'a')
self.assertEqual(cpu.EIP, 4160700000)
self.assertEqual(cpu.EBP, 4160596904)
self.assertEqual(cpu.ESP, 4294955692)
def test_CALL_2(self):
''' Instruction CALL_2
Groups: call, not64bitmode
0xf7eaa8b1: call 0xf7f3b7db
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd439] = '\xd0'
mem[0xf7eaa8b1] = '\xe8'
mem[0xf7eaa8b2] = '%'
mem[0xf7eaa8b3] = '\x0f'
mem[0xf7eaa8b4] = '\t'
mem[0xf7eaa8b5] = '\x00'
mem[0xffffd436] = '\xe9'
mem[0xffffd437] = '\xf7'
mem[0xffffd438] = '\x00'
mem[0xffffd434] = 'v'
mem[0xffffd43a] = '\xff'
mem[0xffffd43b] = '\xf7'
mem[0xffffd43c] = '\x8c'
mem[0xffffd435] = 'x'
cpu.EIP = 0xf7eaa8b1
cpu.EBP = 0xffffd4f8
cpu.ESP = 0xffffd438
cpu.execute()
self.assertEqual(mem[0xffffd439], '\xd0')
self.assertEqual(mem[0xf7eaa8b1], '\xe8')
self.assertEqual(mem[0xf7eaa8b2], '%')
self.assertEqual(mem[0xf7eaa8b3], '\x0f')
self.assertEqual(mem[0xf7eaa8b4], '\t')
self.assertEqual(mem[0xf7eaa8b5], '\x00')
self.assertEqual(mem[0xffffd436], '\xea')
self.assertEqual(mem[0xffffd437], '\xf7')
self.assertEqual(mem[0xffffd438], '\x00')
self.assertEqual(mem[0xffffd434], '\xb6')
self.assertEqual(mem[0xffffd43a], '\xff')
self.assertEqual(mem[0xffffd43b], '\xf7')
self.assertEqual(mem[0xffffd43c], '\x8c')
self.assertEqual(mem[0xffffd435], '\xa8')
self.assertEqual(cpu.EIP, 4159944667)
self.assertEqual(cpu.EBP, 4294956280)
self.assertEqual(cpu.ESP, 4294956084)
def test_CALL_20(self):
''' Instruction CALL_20
Groups: call, not64bitmode
0xf7fe9d3c: call 0xf7fdc810
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe9d40] = '\xff'
mem[0xffffd3ec] = '\x1b'
mem[0xffffd3ed] = '\x9c'
mem[0xffffd3ee] = '\xfe'
mem[0xffffd3ef] = '\xf7'
mem[0xffffd3f0] = '\xb8'
mem[0xffffd3f1] = '\x00'
mem[0xffffd3f2] = '\x00'
mem[0xffffd3f3] = '\x00'
mem[0xffffd3f4] = '\x00'
mem[0xf7fe9d3c] = '\xe8'
mem[0xf7fe9d3d] = '\xcf'
mem[0xf7fe9d3e] = '*'
mem[0xf7fe9d3f] = '\xff'
cpu.EIP = 0xf7fe9d3c
cpu.EBP = 0xffffd498
cpu.ESP = 0xffffd3f0
cpu.execute()
self.assertEqual(mem[0xf7fe9d40], '\xff')
self.assertEqual(mem[0xffffd3ec], 'A')
self.assertEqual(mem[0xffffd3ed], '\x9d')
self.assertEqual(mem[0xffffd3ee], '\xfe')
self.assertEqual(mem[0xffffd3ef], '\xf7')
self.assertEqual(mem[0xffffd3f0], '\xb8')
self.assertEqual(mem[0xffffd3f1], '\x00')
self.assertEqual(mem[0xffffd3f2], '\x00')
self.assertEqual(mem[0xffffd3f3], '\x00')
self.assertEqual(mem[0xffffd3f4], '\x00')
self.assertEqual(mem[0xf7fe9d3c], '\xe8')
self.assertEqual(mem[0xf7fe9d3d], '\xcf')
self.assertEqual(mem[0xf7fe9d3e], '*')
self.assertEqual(mem[0xf7fe9d3f], '\xff')
self.assertEqual(cpu.EIP, 4160604176)
self.assertEqual(cpu.EBP, 4294956184)
self.assertEqual(cpu.ESP, 4294956012)
def test_CALL_21(self):
''' Instruction CALL_21
Groups: call, not64bitmode
0xf7fe3b46: call 0xf7fdc810
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe3000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe3b46] = '\xe8'
mem[0xf7fe3b47] = '\xc5'
mem[0xf7fe3b48] = '\x8c'
mem[0xf7fe3b49] = '\xff'
mem[0xf7fe3b4a] = '\xff'
mem[0xffffd49c] = '6'
mem[0xffffd49d] = ';'
mem[0xffffd49e] = '\xfe'
mem[0xffffd49f] = '\xf7'
mem[0xffffd4a0] = '\x14'
mem[0xffffd4a1] = '\x00'
mem[0xffffd4a2] = '\x00'
mem[0xffffd4a3] = '\x00'
mem[0xffffd4a4] = '\x00'
cpu.EIP = 0xf7fe3b46
cpu.EBP = 0xffffd4f8
cpu.ESP = 0xffffd4a0
cpu.execute()
self.assertEqual(mem[0xf7fe3b46], '\xe8')
self.assertEqual(mem[0xf7fe3b47], '\xc5')
self.assertEqual(mem[0xf7fe3b48], '\x8c')
self.assertEqual(mem[0xf7fe3b49], '\xff')
self.assertEqual(mem[0xf7fe3b4a], '\xff')
self.assertEqual(mem[0xffffd49c], 'K')
self.assertEqual(mem[0xffffd49d], ';')
self.assertEqual(mem[0xffffd49e], '\xfe')
self.assertEqual(mem[0xffffd49f], '\xf7')
self.assertEqual(mem[0xffffd4a0], '\x14')
self.assertEqual(mem[0xffffd4a1], '\x00')
self.assertEqual(mem[0xffffd4a2], '\x00')
self.assertEqual(mem[0xffffd4a3], '\x00')
self.assertEqual(mem[0xffffd4a4], '\x00')
self.assertEqual(cpu.EIP, 4160604176)
self.assertEqual(cpu.EBP, 4294956280)
self.assertEqual(cpu.ESP, 4294956188)
def test_CALL_3(self):
''' Instruction CALL_3
Groups: call, not64bitmode
0xf7fe4d98: call 0xf7ff3e60
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe4d98] = '\xe8'
mem[0xf7fe4d99] = '\xc3'
mem[0xf7fe4d9a] = '\xf0'
mem[0xf7fe4d9b] = '\x00'
mem[0xf7fe4d9c] = '\x00'
mem[0xffffd2ac] = '\xe2'
mem[0xffffd2ad] = 'L'
mem[0xffffd2ae] = '\xfe'
mem[0xffffd2af] = '\xf7'
mem[0xffffd2b0] = '4'
mem[0xffffd2b1] = '\xc6'
mem[0xffffd2b2] = '\xfd'
mem[0xffffd2b3] = '\xf7'
mem[0xffffd2b4] = '\xac'
cpu.EIP = 0xf7fe4d98
cpu.EBP = 0xf7fdadb8
cpu.ESP = 0xffffd2b0
cpu.execute()
self.assertEqual(mem[0xf7fe4d98], '\xe8')
self.assertEqual(mem[0xf7fe4d99], '\xc3')
self.assertEqual(mem[0xf7fe4d9a], '\xf0')
self.assertEqual(mem[0xf7fe4d9b], '\x00')
self.assertEqual(mem[0xf7fe4d9c], '\x00')
self.assertEqual(mem[0xffffd2ac], '\x9d')
self.assertEqual(mem[0xffffd2ad], 'M')
self.assertEqual(mem[0xffffd2ae], '\xfe')
self.assertEqual(mem[0xffffd2af], '\xf7')
self.assertEqual(mem[0xffffd2b0], '4')
self.assertEqual(mem[0xffffd2b1], '\xc6')
self.assertEqual(mem[0xffffd2b2], '\xfd')
self.assertEqual(mem[0xffffd2b3], '\xf7')
self.assertEqual(mem[0xffffd2b4], '\xac')
self.assertEqual(cpu.EIP, 4160700000)
self.assertEqual(cpu.EBP, 4160597432)
self.assertEqual(cpu.ESP, 4294955692)
def test_CALL_4(self):
''' Instruction CALL_4
Groups: call, not64bitmode
0xf7fe54ef: call 0xf7fe4c80
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd2f3] = '\xf7'
mem[0xffffd2ef] = '\xf7'
mem[0xf7fe54f0] = '\x8c'
mem[0xf7fe54f1] = '\xf7'
mem[0xffffd2ec] = '4'
mem[0xffffd2ed] = 'N'
mem[0xffffd2ee] = '\xfe'
mem[0xf7fe54ef] = '\xe8'
mem[0xffffd2f0] = '\xc4'
mem[0xffffd2f1] = '\xb1'
mem[0xf7fe54f2] = '\xff'
mem[0xf7fe54f3] = '\xff'
mem[0xffffd2f4] = '\xdc'
mem[0xffffd2f2] = '\xfd'
cpu.EIP = 0xf7fe54ef
cpu.EBP = 0xf7fdab18
cpu.ESP = 0xffffd2f0
cpu.execute()
self.assertEqual(mem[0xffffd2f3], '\xf7')
self.assertEqual(mem[0xffffd2ef], '\xf7')
self.assertEqual(mem[0xffffd2f0], '\xc4')
self.assertEqual(mem[0xffffd2f1], '\xb1')
self.assertEqual(mem[0xffffd2ec], '\xf4')
self.assertEqual(mem[0xffffd2ed], 'T')
self.assertEqual(mem[0xffffd2ee], '\xfe')
self.assertEqual(mem[0xf7fe54ef], '\xe8')
self.assertEqual(mem[0xf7fe54f0], '\x8c')
self.assertEqual(mem[0xf7fe54f1], '\xf7')
self.assertEqual(mem[0xf7fe54f2], '\xff')
self.assertEqual(mem[0xf7fe54f3], '\xff')
self.assertEqual(mem[0xffffd2f4], '\xdc')
self.assertEqual(mem[0xffffd2f2], '\xfd')
self.assertEqual(cpu.EIP, 4160638080)
self.assertEqual(cpu.EBP, 4160596760)
self.assertEqual(cpu.ESP, 4294955756)
def test_CALL_5(self):
''' Instruction CALL_5
Groups: call, not64bitmode
0xf7ff41d2: call 0xf7ff4768
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7ff41d2] = '\xe8'
mem[0xf7ff41d3] = '\x91'
mem[0xf7ff41d4] = '\x05'
mem[0xf7ff41d5] = '\x00'
mem[0xf7ff41d6] = '\x00'
mem[0xffffd030] = '\xd7'
mem[0xffffd031] = 'A'
mem[0xffffd032] = '\xff'
mem[0xffffd033] = '\xf7'
mem[0xffffd034] = 'D'
mem[0xffffd035] = '\x00'
mem[0xffffd036] = '\x00'
mem[0xffffd037] = '\x00'
mem[0xffffd038] = '\x00'
cpu.EIP = 0xf7ff41d2
cpu.EBP = 0xffffd088
cpu.ESP = 0xffffd034
cpu.execute()
self.assertEqual(mem[0xf7ff41d2], '\xe8')
self.assertEqual(mem[0xf7ff41d3], '\x91')
self.assertEqual(mem[0xf7ff41d4], '\x05')
self.assertEqual(mem[0xf7ff41d5], '\x00')
self.assertEqual(mem[0xf7ff41d6], '\x00')
self.assertEqual(mem[0xffffd030], '\xd7')
self.assertEqual(mem[0xffffd031], 'A')
self.assertEqual(mem[0xffffd032], '\xff')
self.assertEqual(mem[0xffffd033], '\xf7')
self.assertEqual(mem[0xffffd034], 'D')
self.assertEqual(mem[0xffffd035], '\x00')
self.assertEqual(mem[0xffffd036], '\x00')
self.assertEqual(mem[0xffffd037], '\x00')
self.assertEqual(mem[0xffffd038], '\x00')
self.assertEqual(cpu.EIP, 4160702312)
self.assertEqual(cpu.EBP, 4294955144)
self.assertEqual(cpu.ESP, 4294955056)
def test_CALL_6(self):
''' Instruction CALL_6
Groups: call, not64bitmode
0xf7fe568c: call 0xf7ff4768
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd380] = '\xe8'
mem[0xffffd381] = '\xd3'
mem[0xffffd382] = '\xff'
mem[0xffffd383] = '\xff'
mem[0xffffd384] = '\xb8'
mem[0xf7fe568c] = '\xe8'
mem[0xf7fe568d] = '\xd7'
mem[0xf7fe568e] = '\xf0'
mem[0xf7fe568f] = '\x00'
mem[0xf7fe5690] = '\x00'
mem[0xffffd37c] = 'z'
mem[0xffffd37d] = 'W'
mem[0xffffd37e] = '\xfe'
mem[0xffffd37f] = '\xf7'
cpu.EIP = 0xf7fe568c
cpu.EBP = 0xffffd438
cpu.ESP = 0xffffd380
cpu.execute()
self.assertEqual(mem[0xffffd380], '\xe8')
self.assertEqual(mem[0xffffd381], '\xd3')
self.assertEqual(mem[0xffffd382], '\xff')
self.assertEqual(mem[0xffffd383], '\xff')
self.assertEqual(mem[0xffffd384], '\xb8')
self.assertEqual(mem[0xf7fe568c], '\xe8')
self.assertEqual(mem[0xf7fe568d], '\xd7')
self.assertEqual(mem[0xf7fe568e], '\xf0')
self.assertEqual(mem[0xf7fe568f], '\x00')
self.assertEqual(mem[0xf7fe5690], '\x00')
self.assertEqual(mem[0xffffd37c], '\x91')
self.assertEqual(mem[0xffffd37d], 'V')
self.assertEqual(mem[0xffffd37e], '\xfe')
self.assertEqual(mem[0xffffd37f], '\xf7')
self.assertEqual(cpu.EIP, 4160702312)
self.assertEqual(cpu.EBP, 4294956088)
self.assertEqual(cpu.ESP, 4294955900)
def test_CALL_7(self):
''' Instruction CALL_7
Groups: call, not64bitmode
0xf7fe72f3: call 0xf7fe5670
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd440] = '\x10'
mem[0xffffd441] = '\xaa'
mem[0xffffd442] = '\xfd'
mem[0xffffd443] = '\xf7'
mem[0xffffd444] = '\xa8'
mem[0xf7fe72f3] = '\xe8'
mem[0xf7fe72f4] = 'x'
mem[0xf7fe72f5] = '\xe3'
mem[0xf7fe72f6] = '\xff'
mem[0xf7fe72f7] = '\xff'
mem[0xffffd43c] = '\xf8'
mem[0xffffd43d] = 'r'
mem[0xffffd43e] = '\xfe'
mem[0xffffd43f] = '\xf7'
cpu.EIP = 0xf7fe72f3
cpu.EBP = 0xffffd4f8
cpu.ESP = 0xffffd440
cpu.execute()
self.assertEqual(mem[0xffffd440], '\x10')
self.assertEqual(mem[0xffffd441], '\xaa')
self.assertEqual(mem[0xffffd442], '\xfd')
self.assertEqual(mem[0xffffd443], '\xf7')
self.assertEqual(mem[0xffffd444], '\xa8')
self.assertEqual(mem[0xf7fe72f3], '\xe8')
self.assertEqual(mem[0xf7fe72f4], 'x')
self.assertEqual(mem[0xf7fe72f5], '\xe3')
self.assertEqual(mem[0xf7fe72f6], '\xff')
self.assertEqual(mem[0xf7fe72f7], '\xff')
self.assertEqual(mem[0xffffd43c], '\xf8')
self.assertEqual(mem[0xffffd43d], 'r')
self.assertEqual(mem[0xffffd43e], '\xfe')
self.assertEqual(mem[0xffffd43f], '\xf7')
self.assertEqual(cpu.EIP, 4160640624)
self.assertEqual(cpu.EBP, 4294956280)
self.assertEqual(cpu.ESP, 4294956092)
def test_CALL_8(self):
''' Instruction CALL_8
Groups: call, not64bitmode
0xf7fe5775: call 0xf7fe4e10
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd380] = '\xe8'
mem[0xffffd381] = '\xd3'
mem[0xffffd382] = '\xff'
mem[0xffffd383] = '\xff'
mem[0xffffd384] = 'D'
mem[0xf7fe5775] = '\xe8'
mem[0xf7fe5776] = '\x96'
mem[0xf7fe5777] = '\xf6'
mem[0xf7fe5778] = '\xff'
mem[0xf7fe5779] = '\xff'
mem[0xffffd37c] = '\x91'
mem[0xffffd37d] = 'V'
mem[0xffffd37e] = '\xfe'
mem[0xffffd37f] = '\xf7'
cpu.EIP = 0xf7fe5775
cpu.EBP = 0xffffd438
cpu.ESP = 0xffffd380
cpu.execute()
self.assertEqual(mem[0xffffd380], '\xe8')
self.assertEqual(mem[0xffffd381], '\xd3')
self.assertEqual(mem[0xffffd382], '\xff')
self.assertEqual(mem[0xffffd383], '\xff')
self.assertEqual(mem[0xffffd384], 'D')
self.assertEqual(mem[0xf7fe5775], '\xe8')
self.assertEqual(mem[0xf7fe5776], '\x96')
self.assertEqual(mem[0xf7fe5777], '\xf6')
self.assertEqual(mem[0xf7fe5778], '\xff')
self.assertEqual(mem[0xf7fe5779], '\xff')
self.assertEqual(mem[0xffffd37c], 'z')
self.assertEqual(mem[0xffffd37d], 'W')
self.assertEqual(mem[0xffffd37e], '\xfe')
self.assertEqual(mem[0xffffd37f], '\xf7')
self.assertEqual(cpu.EIP, 4160638480)
self.assertEqual(cpu.EBP, 4294956088)
self.assertEqual(cpu.ESP, 4294955900)
def test_CALL_9(self):
''' Instruction CALL_9
Groups: call, not64bitmode
0xf7fe72f3: call 0xf7fe5670
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd440] = '\x10'
mem[0xffffd441] = '\xaa'
mem[0xffffd442] = '\xfd'
mem[0xffffd443] = '\xf7'
mem[0xffffd444] = '\xa8'
mem[0xf7fe72f3] = '\xe8'
mem[0xf7fe72f4] = 'x'
mem[0xf7fe72f5] = '\xe3'
mem[0xf7fe72f6] = '\xff'
mem[0xf7fe72f7] = '\xff'
mem[0xffffd43c] = '\xf8'
mem[0xffffd43d] = 'r'
mem[0xffffd43e] = '\xfe'
mem[0xffffd43f] = '\xf7'
cpu.EIP = 0xf7fe72f3
cpu.EBP = 0xffffd4f8
cpu.ESP = 0xffffd440
cpu.execute()
self.assertEqual(mem[0xffffd440], '\x10')
self.assertEqual(mem[0xffffd441], '\xaa')
self.assertEqual(mem[0xffffd442], '\xfd')
self.assertEqual(mem[0xffffd443], '\xf7')
self.assertEqual(mem[0xffffd444], '\xa8')
self.assertEqual(mem[0xf7fe72f3], '\xe8')
self.assertEqual(mem[0xf7fe72f4], 'x')
self.assertEqual(mem[0xf7fe72f5], '\xe3')
self.assertEqual(mem[0xf7fe72f6], '\xff')
self.assertEqual(mem[0xf7fe72f7], '\xff')
self.assertEqual(mem[0xffffd43c], '\xf8')
self.assertEqual(mem[0xffffd43d], 'r')
self.assertEqual(mem[0xffffd43e], '\xfe')
self.assertEqual(mem[0xffffd43f], '\xf7')
self.assertEqual(cpu.EIP, 4160640624)
self.assertEqual(cpu.EBP, 4294956280)
self.assertEqual(cpu.ESP, 4294956092)
def test_CBW_1(self):
''' Instruction CBW_1
Groups:
0x8060d84: cbw
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08060000, 0x1000, 'rwx')
mem[0x08060d84] = 'f'
mem[0x08060d85] = '\x98'
cpu.EIP = 0x8060d84
cpu.AX = 0xeb
cpu.execute()
self.assertEqual(mem[0x8060d84], 'f')
self.assertEqual(mem[0x8060d85], '\x98')
self.assertEqual(cpu.EIP, 134614406)
self.assertEqual(cpu.AX, 65515)
def test_CDQ_1(self):
''' Instruction CDQ_1
Groups:
0x804d63b: cdq
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x0804d63b] = '\x99'
cpu.EIP = 0x804d63b
cpu.EDX = 0xf0
cpu.EAX = 0xeb6eb6eb
cpu.execute()
self.assertEqual(mem[0x804d63b], '\x99')
self.assertEqual(cpu.EIP, 134534716)
self.assertEqual(cpu.EDX, 4294967295)
self.assertEqual(cpu.EAX, 3949901547)
def test_CDQ_2(self):
''' Instruction CDQ_2
Groups:
0x80702fa: cdq
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x080702fa] = '\x99'
cpu.EIP = 0x80702fa
cpu.EDX = 0xfa
cpu.EAX = 0xffffecf8
cpu.execute()
self.assertEqual(mem[0x80702fa], '\x99')
self.assertEqual(cpu.EIP, 134677243)
self.assertEqual(cpu.EDX, 4294967295)
self.assertEqual(cpu.EAX, 4294962424)
def test_CLC_1(self):
''' Instruction CLC_1
Groups:
0x80701bc: clc
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x080701bc] = '\xf8'
cpu.EIP = 0x80701bc
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0x80701bc], '\xf8')
self.assertEqual(cpu.EIP, 134676925)
self.assertEqual(cpu.CF, False)
def test_CLD_1(self):
''' Instruction CLD_1
Groups:
0xf7ff4540: cld
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4540] = '\xfc'
cpu.DF = False
cpu.EIP = 0xf7ff4540
cpu.execute()
self.assertEqual(mem[0xf7ff4540], '\xfc')
self.assertEqual(cpu.DF, False)
self.assertEqual(cpu.EIP, 4160701761)
def test_CLD_10(self):
''' Instruction CLD_10
Groups:
0xf7ff4540: cld
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4540] = '\xfc'
cpu.DF = False
cpu.EIP = 0xf7ff4540
cpu.execute()
self.assertEqual(mem[0xf7ff4540], '\xfc')
self.assertEqual(cpu.DF, False)
self.assertEqual(cpu.EIP, 4160701761)
def test_CLD_11(self):
''' Instruction CLD_11
Groups:
0xf7ff4607: cld
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4607] = '\xfc'
cpu.DF = False
cpu.EIP = 0xf7ff4607
cpu.execute()
self.assertEqual(mem[0xf7ff4607], '\xfc')
self.assertEqual(cpu.DF, False)
self.assertEqual(cpu.EIP, 4160701960)
def test_CLD_12(self):
''' Instruction CLD_12
Groups:
0xf7ff4607: cld
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4607] = '\xfc'
cpu.DF = False
cpu.EIP = 0xf7ff4607
cpu.execute()
self.assertEqual(mem[0xf7ff4607], '\xfc')
self.assertEqual(cpu.DF, False)
self.assertEqual(cpu.EIP, 4160701960)
def test_CLD_13(self):
''' Instruction CLD_13
Groups:
0xf7ff4540: cld
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4540] = '\xfc'
cpu.DF = False
cpu.EIP = 0xf7ff4540
cpu.execute()
self.assertEqual(mem[0xf7ff4540], '\xfc')
self.assertEqual(cpu.DF, False)
self.assertEqual(cpu.EIP, 4160701761)
def test_CLD_14(self):
''' Instruction CLD_14
Groups:
0xf7ff4540: cld
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4540] = '\xfc'
cpu.DF = False
cpu.EIP = 0xf7ff4540
cpu.execute()
self.assertEqual(mem[0xf7ff4540], '\xfc')
self.assertEqual(cpu.DF, False)
self.assertEqual(cpu.EIP, 4160701761)
def test_CLD_15(self):
''' Instruction CLD_15
Groups:
0xf7ff4540: cld
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4540] = '\xfc'
cpu.DF = False
cpu.EIP = 0xf7ff4540
cpu.execute()
self.assertEqual(mem[0xf7ff4540], '\xfc')
self.assertEqual(cpu.DF, False)
self.assertEqual(cpu.EIP, 4160701761)
def test_CLD_16(self):
''' Instruction CLD_16
Groups:
0xf7ff4607: cld
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4607] = '\xfc'
cpu.DF = False
cpu.EIP = 0xf7ff4607
cpu.execute()
self.assertEqual(mem[0xf7ff4607], '\xfc')
self.assertEqual(cpu.DF, False)
self.assertEqual(cpu.EIP, 4160701960)
def test_CLD_17(self):
''' Instruction CLD_17
Groups:
0xf7ff4607: cld
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4607] = '\xfc'
cpu.DF = False
cpu.EIP = 0xf7ff4607
cpu.execute()
self.assertEqual(mem[0xf7ff4607], '\xfc')
self.assertEqual(cpu.DF, False)
self.assertEqual(cpu.EIP, 4160701960)
def test_CLD_18(self):
''' Instruction CLD_18
Groups:
0xf7ff44e0: cld
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff44e0] = '\xfc'
cpu.DF = False
cpu.EIP = 0xf7ff44e0
cpu.execute()
self.assertEqual(mem[0xf7ff44e0], '\xfc')
self.assertEqual(cpu.DF, False)
self.assertEqual(cpu.EIP, 4160701665)
def test_CLD_19(self):
''' Instruction CLD_19
Groups:
0xf7ff4540: cld
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4540] = '\xfc'
cpu.DF = False
cpu.EIP = 0xf7ff4540
cpu.execute()
self.assertEqual(mem[0xf7ff4540], '\xfc')
self.assertEqual(cpu.DF, False)
self.assertEqual(cpu.EIP, 4160701761)
def test_CLD_2(self):
''' Instruction CLD_2
Groups:
0xf7ff4540: cld
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4540] = '\xfc'
cpu.DF = False
cpu.EIP = 0xf7ff4540
cpu.execute()
self.assertEqual(mem[0xf7ff4540], '\xfc')
self.assertEqual(cpu.DF, False)
self.assertEqual(cpu.EIP, 4160701761)
def test_CLD_20(self):
''' Instruction CLD_20
Groups:
0xf7ff4540: cld
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4540] = '\xfc'
cpu.DF = False
cpu.EIP = 0xf7ff4540
cpu.execute()
self.assertEqual(mem[0xf7ff4540], '\xfc')
self.assertEqual(cpu.DF, False)
self.assertEqual(cpu.EIP, 4160701761)
def test_CLD_21(self):
''' Instruction CLD_21
Groups:
0xf7ff4540: cld
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4540] = '\xfc'
cpu.DF = False
cpu.EIP = 0xf7ff4540
cpu.execute()
self.assertEqual(mem[0xf7ff4540], '\xfc')
self.assertEqual(cpu.DF, False)
self.assertEqual(cpu.EIP, 4160701761)
def test_CLD_3(self):
''' Instruction CLD_3
Groups:
0xf7ff44e0: cld
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff44e0] = '\xfc'
cpu.DF = False
cpu.EIP = 0xf7ff44e0
cpu.execute()
self.assertEqual(mem[0xf7ff44e0], '\xfc')
self.assertEqual(cpu.DF, False)
self.assertEqual(cpu.EIP, 4160701665)
def test_CLD_4(self):
''' Instruction CLD_4
Groups:
0xf7ff4540: cld
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4540] = '\xfc'
cpu.DF = False
cpu.EIP = 0xf7ff4540
cpu.execute()
self.assertEqual(mem[0xf7ff4540], '\xfc')
self.assertEqual(cpu.DF, False)
self.assertEqual(cpu.EIP, 4160701761)
def test_CLD_5(self):
''' Instruction CLD_5
Groups:
0xf7ff4607: cld
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4607] = '\xfc'
cpu.DF = False
cpu.EIP = 0xf7ff4607
cpu.execute()
self.assertEqual(mem[0xf7ff4607], '\xfc')
self.assertEqual(cpu.DF, False)
self.assertEqual(cpu.EIP, 4160701960)
def test_CLD_6(self):
''' Instruction CLD_6
Groups:
0xf7ff44e0: cld
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff44e0] = '\xfc'
cpu.DF = False
cpu.EIP = 0xf7ff44e0
cpu.execute()
self.assertEqual(mem[0xf7ff44e0], '\xfc')
self.assertEqual(cpu.DF, False)
self.assertEqual(cpu.EIP, 4160701665)
def test_CLD_7(self):
''' Instruction CLD_7
Groups:
0xf7ff4607: cld
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4607] = '\xfc'
cpu.DF = False
cpu.EIP = 0xf7ff4607
cpu.execute()
self.assertEqual(mem[0xf7ff4607], '\xfc')
self.assertEqual(cpu.DF, False)
self.assertEqual(cpu.EIP, 4160701960)
def test_CLD_8(self):
''' Instruction CLD_8
Groups:
0x807019f: cld
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x0807019f] = '\xfc'
cpu.DF = False
cpu.EIP = 0x807019f
cpu.execute()
self.assertEqual(mem[0x807019f], '\xfc')
self.assertEqual(cpu.DF, False)
self.assertEqual(cpu.EIP, 134676896)
def test_CLD_9(self):
''' Instruction CLD_9
Groups:
0xf7ff4607: cld
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4607] = '\xfc'
cpu.DF = False
cpu.EIP = 0xf7ff4607
cpu.execute()
self.assertEqual(mem[0xf7ff4607], '\xfc')
self.assertEqual(cpu.DF, False)
self.assertEqual(cpu.EIP, 4160701960)
def test_CMOVAE_1(self):
''' Instruction CMOVAE_1
Groups: cmov
0xf7fec1d5: cmovae eax, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec1d5] = '\x0f'
mem[0xf7fec1d6] = 'C'
mem[0xf7fec1d7] = '\xc1'
cpu.EIP = 0xf7fec1d5
cpu.EAX = 0x2
cpu.CF = True
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fec1d5], '\x0f')
self.assertEqual(mem[0xf7fec1d6], 'C')
self.assertEqual(mem[0xf7fec1d7], '\xc1')
self.assertEqual(cpu.EIP, 4160668120)
self.assertEqual(cpu.ECX, 0)
self.assertEqual(cpu.EAX, 2)
def test_CMOVAE_10(self):
''' Instruction CMOVAE_10
Groups: cmov
0xf7fec1d5: cmovae eax, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec1d5] = '\x0f'
mem[0xf7fec1d6] = 'C'
mem[0xf7fec1d7] = '\xc1'
cpu.EIP = 0xf7fec1d5
cpu.EAX = 0x23
cpu.CF = False
cpu.ECX = 0x24
cpu.execute()
self.assertEqual(mem[0xf7fec1d5], '\x0f')
self.assertEqual(mem[0xf7fec1d6], 'C')
self.assertEqual(mem[0xf7fec1d7], '\xc1')
self.assertEqual(cpu.EIP, 4160668120)
self.assertEqual(cpu.ECX, 36)
self.assertEqual(cpu.EAX, 36)
def test_CMOVAE_11(self):
''' Instruction CMOVAE_11
Groups: cmov
0xf7fec2ae: cmovae edx, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec2b0] = '\xd1'
mem[0xf7fec2ae] = '\x0f'
mem[0xf7fec2af] = 'C'
cpu.EIP = 0xf7fec2ae
cpu.EDX = 0x1
cpu.CF = True
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fec2b0], '\xd1')
self.assertEqual(mem[0xf7fec2ae], '\x0f')
self.assertEqual(mem[0xf7fec2af], 'C')
self.assertEqual(cpu.EIP, 4160668337)
self.assertEqual(cpu.EDX, 1)
self.assertEqual(cpu.ECX, 0)
def test_CMOVAE_12(self):
''' Instruction CMOVAE_12
Groups: cmov
0x8048431: cmovae cx, word ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0x08048431] = 'f'
mem[0x08048432] = '\x0f'
mem[0x08048433] = 'C'
mem[0x08048434] = 'M'
mem[0x08048435] = '\x00'
cpu.EIP = 0x8048431
cpu.CX = 0x6ff0
cpu.EBP = 0xffffb600
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0x8048431], 'f')
self.assertEqual(mem[0x8048432], '\x0f')
self.assertEqual(mem[0x8048433], 'C')
self.assertEqual(mem[0x8048434], 'M')
self.assertEqual(mem[0x8048435], '\x00')
self.assertEqual(cpu.EIP, 134513718)
self.assertEqual(cpu.CX, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_CMOVAE_2(self):
''' Instruction CMOVAE_2
Groups: cmov
0x8048439: cmovae ecx, dword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x08048439] = '\x0f'
mem[0x0804843a] = 'C'
mem[0x0804843b] = 'M'
mem[0x0804843c] = '\x00'
cpu.EIP = 0x8048439
cpu.EBP = 0xffffb600
cpu.CF = False
cpu.ECX = 0xe6fe6ff0
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x8048439], '\x0f')
self.assertEqual(mem[0x804843a], 'C')
self.assertEqual(mem[0x804843b], 'M')
self.assertEqual(mem[0x804843c], '\x00')
self.assertEqual(cpu.EIP, 134513725)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.ECX, 0)
def test_CMOVAE_3(self):
''' Instruction CMOVAE_3
Groups: cmov
0xf7fec1d5: cmovae eax, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec1d5] = '\x0f'
mem[0xf7fec1d6] = 'C'
mem[0xf7fec1d7] = '\xc1'
cpu.EIP = 0xf7fec1d5
cpu.EAX = 0x22
cpu.CF = False
cpu.ECX = 0x24
cpu.execute()
self.assertEqual(mem[0xf7fec1d5], '\x0f')
self.assertEqual(mem[0xf7fec1d6], 'C')
self.assertEqual(mem[0xf7fec1d7], '\xc1')
self.assertEqual(cpu.EIP, 4160668120)
self.assertEqual(cpu.ECX, 36)
self.assertEqual(cpu.EAX, 36)
def test_CMOVAE_4(self):
''' Instruction CMOVAE_4
Groups: cmov
0xf7fec2ae: cmovae edx, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec2b0] = '\xd1'
mem[0xf7fec2ae] = '\x0f'
mem[0xf7fec2af] = 'C'
cpu.EIP = 0xf7fec2ae
cpu.EDX = 0x1
cpu.CF = True
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fec2b0], '\xd1')
self.assertEqual(mem[0xf7fec2ae], '\x0f')
self.assertEqual(mem[0xf7fec2af], 'C')
self.assertEqual(cpu.EIP, 4160668337)
self.assertEqual(cpu.EDX, 1)
self.assertEqual(cpu.ECX, 0)
def test_CMOVAE_5(self):
''' Instruction CMOVAE_5
Groups: cmov
0xf7fec1d5: cmovae eax, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec1d5] = '\x0f'
mem[0xf7fec1d6] = 'C'
mem[0xf7fec1d7] = '\xc1'
cpu.EIP = 0xf7fec1d5
cpu.EAX = 0x24
cpu.CF = True
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fec1d5], '\x0f')
self.assertEqual(mem[0xf7fec1d6], 'C')
self.assertEqual(mem[0xf7fec1d7], '\xc1')
self.assertEqual(cpu.EIP, 4160668120)
self.assertEqual(cpu.ECX, 0)
self.assertEqual(cpu.EAX, 36)
def test_CMOVAE_6(self):
''' Instruction CMOVAE_6
Groups: cmov
0xf7fed76a: cmovae edx, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fed000, 0x1000, 'rwx')
mem[0xf7fed76a] = '\x0f'
mem[0xf7fed76b] = 'C'
mem[0xf7fed76c] = '\xd1'
cpu.EIP = 0xf7fed76a
cpu.EDX = 0x1
cpu.CF = True
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fed76a], '\x0f')
self.assertEqual(mem[0xf7fed76b], 'C')
self.assertEqual(mem[0xf7fed76c], '\xd1')
self.assertEqual(cpu.EIP, 4160673645)
self.assertEqual(cpu.EDX, 1)
self.assertEqual(cpu.ECX, 0)
def test_CMOVAE_7(self):
''' Instruction CMOVAE_7
Groups: cmov
0x804842d: cmovae cx, dx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem[0x08048430] = '\xca'
mem[0x0804842d] = 'f'
mem[0x0804842e] = '\x0f'
mem[0x0804842f] = 'C'
cpu.EIP = 0x804842d
cpu.CX = 0x0
cpu.CF = False
cpu.DX = 0x6ff0
cpu.execute()
self.assertEqual(mem[0x8048430], '\xca')
self.assertEqual(mem[0x804842d], 'f')
self.assertEqual(mem[0x804842e], '\x0f')
self.assertEqual(mem[0x804842f], 'C')
self.assertEqual(cpu.EIP, 134513713)
self.assertEqual(cpu.CX, 28656)
self.assertEqual(cpu.DX, 28656)
def test_CMOVAE_8(self):
''' Instruction CMOVAE_8
Groups: cmov
0xf7fec2ae: cmovae edx, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec2b0] = '\xd1'
mem[0xf7fec2ae] = '\x0f'
mem[0xf7fec2af] = 'C'
cpu.EIP = 0xf7fec2ae
cpu.EDX = 0x1
cpu.CF = False
cpu.ECX = 0x24
cpu.execute()
self.assertEqual(mem[0xf7fec2b0], '\xd1')
self.assertEqual(mem[0xf7fec2ae], '\x0f')
self.assertEqual(mem[0xf7fec2af], 'C')
self.assertEqual(cpu.EIP, 4160668337)
self.assertEqual(cpu.EDX, 36)
self.assertEqual(cpu.ECX, 36)
def test_CMOVAE_9(self):
''' Instruction CMOVAE_9
Groups: cmov
0x8048436: cmovae ecx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem[0x08048438] = '\xca'
mem[0x08048436] = '\x0f'
mem[0x08048437] = 'C'
cpu.EIP = 0x8048436
cpu.EDX = 0xe6fe6ff0
cpu.CF = False
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0x8048438], '\xca')
self.assertEqual(mem[0x8048436], '\x0f')
self.assertEqual(mem[0x8048437], 'C')
self.assertEqual(cpu.EIP, 134513721)
self.assertEqual(cpu.EDX, 3875434480)
self.assertEqual(cpu.ECX, 3875434480)
def test_CMOVA_1(self):
''' Instruction CMOVA_1
Groups: cmov
0xf7fe231d: cmova edx, dword ptr [ebp - 0x9c]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe2000, 0x1000, 'rwx')
mem.mmap(0xffffc000, 0x1000, 'rwx')
mem[0xf7fe231d] = '\x0f'
mem[0xf7fe231e] = 'G'
mem[0xf7fe231f] = '\x95'
mem[0xf7fe2320] = 'd'
mem[0xf7fe2321] = '\xff'
mem[0xf7fe2322] = '\xff'
mem[0xf7fe2323] = '\xff'
mem[0xffffcfec] = '|'
mem[0xffffcfed] = ':'
mem[0xffffcfee] = '\xfc'
mem[0xffffcfef] = '\xf7'
cpu.EIP = 0xf7fe231d
cpu.ZF = False
cpu.EBP = 0xffffd088
cpu.CF = True
cpu.EDX = 0xf7fc1000
cpu.execute()
self.assertEqual(mem[0xf7fe231d], '\x0f')
self.assertEqual(mem[0xf7fe231e], 'G')
self.assertEqual(mem[0xf7fe231f], '\x95')
self.assertEqual(mem[0xf7fe2320], 'd')
self.assertEqual(mem[0xf7fe2321], '\xff')
self.assertEqual(mem[0xf7fe2322], '\xff')
self.assertEqual(mem[0xf7fe2323], '\xff')
self.assertEqual(mem[0xffffcfec], '|')
self.assertEqual(mem[0xffffcfed], ':')
self.assertEqual(mem[0xffffcfee], '\xfc')
self.assertEqual(mem[0xffffcfef], '\xf7')
self.assertEqual(cpu.EIP, 4160627492)
self.assertEqual(cpu.EDX, 4160491520)
self.assertEqual(cpu.EBP, 4294955144)
def test_CMOVA_2(self):
''' Instruction CMOVA_2
Groups: cmov
0x804d67b: cmova cx, dx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x0804d67b] = 'f'
mem[0x0804d67c] = '\x0f'
mem[0x0804d67d] = 'G'
mem[0x0804d67e] = '\xca'
cpu.EIP = 0x804d67b
cpu.ZF = True
cpu.CX = 0x0
cpu.CF = False
cpu.DX = 0xffff
cpu.execute()
self.assertEqual(mem[0x804d67b], 'f')
self.assertEqual(mem[0x804d67c], '\x0f')
self.assertEqual(mem[0x804d67d], 'G')
self.assertEqual(mem[0x804d67e], '\xca')
self.assertEqual(cpu.EIP, 134534783)
self.assertEqual(cpu.CX, 0)
self.assertEqual(cpu.DX, 65535)
def test_CMOVA_3(self):
''' Instruction CMOVA_3
Groups: cmov
0x804d67f: cmova cx, word ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x0804d680] = '\x0f'
mem[0x0804d681] = 'G'
mem[0x0804d682] = 'M'
mem[0x0804d683] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb600] = '\x00'
mem[0x0804d67f] = 'f'
cpu.EIP = 0x804d67f
cpu.ZF = True
cpu.CX = 0x0
cpu.EBP = 0xffffb600
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0x804d680], '\x0f')
self.assertEqual(mem[0x804d681], 'G')
self.assertEqual(mem[0x804d682], 'M')
self.assertEqual(mem[0x804d683], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0x804d67f], 'f')
self.assertEqual(cpu.EIP, 134534788)
self.assertEqual(cpu.CX, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_CMOVA_4(self):
''' Instruction CMOVA_4
Groups: cmov
0x804d684: cmova ecx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x0804d684] = '\x0f'
mem[0x0804d685] = 'G'
mem[0x0804d686] = '\xca'
cpu.EIP = 0x804d684
cpu.ZF = True
cpu.CF = False
cpu.EDX = 0xffffffff
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0x804d684], '\x0f')
self.assertEqual(mem[0x804d685], 'G')
self.assertEqual(mem[0x804d686], '\xca')
self.assertEqual(cpu.EIP, 134534791)
self.assertEqual(cpu.EDX, 4294967295)
self.assertEqual(cpu.ECX, 0)
def test_CMOVA_5(self):
''' Instruction CMOVA_5
Groups: cmov
0x804d687: cmova ecx, dword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x0804d687] = '\x0f'
mem[0x0804d688] = 'G'
mem[0x0804d689] = 'M'
mem[0x0804d68a] = '\x00'
cpu.EIP = 0x804d687
cpu.ZF = True
cpu.EBP = 0xffffb600
cpu.CF = False
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x804d687], '\x0f')
self.assertEqual(mem[0x804d688], 'G')
self.assertEqual(mem[0x804d689], 'M')
self.assertEqual(mem[0x804d68a], '\x00')
self.assertEqual(cpu.EIP, 134534795)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.ECX, 0)
def test_CMOVBE_1(self):
''' Instruction CMOVBE_1
Groups: cmov
0x805988d: cmovbe cx, word ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\xf4'
mem[0xffffb601] = '\xc9'
mem[0x0805988d] = 'f'
mem[0x0805988e] = '\x0f'
mem[0x0805988f] = 'F'
mem[0x08059890] = 'M'
mem[0x08059891] = '\x00'
cpu.EIP = 0x805988d
cpu.ZF = False
cpu.CX = 0xc703
cpu.EBP = 0xffffb600
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\xf4')
self.assertEqual(mem[0xffffb601], '\xc9')
self.assertEqual(mem[0x805988d], 'f')
self.assertEqual(mem[0x805988e], '\x0f')
self.assertEqual(mem[0x805988f], 'F')
self.assertEqual(mem[0x8059890], 'M')
self.assertEqual(mem[0x8059891], '\x00')
self.assertEqual(cpu.EIP, 134584466)
self.assertEqual(cpu.CX, 50947)
self.assertEqual(cpu.EBP, 4294948352)
def test_CMOVBE_2(self):
''' Instruction CMOVBE_2
Groups: cmov
0x8059889: cmovbe cx, dx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x08059889] = 'f'
mem[0x0805988a] = '\x0f'
mem[0x0805988b] = 'F'
mem[0x0805988c] = '\xca'
cpu.EIP = 0x8059889
cpu.ZF = False
cpu.CX = 0xc703
cpu.CF = False
cpu.DX = 0xc8f8
cpu.execute()
self.assertEqual(mem[0x8059889], 'f')
self.assertEqual(mem[0x805988a], '\x0f')
self.assertEqual(mem[0x805988b], 'F')
self.assertEqual(mem[0x805988c], '\xca')
self.assertEqual(cpu.EIP, 134584461)
self.assertEqual(cpu.CX, 50947)
self.assertEqual(cpu.DX, 51448)
def test_CMOVBE_3(self):
''' Instruction CMOVBE_3
Groups: cmov
0x8059892: cmovbe ecx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x08059892] = '\x0f'
mem[0x08059893] = 'F'
mem[0x08059894] = '\xca'
cpu.EIP = 0x8059892
cpu.ZF = False
cpu.CF = False
cpu.EDX = 0xc8f8
cpu.ECX = 0xffffc703
cpu.execute()
self.assertEqual(mem[0x8059892], '\x0f')
self.assertEqual(mem[0x8059893], 'F')
self.assertEqual(mem[0x8059894], '\xca')
self.assertEqual(cpu.EIP, 134584469)
self.assertEqual(cpu.EDX, 51448)
self.assertEqual(cpu.ECX, 4294952707)
def test_CMOVBE_4(self):
''' Instruction CMOVBE_4
Groups: cmov
0xf7fe6d28: cmovbe edx, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe6d28] = '\x0f'
mem[0xf7fe6d29] = 'F'
mem[0xf7fe6d2a] = '\xd1'
cpu.EIP = 0xf7fe6d28
cpu.ZF = False
cpu.CF = False
cpu.EDX = 0x4e5
cpu.ECX = 0x542
cpu.execute()
self.assertEqual(mem[0xf7fe6d28], '\x0f')
self.assertEqual(mem[0xf7fe6d29], 'F')
self.assertEqual(mem[0xf7fe6d2a], '\xd1')
self.assertEqual(cpu.EIP, 4160646443)
self.assertEqual(cpu.EDX, 1253)
self.assertEqual(cpu.ECX, 1346)
def test_CMOVBE_5(self):
''' Instruction CMOVBE_5
Groups: cmov
0xf7fe6d28: cmovbe edx, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe6d28] = '\x0f'
mem[0xf7fe6d29] = 'F'
mem[0xf7fe6d2a] = '\xd1'
cpu.EIP = 0xf7fe6d28
cpu.ZF = False
cpu.CF = False
cpu.EDX = 0xb
cpu.ECX = 0xe
cpu.execute()
self.assertEqual(mem[0xf7fe6d28], '\x0f')
self.assertEqual(mem[0xf7fe6d29], 'F')
self.assertEqual(mem[0xf7fe6d2a], '\xd1')
self.assertEqual(cpu.EIP, 4160646443)
self.assertEqual(cpu.EDX, 11)
self.assertEqual(cpu.ECX, 14)
def test_CMOVBE_6(self):
''' Instruction CMOVBE_6
Groups: cmov
0xf7fe0a66: cmovbe eax, esi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe0000, 0x1000, 'rwx')
mem[0xf7fe0a68] = '\xc6'
mem[0xf7fe0a66] = '\x0f'
mem[0xf7fe0a67] = 'F'
cpu.EIP = 0xf7fe0a66
cpu.ZF = False
cpu.CF = False
cpu.ESI = 0xe
cpu.EAX = 0xb
cpu.execute()
self.assertEqual(mem[0xf7fe0a68], '\xc6')
self.assertEqual(mem[0xf7fe0a66], '\x0f')
self.assertEqual(mem[0xf7fe0a67], 'F')
self.assertEqual(cpu.EIP, 4160621161)
self.assertEqual(cpu.ESI, 14)
self.assertEqual(cpu.EAX, 11)
def test_CMOVBE_7(self):
''' Instruction CMOVBE_7
Groups: cmov
0x8059895: cmovbe ecx, dword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\xf4'
mem[0xffffb601] = '\xc9'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x08059895] = '\x0f'
mem[0x08059896] = 'F'
mem[0x08059897] = 'M'
mem[0x08059898] = '\x00'
cpu.EIP = 0x8059895
cpu.ZF = False
cpu.EBP = 0xffffb600
cpu.CF = False
cpu.ECX = 0xffffc703
cpu.execute()
self.assertEqual(mem[0xffffb600], '\xf4')
self.assertEqual(mem[0xffffb601], '\xc9')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x8059895], '\x0f')
self.assertEqual(mem[0x8059896], 'F')
self.assertEqual(mem[0x8059897], 'M')
self.assertEqual(mem[0x8059898], '\x00')
self.assertEqual(cpu.EIP, 134584473)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.ECX, 4294952707)
def test_CMOVB_1(self):
''' Instruction CMOVB_1
Groups: cmov
0xf7ff3e81: cmovb eax, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e81] = '\x0f'
mem[0xf7ff3e82] = 'B'
mem[0xf7ff3e83] = '\xc1'
cpu.EIP = 0xf7ff3e81
cpu.EAX = 0x1
cpu.CF = False
cpu.ECX = 0xffffffff
cpu.execute()
self.assertEqual(mem[0xf7ff3e81], '\x0f')
self.assertEqual(mem[0xf7ff3e82], 'B')
self.assertEqual(mem[0xf7ff3e83], '\xc1')
self.assertEqual(cpu.EIP, 4160700036)
self.assertEqual(cpu.ECX, 4294967295)
self.assertEqual(cpu.EAX, 1)
def test_CMOVB_10(self):
''' Instruction CMOVB_10
Groups: cmov
0xf7ff3e81: cmovb eax, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e81] = '\x0f'
mem[0xf7ff3e82] = 'B'
mem[0xf7ff3e83] = '\xc1'
cpu.EIP = 0xf7ff3e81
cpu.EAX = 0x1
cpu.CF = False
cpu.ECX = 0xffffffff
cpu.execute()
self.assertEqual(mem[0xf7ff3e81], '\x0f')
self.assertEqual(mem[0xf7ff3e82], 'B')
self.assertEqual(mem[0xf7ff3e83], '\xc1')
self.assertEqual(cpu.EIP, 4160700036)
self.assertEqual(cpu.ECX, 4294967295)
self.assertEqual(cpu.EAX, 1)
def test_CMOVB_11(self):
''' Instruction CMOVB_11
Groups: cmov
0xf7ff3e81: cmovb eax, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e81] = '\x0f'
mem[0xf7ff3e82] = 'B'
mem[0xf7ff3e83] = '\xc1'
cpu.EIP = 0xf7ff3e81
cpu.EAX = 0x1
cpu.CF = True
cpu.ECX = 0xffffffff
cpu.execute()
self.assertEqual(mem[0xf7ff3e81], '\x0f')
self.assertEqual(mem[0xf7ff3e82], 'B')
self.assertEqual(mem[0xf7ff3e83], '\xc1')
self.assertEqual(cpu.EIP, 4160700036)
self.assertEqual(cpu.ECX, 4294967295)
self.assertEqual(cpu.EAX, 4294967295)
def test_CMOVB_12(self):
''' Instruction CMOVB_12
Groups: cmov
0xf7ff3e81: cmovb eax, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e81] = '\x0f'
mem[0xf7ff3e82] = 'B'
mem[0xf7ff3e83] = '\xc1'
cpu.EIP = 0xf7ff3e81
cpu.EAX = 0x1
cpu.CF = False
cpu.ECX = 0xffffffff
cpu.execute()
self.assertEqual(mem[0xf7ff3e81], '\x0f')
self.assertEqual(mem[0xf7ff3e82], 'B')
self.assertEqual(mem[0xf7ff3e83], '\xc1')
self.assertEqual(cpu.EIP, 4160700036)
self.assertEqual(cpu.ECX, 4294967295)
self.assertEqual(cpu.EAX, 1)
def test_CMOVB_13(self):
''' Instruction CMOVB_13
Groups: cmov
0xf7fec2ce: cmovb ecx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec2d0] = '\xca'
mem[0xf7fec2ce] = '\x0f'
mem[0xf7fec2cf] = 'B'
cpu.EIP = 0xf7fec2ce
cpu.EDX = 0x9
cpu.CF = False
cpu.ECX = 0x24
cpu.execute()
self.assertEqual(mem[0xf7fec2d0], '\xca')
self.assertEqual(mem[0xf7fec2ce], '\x0f')
self.assertEqual(mem[0xf7fec2cf], 'B')
self.assertEqual(cpu.EIP, 4160668369)
self.assertEqual(cpu.EDX, 9)
self.assertEqual(cpu.ECX, 36)
def test_CMOVB_14(self):
''' Instruction CMOVB_14
Groups: cmov
0xf7ff3e81: cmovb eax, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e81] = '\x0f'
mem[0xf7ff3e82] = 'B'
mem[0xf7ff3e83] = '\xc1'
cpu.EIP = 0xf7ff3e81
cpu.EAX = 0x1
cpu.CF = False
cpu.ECX = 0xffffffff
cpu.execute()
self.assertEqual(mem[0xf7ff3e81], '\x0f')
self.assertEqual(mem[0xf7ff3e82], 'B')
self.assertEqual(mem[0xf7ff3e83], '\xc1')
self.assertEqual(cpu.EIP, 4160700036)
self.assertEqual(cpu.ECX, 4294967295)
self.assertEqual(cpu.EAX, 1)
def test_CMOVB_15(self):
''' Instruction CMOVB_15
Groups: cmov
0xf7ff3e81: cmovb eax, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e81] = '\x0f'
mem[0xf7ff3e82] = 'B'
mem[0xf7ff3e83] = '\xc1'
cpu.EIP = 0xf7ff3e81
cpu.EAX = 0x1
cpu.CF = False
cpu.ECX = 0xffffffff
cpu.execute()
self.assertEqual(mem[0xf7ff3e81], '\x0f')
self.assertEqual(mem[0xf7ff3e82], 'B')
self.assertEqual(mem[0xf7ff3e83], '\xc1')
self.assertEqual(cpu.EIP, 4160700036)
self.assertEqual(cpu.ECX, 4294967295)
self.assertEqual(cpu.EAX, 1)
def test_CMOVB_16(self):
''' Instruction CMOVB_16
Groups: cmov
0x804d68f: cmovb cx, word ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0x0804d68f] = 'f'
mem[0x0804d690] = '\x0f'
mem[0x0804d691] = 'B'
mem[0x0804d692] = 'M'
mem[0x0804d693] = '\x00'
cpu.EIP = 0x804d68f
cpu.CX = 0x0
cpu.EBP = 0xffffb600
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0x804d68f], 'f')
self.assertEqual(mem[0x804d690], '\x0f')
self.assertEqual(mem[0x804d691], 'B')
self.assertEqual(mem[0x804d692], 'M')
self.assertEqual(mem[0x804d693], '\x00')
self.assertEqual(cpu.EIP, 134534804)
self.assertEqual(cpu.CX, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_CMOVB_17(self):
''' Instruction CMOVB_17
Groups: cmov
0xf7fec2ce: cmovb ecx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec2d0] = '\xca'
mem[0xf7fec2ce] = '\x0f'
mem[0xf7fec2cf] = 'B'
cpu.EIP = 0xf7fec2ce
cpu.EDX = 0xc
cpu.CF = False
cpu.ECX = 0x24
cpu.execute()
self.assertEqual(mem[0xf7fec2d0], '\xca')
self.assertEqual(mem[0xf7fec2ce], '\x0f')
self.assertEqual(mem[0xf7fec2cf], 'B')
self.assertEqual(cpu.EIP, 4160668369)
self.assertEqual(cpu.EDX, 12)
self.assertEqual(cpu.ECX, 36)
def test_CMOVB_18(self):
''' Instruction CMOVB_18
Groups: cmov
0xf7fec2ce: cmovb ecx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec2d0] = '\xca'
mem[0xf7fec2ce] = '\x0f'
mem[0xf7fec2cf] = 'B'
cpu.EIP = 0xf7fec2ce
cpu.EDX = 0x12
cpu.CF = False
cpu.ECX = 0x24
cpu.execute()
self.assertEqual(mem[0xf7fec2d0], '\xca')
self.assertEqual(mem[0xf7fec2ce], '\x0f')
self.assertEqual(mem[0xf7fec2cf], 'B')
self.assertEqual(cpu.EIP, 4160668369)
self.assertEqual(cpu.EDX, 18)
self.assertEqual(cpu.ECX, 36)
def test_CMOVB_19(self):
''' Instruction CMOVB_19
Groups: cmov
0xf7fec2ce: cmovb ecx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec2d0] = '\xca'
mem[0xf7fec2ce] = '\x0f'
mem[0xf7fec2cf] = 'B'
cpu.EIP = 0xf7fec2ce
cpu.EDX = 0x4
cpu.CF = True
cpu.ECX = 0x3
cpu.execute()
self.assertEqual(mem[0xf7fec2d0], '\xca')
self.assertEqual(mem[0xf7fec2ce], '\x0f')
self.assertEqual(mem[0xf7fec2cf], 'B')
self.assertEqual(cpu.EIP, 4160668369)
self.assertEqual(cpu.EDX, 4)
self.assertEqual(cpu.ECX, 4)
def test_CMOVB_2(self):
''' Instruction CMOVB_2
Groups: cmov
0xf7fec2ce: cmovb ecx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec2d0] = '\xca'
mem[0xf7fec2ce] = '\x0f'
mem[0xf7fec2cf] = 'B'
cpu.EIP = 0xf7fec2ce
cpu.EDX = 0x1e
cpu.CF = False
cpu.ECX = 0x24
cpu.execute()
self.assertEqual(mem[0xf7fec2d0], '\xca')
self.assertEqual(mem[0xf7fec2ce], '\x0f')
self.assertEqual(mem[0xf7fec2cf], 'B')
self.assertEqual(cpu.EIP, 4160668369)
self.assertEqual(cpu.EDX, 30)
self.assertEqual(cpu.ECX, 36)
def test_CMOVB_20(self):
''' Instruction CMOVB_20
Groups: cmov
0xf7ff3e81: cmovb eax, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e81] = '\x0f'
mem[0xf7ff3e82] = 'B'
mem[0xf7ff3e83] = '\xc1'
cpu.EIP = 0xf7ff3e81
cpu.EAX = 0x1
cpu.CF = False
cpu.ECX = 0xffffffff
cpu.execute()
self.assertEqual(mem[0xf7ff3e81], '\x0f')
self.assertEqual(mem[0xf7ff3e82], 'B')
self.assertEqual(mem[0xf7ff3e83], '\xc1')
self.assertEqual(cpu.EIP, 4160700036)
self.assertEqual(cpu.ECX, 4294967295)
self.assertEqual(cpu.EAX, 1)
def test_CMOVB_21(self):
''' Instruction CMOVB_21
Groups: cmov
0xf7fec2ce: cmovb ecx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec2d0] = '\xca'
mem[0xf7fec2ce] = '\x0f'
mem[0xf7fec2cf] = 'B'
cpu.EIP = 0xf7fec2ce
cpu.EDX = 0x2
cpu.CF = True
cpu.ECX = 0x1
cpu.execute()
self.assertEqual(mem[0xf7fec2d0], '\xca')
self.assertEqual(mem[0xf7fec2ce], '\x0f')
self.assertEqual(mem[0xf7fec2cf], 'B')
self.assertEqual(cpu.EIP, 4160668369)
self.assertEqual(cpu.EDX, 2)
self.assertEqual(cpu.ECX, 2)
def test_CMOVB_3(self):
''' Instruction CMOVB_3
Groups: cmov
0xf7ff3e81: cmovb eax, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e81] = '\x0f'
mem[0xf7ff3e82] = 'B'
mem[0xf7ff3e83] = '\xc1'
cpu.EIP = 0xf7ff3e81
cpu.EAX = 0x1
cpu.CF = True
cpu.ECX = 0xffffffff
cpu.execute()
self.assertEqual(mem[0xf7ff3e81], '\x0f')
self.assertEqual(mem[0xf7ff3e82], 'B')
self.assertEqual(mem[0xf7ff3e83], '\xc1')
self.assertEqual(cpu.EIP, 4160700036)
self.assertEqual(cpu.ECX, 4294967295)
self.assertEqual(cpu.EAX, 4294967295)
def test_CMOVB_4(self):
''' Instruction CMOVB_4
Groups: cmov
0xf7ff3e81: cmovb eax, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e81] = '\x0f'
mem[0xf7ff3e82] = 'B'
mem[0xf7ff3e83] = '\xc1'
cpu.EIP = 0xf7ff3e81
cpu.EAX = 0x1
cpu.CF = False
cpu.ECX = 0xffffffff
cpu.execute()
self.assertEqual(mem[0xf7ff3e81], '\x0f')
self.assertEqual(mem[0xf7ff3e82], 'B')
self.assertEqual(mem[0xf7ff3e83], '\xc1')
self.assertEqual(cpu.EIP, 4160700036)
self.assertEqual(cpu.ECX, 4294967295)
self.assertEqual(cpu.EAX, 1)
def test_CMOVB_5(self):
''' Instruction CMOVB_5
Groups: cmov
0xf7fec2ce: cmovb ecx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec2d0] = '\xca'
mem[0xf7fec2ce] = '\x0f'
mem[0xf7fec2cf] = 'B'
cpu.EIP = 0xf7fec2ce
cpu.EDX = 0x20
cpu.CF = False
cpu.ECX = 0x24
cpu.execute()
self.assertEqual(mem[0xf7fec2d0], '\xca')
self.assertEqual(mem[0xf7fec2ce], '\x0f')
self.assertEqual(mem[0xf7fec2cf], 'B')
self.assertEqual(cpu.EIP, 4160668369)
self.assertEqual(cpu.EDX, 32)
self.assertEqual(cpu.ECX, 36)
def test_CMOVB_6(self):
''' Instruction CMOVB_6
Groups: cmov
0xf7fec2ce: cmovb ecx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec2d0] = '\xca'
mem[0xf7fec2ce] = '\x0f'
mem[0xf7fec2cf] = 'B'
cpu.EIP = 0xf7fec2ce
cpu.EDX = 0x8
cpu.CF = False
cpu.ECX = 0x24
cpu.execute()
self.assertEqual(mem[0xf7fec2d0], '\xca')
self.assertEqual(mem[0xf7fec2ce], '\x0f')
self.assertEqual(mem[0xf7fec2cf], 'B')
self.assertEqual(cpu.EIP, 4160668369)
self.assertEqual(cpu.EDX, 8)
self.assertEqual(cpu.ECX, 36)
def test_CMOVB_7(self):
''' Instruction CMOVB_7
Groups: cmov
0xf7ff3e81: cmovb eax, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e81] = '\x0f'
mem[0xf7ff3e82] = 'B'
mem[0xf7ff3e83] = '\xc1'
cpu.EIP = 0xf7ff3e81
cpu.EAX = 0x1
cpu.CF = False
cpu.ECX = 0xffffffff
cpu.execute()
self.assertEqual(mem[0xf7ff3e81], '\x0f')
self.assertEqual(mem[0xf7ff3e82], 'B')
self.assertEqual(mem[0xf7ff3e83], '\xc1')
self.assertEqual(cpu.EIP, 4160700036)
self.assertEqual(cpu.ECX, 4294967295)
self.assertEqual(cpu.EAX, 1)
def test_CMOVB_8(self):
''' Instruction CMOVB_8
Groups: cmov
0xf7ff3e81: cmovb eax, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e81] = '\x0f'
mem[0xf7ff3e82] = 'B'
mem[0xf7ff3e83] = '\xc1'
cpu.EIP = 0xf7ff3e81
cpu.EAX = 0x1
cpu.CF = False
cpu.ECX = 0xffffffff
cpu.execute()
self.assertEqual(mem[0xf7ff3e81], '\x0f')
self.assertEqual(mem[0xf7ff3e82], 'B')
self.assertEqual(mem[0xf7ff3e83], '\xc1')
self.assertEqual(cpu.EIP, 4160700036)
self.assertEqual(cpu.ECX, 4294967295)
self.assertEqual(cpu.EAX, 1)
def test_CMOVB_9(self):
''' Instruction CMOVB_9
Groups: cmov
0xf7fec2ce: cmovb ecx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec2d0] = '\xca'
mem[0xf7fec2ce] = '\x0f'
mem[0xf7fec2cf] = 'B'
cpu.EIP = 0xf7fec2ce
cpu.EDX = 0x1b
cpu.CF = False
cpu.ECX = 0x24
cpu.execute()
self.assertEqual(mem[0xf7fec2d0], '\xca')
self.assertEqual(mem[0xf7fec2ce], '\x0f')
self.assertEqual(mem[0xf7fec2cf], 'B')
self.assertEqual(cpu.EIP, 4160668369)
self.assertEqual(cpu.EDX, 27)
self.assertEqual(cpu.ECX, 36)
def test_CMOVE_1(self):
''' Instruction CMOVE_1
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = False
cpu.EDX = 0xf7fdaba8
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe72c0], '\xd0')
self.assertEqual(mem[0xf7fe72be], '\x0f')
self.assertEqual(mem[0xf7fe72bf], 'D')
self.assertEqual(cpu.EIP, 4160647873)
self.assertEqual(cpu.EDX, 4160596904)
self.assertEqual(cpu.EAX, 0)
def test_CMOVE_10(self):
''' Instruction CMOVE_10
Groups: cmov
0x804d62b: cmove cx, dx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x0804d62b] = 'f'
mem[0x0804d62c] = '\x0f'
mem[0x0804d62d] = 'D'
mem[0x0804d62e] = '\xca'
cpu.EIP = 0x804d62b
cpu.ZF = True
cpu.CX = 0x0
cpu.DX = 0xf0
cpu.execute()
self.assertEqual(mem[0x804d62b], 'f')
self.assertEqual(mem[0x804d62c], '\x0f')
self.assertEqual(mem[0x804d62d], 'D')
self.assertEqual(mem[0x804d62e], '\xca')
self.assertEqual(cpu.EIP, 134534703)
self.assertEqual(cpu.CX, 240)
self.assertEqual(cpu.DX, 240)
def test_CMOVE_11(self):
''' Instruction CMOVE_11
Groups: cmov
0x804d637: cmove ecx, dword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x0804d637] = '\x0f'
mem[0x0804d638] = 'D'
mem[0x0804d639] = 'M'
mem[0x0804d63a] = '\x00'
cpu.EIP = 0x804d637
cpu.ZF = True
cpu.EBP = 0xffffb600
cpu.ECX = 0xf0
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x804d637], '\x0f')
self.assertEqual(mem[0x804d638], 'D')
self.assertEqual(mem[0x804d639], 'M')
self.assertEqual(mem[0x804d63a], '\x00')
self.assertEqual(cpu.EIP, 134534715)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.ECX, 0)
def test_CMOVE_12(self):
''' Instruction CMOVE_12
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = False
cpu.EDX = 0xf7fdabf8
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe72c0], '\xd0')
self.assertEqual(mem[0xf7fe72be], '\x0f')
self.assertEqual(mem[0xf7fe72bf], 'D')
self.assertEqual(cpu.EIP, 4160647873)
self.assertEqual(cpu.EDX, 4160596984)
self.assertEqual(cpu.EAX, 0)
def test_CMOVE_13(self):
''' Instruction CMOVE_13
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = False
cpu.EDX = 0xf7fdadb8
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe72c0], '\xd0')
self.assertEqual(mem[0xf7fe72be], '\x0f')
self.assertEqual(mem[0xf7fe72bf], 'D')
self.assertEqual(cpu.EIP, 4160647873)
self.assertEqual(cpu.EDX, 4160597432)
self.assertEqual(cpu.EAX, 0)
def test_CMOVE_14(self):
''' Instruction CMOVE_14
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = False
cpu.EDX = 0xf7fdaba8
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe72c0], '\xd0')
self.assertEqual(mem[0xf7fe72be], '\x0f')
self.assertEqual(mem[0xf7fe72bf], 'D')
self.assertEqual(cpu.EIP, 4160647873)
self.assertEqual(cpu.EDX, 4160596904)
self.assertEqual(cpu.EAX, 0)
def test_CMOVE_15(self):
''' Instruction CMOVE_15
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = False
cpu.EDX = 0xf7fdabb8
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe72c0], '\xd0')
self.assertEqual(mem[0xf7fe72be], '\x0f')
self.assertEqual(mem[0xf7fe72bf], 'D')
self.assertEqual(cpu.EIP, 4160647873)
self.assertEqual(cpu.EDX, 4160596920)
self.assertEqual(cpu.EAX, 0)
def test_CMOVE_16(self):
''' Instruction CMOVE_16
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = False
cpu.EDX = 0xf7fdaba8
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe72c0], '\xd0')
self.assertEqual(mem[0xf7fe72be], '\x0f')
self.assertEqual(mem[0xf7fe72bf], 'D')
self.assertEqual(cpu.EIP, 4160647873)
self.assertEqual(cpu.EDX, 4160596904)
self.assertEqual(cpu.EAX, 0)
def test_CMOVE_17(self):
''' Instruction CMOVE_17
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = False
cpu.EDX = 0xf7fdadf8
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe72c0], '\xd0')
self.assertEqual(mem[0xf7fe72be], '\x0f')
self.assertEqual(mem[0xf7fe72bf], 'D')
self.assertEqual(cpu.EIP, 4160647873)
self.assertEqual(cpu.EDX, 4160597496)
self.assertEqual(cpu.EAX, 0)
def test_CMOVE_18(self):
''' Instruction CMOVE_18
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = False
cpu.EDX = 0xf7fdaba8
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe72c0], '\xd0')
self.assertEqual(mem[0xf7fe72be], '\x0f')
self.assertEqual(mem[0xf7fe72bf], 'D')
self.assertEqual(cpu.EIP, 4160647873)
self.assertEqual(cpu.EDX, 4160596904)
self.assertEqual(cpu.EAX, 0)
def test_CMOVE_19(self):
''' Instruction CMOVE_19
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = False
cpu.EDX = 0xf7fdabb8
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe72c0], '\xd0')
self.assertEqual(mem[0xf7fe72be], '\x0f')
self.assertEqual(mem[0xf7fe72bf], 'D')
self.assertEqual(cpu.EIP, 4160647873)
self.assertEqual(cpu.EDX, 4160596920)
self.assertEqual(cpu.EAX, 0)
def test_CMOVE_2(self):
''' Instruction CMOVE_2
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = False
cpu.EDX = 0xf7fdaba8
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe72c0], '\xd0')
self.assertEqual(mem[0xf7fe72be], '\x0f')
self.assertEqual(mem[0xf7fe72bf], 'D')
self.assertEqual(cpu.EIP, 4160647873)
self.assertEqual(cpu.EDX, 4160596904)
self.assertEqual(cpu.EAX, 0)
def test_CMOVE_20(self):
''' Instruction CMOVE_20
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = False
cpu.EDX = 0xf7fdadf8
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe72c0], '\xd0')
self.assertEqual(mem[0xf7fe72be], '\x0f')
self.assertEqual(mem[0xf7fe72bf], 'D')
self.assertEqual(cpu.EIP, 4160647873)
self.assertEqual(cpu.EDX, 4160597496)
self.assertEqual(cpu.EAX, 0)
def test_CMOVE_21(self):
''' Instruction CMOVE_21
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = False
cpu.EDX = 0xf7fdaba8
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe72c0], '\xd0')
self.assertEqual(mem[0xf7fe72be], '\x0f')
self.assertEqual(mem[0xf7fe72bf], 'D')
self.assertEqual(cpu.EIP, 4160647873)
self.assertEqual(cpu.EDX, 4160596904)
self.assertEqual(cpu.EAX, 0)
def test_CMOVE_3(self):
''' Instruction CMOVE_3
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = False
cpu.EDX = 0xf7fdaba8
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe72c0], '\xd0')
self.assertEqual(mem[0xf7fe72be], '\x0f')
self.assertEqual(mem[0xf7fe72bf], 'D')
self.assertEqual(cpu.EIP, 4160647873)
self.assertEqual(cpu.EDX, 4160596904)
self.assertEqual(cpu.EAX, 0)
def test_CMOVE_4(self):
''' Instruction CMOVE_4
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = False
cpu.EDX = 0xf7fdaba8
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe72c0], '\xd0')
self.assertEqual(mem[0xf7fe72be], '\x0f')
self.assertEqual(mem[0xf7fe72bf], 'D')
self.assertEqual(cpu.EIP, 4160647873)
self.assertEqual(cpu.EDX, 4160596904)
self.assertEqual(cpu.EAX, 0)
def test_CMOVE_5(self):
''' Instruction CMOVE_5
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = False
cpu.EDX = 0xf7fdae38
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe72c0], '\xd0')
self.assertEqual(mem[0xf7fe72be], '\x0f')
self.assertEqual(mem[0xf7fe72bf], 'D')
self.assertEqual(cpu.EIP, 4160647873)
self.assertEqual(cpu.EDX, 4160597560)
self.assertEqual(cpu.EAX, 0)
def test_CMOVE_6(self):
''' Instruction CMOVE_6
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = False
cpu.EDX = 0xf7fdaba8
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe72c0], '\xd0')
self.assertEqual(mem[0xf7fe72be], '\x0f')
self.assertEqual(mem[0xf7fe72bf], 'D')
self.assertEqual(cpu.EIP, 4160647873)
self.assertEqual(cpu.EDX, 4160596904)
self.assertEqual(cpu.EAX, 0)
def test_CMOVE_7(self):
''' Instruction CMOVE_7
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = False
cpu.EDX = 0xf7fdaba8
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe72c0], '\xd0')
self.assertEqual(mem[0xf7fe72be], '\x0f')
self.assertEqual(mem[0xf7fe72bf], 'D')
self.assertEqual(cpu.EIP, 4160647873)
self.assertEqual(cpu.EDX, 4160596904)
self.assertEqual(cpu.EAX, 0)
def test_CMOVE_8(self):
''' Instruction CMOVE_8
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = False
cpu.EDX = 0xf7fdabb8
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe72c0], '\xd0')
self.assertEqual(mem[0xf7fe72be], '\x0f')
self.assertEqual(mem[0xf7fe72bf], 'D')
self.assertEqual(cpu.EIP, 4160647873)
self.assertEqual(cpu.EDX, 4160596920)
self.assertEqual(cpu.EAX, 0)
def test_CMOVE_9(self):
''' Instruction CMOVE_9
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = False
cpu.EDX = 0xf7fdabf8
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe72c0], '\xd0')
self.assertEqual(mem[0xf7fe72be], '\x0f')
self.assertEqual(mem[0xf7fe72bf], 'D')
self.assertEqual(cpu.EIP, 4160647873)
self.assertEqual(cpu.EDX, 4160596984)
self.assertEqual(cpu.EAX, 0)
def test_CMOVGE_1(self):
''' Instruction CMOVGE_1
Groups: cmov
0x8079470: cmovge ecx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079470] = '\x0f'
mem[0x08079471] = 'M'
mem[0x08079472] = '\xca'
cpu.EIP = 0x8079470
cpu.EDX = 0x0
cpu.SF = True
cpu.OF = False
cpu.ECX = 0xfe8f0085
cpu.execute()
self.assertEqual(mem[0x8079470], '\x0f')
self.assertEqual(mem[0x8079471], 'M')
self.assertEqual(mem[0x8079472], '\xca')
self.assertEqual(cpu.EIP, 134714483)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.ECX, 4270784645)
def test_CMOVGE_2(self):
''' Instruction CMOVGE_2
Groups: cmov
0x8079473: cmovge ecx, dword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x08079474] = 'M'
mem[0x08079473] = '\x0f'
mem[0x08079476] = '\x00'
mem[0x08079475] = 'M'
cpu.EIP = 0x8079473
cpu.EBP = 0xffffb600
cpu.SF = True
cpu.OF = False
cpu.ECX = 0xfe8f0085
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x8079474], 'M')
self.assertEqual(mem[0x8079473], '\x0f')
self.assertEqual(mem[0x8079476], '\x00')
self.assertEqual(mem[0x8079475], 'M')
self.assertEqual(cpu.EIP, 134714487)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.ECX, 4270784645)
def test_CMOVGE_3(self):
''' Instruction CMOVGE_3
Groups: cmov
0x807946b: cmovge cx, word ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0x0807946b] = 'f'
mem[0x0807946c] = '\x0f'
mem[0x0807946d] = 'M'
mem[0x0807946e] = 'M'
mem[0x0807946f] = '\x00'
cpu.EIP = 0x807946b
cpu.CX = 0x85
cpu.EBP = 0xffffb600
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0x807946b], 'f')
self.assertEqual(mem[0x807946c], '\x0f')
self.assertEqual(mem[0x807946d], 'M')
self.assertEqual(mem[0x807946e], 'M')
self.assertEqual(mem[0x807946f], '\x00')
self.assertEqual(cpu.EIP, 134714480)
self.assertEqual(cpu.CX, 133)
self.assertEqual(cpu.EBP, 4294948352)
def test_CMOVGE_4(self):
''' Instruction CMOVGE_4
Groups: cmov
0x8079467: cmovge cx, dx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079468] = '\x0f'
mem[0x08079469] = 'M'
mem[0x0807946a] = '\xca'
mem[0x08079467] = 'f'
cpu.EIP = 0x8079467
cpu.CX = 0x85
cpu.SF = True
cpu.DX = 0x0
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079468], '\x0f')
self.assertEqual(mem[0x8079469], 'M')
self.assertEqual(mem[0x807946a], '\xca')
self.assertEqual(mem[0x8079467], 'f')
self.assertEqual(cpu.EIP, 134714475)
self.assertEqual(cpu.CX, 133)
self.assertEqual(cpu.DX, 0)
def test_CMOVG_1(self):
''' Instruction CMOVG_1
Groups: cmov
0x804d69b: cmovg cx, dx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x0804d69b] = 'f'
mem[0x0804d69c] = '\x0f'
mem[0x0804d69d] = 'O'
mem[0x0804d69e] = '\xca'
cpu.EIP = 0x804d69b
cpu.OF = False
cpu.ZF = True
cpu.CX = 0x0
cpu.DX = 0xffff
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x804d69b], 'f')
self.assertEqual(mem[0x804d69c], '\x0f')
self.assertEqual(mem[0x804d69d], 'O')
self.assertEqual(mem[0x804d69e], '\xca')
self.assertEqual(cpu.EIP, 134534815)
self.assertEqual(cpu.CX, 0)
self.assertEqual(cpu.DX, 65535)
def test_CMOVG_2(self):
''' Instruction CMOVG_2
Groups: cmov
0x804d6a7: cmovg ecx, dword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x0804d6a7] = '\x0f'
mem[0x0804d6a8] = 'O'
mem[0x0804d6a9] = 'M'
mem[0x0804d6aa] = '\x00'
cpu.EIP = 0x804d6a7
cpu.OF = False
cpu.ZF = True
cpu.EBP = 0xffffb600
cpu.SF = False
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x804d6a7], '\x0f')
self.assertEqual(mem[0x804d6a8], 'O')
self.assertEqual(mem[0x804d6a9], 'M')
self.assertEqual(mem[0x804d6aa], '\x00')
self.assertEqual(cpu.EIP, 134534827)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.ECX, 0)
def test_CMOVG_3(self):
''' Instruction CMOVG_3
Groups: cmov
0x804d6a4: cmovg ecx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x0804d6a4] = '\x0f'
mem[0x0804d6a5] = 'O'
mem[0x0804d6a6] = '\xca'
cpu.EIP = 0x804d6a4
cpu.OF = False
cpu.ZF = True
cpu.EDX = 0xffffffff
cpu.SF = False
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0x804d6a4], '\x0f')
self.assertEqual(mem[0x804d6a5], 'O')
self.assertEqual(mem[0x804d6a6], '\xca')
self.assertEqual(cpu.EIP, 134534823)
self.assertEqual(cpu.EDX, 4294967295)
self.assertEqual(cpu.ECX, 0)
def test_CMOVG_4(self):
''' Instruction CMOVG_4
Groups: cmov
0x804d69f: cmovg cx, word ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x0804d6a0] = '\x0f'
mem[0x0804d6a1] = 'O'
mem[0x0804d6a2] = 'M'
mem[0x0804d6a3] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb600] = '\x00'
mem[0x0804d69f] = 'f'
cpu.EIP = 0x804d69f
cpu.OF = False
cpu.ZF = True
cpu.CX = 0x0
cpu.EBP = 0xffffb600
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x804d6a0], '\x0f')
self.assertEqual(mem[0x804d6a1], 'O')
self.assertEqual(mem[0x804d6a2], 'M')
self.assertEqual(mem[0x804d6a3], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0x804d69f], 'f')
self.assertEqual(cpu.EIP, 134534820)
self.assertEqual(cpu.CX, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_CMOVLE_1(self):
''' Instruction CMOVLE_1
Groups: cmov
0x80702ea: cmovle cx, dx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x080702ea] = 'f'
mem[0x080702eb] = '\x0f'
mem[0x080702ec] = 'N'
mem[0x080702ed] = '\xca'
cpu.EIP = 0x80702ea
cpu.OF = False
cpu.ZF = True
cpu.CX = 0xb600
cpu.DX = 0xfa
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x80702ea], 'f')
self.assertEqual(mem[0x80702eb], '\x0f')
self.assertEqual(mem[0x80702ec], 'N')
self.assertEqual(mem[0x80702ed], '\xca')
self.assertEqual(cpu.EIP, 134677230)
self.assertEqual(cpu.CX, 250)
self.assertEqual(cpu.DX, 250)
def test_CMOVLE_2(self):
''' Instruction CMOVLE_2
Groups: cmov
0x80702f6: cmovle ecx, dword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x85'
mem[0xffffb602] = '\xe1'
mem[0xffffb603] = '\x01'
mem[0x080702f6] = '\x0f'
mem[0x080702f7] = 'N'
mem[0x080702f8] = 'M'
mem[0x080702f9] = '\x00'
cpu.EIP = 0x80702f6
cpu.OF = False
cpu.ZF = True
cpu.EBP = 0xffffb600
cpu.SF = False
cpu.ECX = 0xfa
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x85')
self.assertEqual(mem[0xffffb602], '\xe1')
self.assertEqual(mem[0xffffb603], '\x01')
self.assertEqual(mem[0x80702f6], '\x0f')
self.assertEqual(mem[0x80702f7], 'N')
self.assertEqual(mem[0x80702f8], 'M')
self.assertEqual(mem[0x80702f9], '\x00')
self.assertEqual(cpu.EIP, 134677242)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.ECX, 31556864)
def test_CMOVLE_3(self):
''' Instruction CMOVLE_3
Groups: cmov
0x80702ee: cmovle cx, word ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x85'
mem[0x080702ee] = 'f'
mem[0x080702ef] = '\x0f'
mem[0x080702f0] = 'N'
mem[0x080702f1] = 'M'
mem[0x080702f2] = '\x00'
cpu.EIP = 0x80702ee
cpu.OF = False
cpu.ZF = True
cpu.CX = 0xfa
cpu.EBP = 0xffffb600
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x85')
self.assertEqual(mem[0x80702ee], 'f')
self.assertEqual(mem[0x80702ef], '\x0f')
self.assertEqual(mem[0x80702f0], 'N')
self.assertEqual(mem[0x80702f1], 'M')
self.assertEqual(mem[0x80702f2], '\x00')
self.assertEqual(cpu.EIP, 134677235)
self.assertEqual(cpu.CX, 34048)
self.assertEqual(cpu.EBP, 4294948352)
def test_CMOVLE_4(self):
''' Instruction CMOVLE_4
Groups: cmov
0x80702f3: cmovle ecx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x080702f3] = '\x0f'
mem[0x080702f4] = 'N'
mem[0x080702f5] = '\xca'
cpu.EIP = 0x80702f3
cpu.OF = False
cpu.ZF = True
cpu.EDX = 0xfa
cpu.SF = False
cpu.ECX = 0xffff8500
cpu.execute()
self.assertEqual(mem[0x80702f3], '\x0f')
self.assertEqual(mem[0x80702f4], 'N')
self.assertEqual(mem[0x80702f5], '\xca')
self.assertEqual(cpu.EIP, 134677238)
self.assertEqual(cpu.EDX, 250)
self.assertEqual(cpu.ECX, 250)
def test_CMOVL_1(self):
''' Instruction CMOVL_1
Groups: cmov
0x804d64d: cmovl cx, dx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x0804d650] = '\xca'
mem[0x0804d64d] = 'f'
mem[0x0804d64e] = '\x0f'
mem[0x0804d64f] = 'L'
cpu.EIP = 0x804d64d
cpu.CX = 0x0
cpu.SF = False
cpu.DX = 0xffff
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x804d650], '\xca')
self.assertEqual(mem[0x804d64d], 'f')
self.assertEqual(mem[0x804d64e], '\x0f')
self.assertEqual(mem[0x804d64f], 'L')
self.assertEqual(cpu.EIP, 134534737)
self.assertEqual(cpu.CX, 0)
self.assertEqual(cpu.DX, 65535)
def test_CMOVL_2(self):
''' Instruction CMOVL_2
Groups: cmov
0x804d656: cmovl ecx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x0804d658] = '\xca'
mem[0x0804d656] = '\x0f'
mem[0x0804d657] = 'L'
cpu.EIP = 0x804d656
cpu.EDX = 0xffffffff
cpu.SF = False
cpu.OF = False
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0x804d658], '\xca')
self.assertEqual(mem[0x804d656], '\x0f')
self.assertEqual(mem[0x804d657], 'L')
self.assertEqual(cpu.EIP, 134534745)
self.assertEqual(cpu.EDX, 4294967295)
self.assertEqual(cpu.ECX, 0)
def test_CMOVL_3(self):
''' Instruction CMOVL_3
Groups: cmov
0x804d659: cmovl ecx, dword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x0804d659] = '\x0f'
mem[0x0804d65a] = 'L'
mem[0x0804d65b] = 'M'
mem[0x0804d65c] = '\x00'
cpu.EIP = 0x804d659
cpu.EBP = 0xffffb600
cpu.SF = False
cpu.OF = False
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x804d659], '\x0f')
self.assertEqual(mem[0x804d65a], 'L')
self.assertEqual(mem[0x804d65b], 'M')
self.assertEqual(mem[0x804d65c], '\x00')
self.assertEqual(cpu.EIP, 134534749)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.ECX, 0)
def test_CMOVL_4(self):
''' Instruction CMOVL_4
Groups: cmov
0x804d651: cmovl cx, word ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0x0804d651] = 'f'
mem[0x0804d652] = '\x0f'
mem[0x0804d653] = 'L'
mem[0x0804d654] = 'M'
mem[0x0804d655] = '\x00'
cpu.EIP = 0x804d651
cpu.CX = 0x0
cpu.EBP = 0xffffb600
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0x804d651], 'f')
self.assertEqual(mem[0x804d652], '\x0f')
self.assertEqual(mem[0x804d653], 'L')
self.assertEqual(mem[0x804d654], 'M')
self.assertEqual(mem[0x804d655], '\x00')
self.assertEqual(cpu.EIP, 134534742)
self.assertEqual(cpu.CX, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_CMOVNE_1(self):
''' Instruction CMOVNE_1
Groups: cmov
0xf7fe211a: cmovne ecx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe2000, 0x1000, 'rwx')
mem[0xf7fe211a] = '\x0f'
mem[0xf7fe211b] = 'E'
mem[0xf7fe211c] = '\xca'
cpu.EIP = 0xf7fe211a
cpu.ZF = False
cpu.EDX = 0x1
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe211a], '\x0f')
self.assertEqual(mem[0xf7fe211b], 'E')
self.assertEqual(mem[0xf7fe211c], '\xca')
self.assertEqual(cpu.EIP, 4160626973)
self.assertEqual(cpu.EDX, 1)
self.assertEqual(cpu.ECX, 1)
def test_CMOVNE_10(self):
''' Instruction CMOVNE_10
Groups: cmov
0xf7fe99a0: cmovne eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe99a0] = '\x0f'
mem[0xf7fe99a1] = 'E'
mem[0xf7fe99a2] = '\xc2'
cpu.EIP = 0xf7fe99a0
cpu.ZF = True
cpu.EDX = 0x0
cpu.EAX = 0x4008000
cpu.execute()
self.assertEqual(mem[0xf7fe99a0], '\x0f')
self.assertEqual(mem[0xf7fe99a1], 'E')
self.assertEqual(mem[0xf7fe99a2], '\xc2')
self.assertEqual(cpu.EIP, 4160657827)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.EAX, 67141632)
def test_CMOVNE_11(self):
''' Instruction CMOVNE_11
Groups: cmov
0xf7fe99a0: cmovne eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe99a0] = '\x0f'
mem[0xf7fe99a1] = 'E'
mem[0xf7fe99a2] = '\xc2'
cpu.EIP = 0xf7fe99a0
cpu.ZF = True
cpu.EDX = 0x0
cpu.EAX = 0x8010
cpu.execute()
self.assertEqual(mem[0xf7fe99a0], '\x0f')
self.assertEqual(mem[0xf7fe99a1], 'E')
self.assertEqual(mem[0xf7fe99a2], '\xc2')
self.assertEqual(cpu.EIP, 4160657827)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.EAX, 32784)
def test_CMOVNE_12(self):
''' Instruction CMOVNE_12
Groups: cmov
0xf7fe99a0: cmovne eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe99a0] = '\x0f'
mem[0xf7fe99a1] = 'E'
mem[0xf7fe99a2] = '\xc2'
cpu.EIP = 0xf7fe99a0
cpu.ZF = True
cpu.EDX = 0x0
cpu.EAX = 0x20
cpu.execute()
self.assertEqual(mem[0xf7fe99a0], '\x0f')
self.assertEqual(mem[0xf7fe99a1], 'E')
self.assertEqual(mem[0xf7fe99a2], '\xc2')
self.assertEqual(cpu.EIP, 4160657827)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.EAX, 32)
def test_CMOVNE_13(self):
''' Instruction CMOVNE_13
Groups: cmov
0xf7fe99a0: cmovne eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe99a0] = '\x0f'
mem[0xf7fe99a1] = 'E'
mem[0xf7fe99a2] = '\xc2'
cpu.EIP = 0xf7fe99a0
cpu.ZF = True
cpu.EDX = 0x0
cpu.EAX = 0x1002000
cpu.execute()
self.assertEqual(mem[0xf7fe99a0], '\x0f')
self.assertEqual(mem[0xf7fe99a1], 'E')
self.assertEqual(mem[0xf7fe99a2], '\xc2')
self.assertEqual(cpu.EIP, 4160657827)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.EAX, 16785408)
def test_CMOVNE_14(self):
''' Instruction CMOVNE_14
Groups: cmov
0xf7fe686d: cmovne ebp, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe686d] = '\x0f'
mem[0xf7fe686e] = 'E'
mem[0xf7fe686f] = '\xe8'
cpu.EIP = 0xf7fe686d
cpu.ZF = False
cpu.EBP = 0x0
cpu.EAX = 0x10
cpu.execute()
self.assertEqual(mem[0xf7fe686d], '\x0f')
self.assertEqual(mem[0xf7fe686e], 'E')
self.assertEqual(mem[0xf7fe686f], '\xe8')
self.assertEqual(cpu.EIP, 4160645232)
self.assertEqual(cpu.EBP, 16)
self.assertEqual(cpu.EAX, 16)
def test_CMOVNE_15(self):
''' Instruction CMOVNE_15
Groups: cmov
0xf7fe66d5: cmovne eax, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe66d5] = '\x0f'
mem[0xf7fe66d6] = 'E'
mem[0xf7fe66d7] = '\xc1'
cpu.EIP = 0xf7fe66d5
cpu.ZF = False
cpu.EAX = 0xf7fdaacd
cpu.ECX = 0xf7fda838
cpu.execute()
self.assertEqual(mem[0xf7fe66d5], '\x0f')
self.assertEqual(mem[0xf7fe66d6], 'E')
self.assertEqual(mem[0xf7fe66d7], '\xc1')
self.assertEqual(cpu.EIP, 4160644824)
self.assertEqual(cpu.ECX, 4160596024)
self.assertEqual(cpu.EAX, 4160596024)
def test_CMOVNE_16(self):
''' Instruction CMOVNE_16
Groups: cmov
0xf7fe66d5: cmovne eax, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe66d5] = '\x0f'
mem[0xf7fe66d6] = 'E'
mem[0xf7fe66d7] = '\xc1'
cpu.EIP = 0xf7fe66d5
cpu.ZF = True
cpu.EAX = 0xf7ffdc24
cpu.ECX = 0xf7ff5844
cpu.execute()
self.assertEqual(mem[0xf7fe66d5], '\x0f')
self.assertEqual(mem[0xf7fe66d6], 'E')
self.assertEqual(mem[0xf7fe66d7], '\xc1')
self.assertEqual(cpu.EIP, 4160644824)
self.assertEqual(cpu.ECX, 4160706628)
self.assertEqual(cpu.EAX, 4160740388)
def test_CMOVNE_17(self):
''' Instruction CMOVNE_17
Groups: cmov
0xf7fe99a0: cmovne eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe99a0] = '\x0f'
mem[0xf7fe99a1] = 'E'
mem[0xf7fe99a2] = '\xc2'
cpu.EIP = 0xf7fe99a0
cpu.ZF = True
cpu.EDX = 0x0
cpu.EAX = 0x40080
cpu.execute()
self.assertEqual(mem[0xf7fe99a0], '\x0f')
self.assertEqual(mem[0xf7fe99a1], 'E')
self.assertEqual(mem[0xf7fe99a2], '\xc2')
self.assertEqual(cpu.EIP, 4160657827)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.EAX, 262272)
def test_CMOVNE_18(self):
''' Instruction CMOVNE_18
Groups: cmov
0xf7fe99a0: cmovne eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe99a0] = '\x0f'
mem[0xf7fe99a1] = 'E'
mem[0xf7fe99a2] = '\xc2'
cpu.EIP = 0xf7fe99a0
cpu.ZF = True
cpu.EDX = 0x0
cpu.EAX = 0x801
cpu.execute()
self.assertEqual(mem[0xf7fe99a0], '\x0f')
self.assertEqual(mem[0xf7fe99a1], 'E')
self.assertEqual(mem[0xf7fe99a2], '\xc2')
self.assertEqual(cpu.EIP, 4160657827)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.EAX, 2049)
def test_CMOVNE_19(self):
''' Instruction CMOVNE_19
Groups: cmov
0xf7fe99a0: cmovne eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe99a0] = '\x0f'
mem[0xf7fe99a1] = 'E'
mem[0xf7fe99a2] = '\xc2'
cpu.EIP = 0xf7fe99a0
cpu.ZF = True
cpu.EDX = 0x0
cpu.EAX = 0x4
cpu.execute()
self.assertEqual(mem[0xf7fe99a0], '\x0f')
self.assertEqual(mem[0xf7fe99a1], 'E')
self.assertEqual(mem[0xf7fe99a2], '\xc2')
self.assertEqual(cpu.EIP, 4160657827)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.EAX, 4)
def test_CMOVNE_2(self):
''' Instruction CMOVNE_2
Groups: cmov
0x80794b9: cmovne ecx, dword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x01'
mem[0xffffb601] = '\x03'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x080794b9] = '\x0f'
mem[0x080794ba] = 'E'
mem[0x080794bb] = 'M'
mem[0x080794bc] = '\x00'
cpu.EIP = 0x80794b9
cpu.ZF = False
cpu.EBP = 0xffffb600
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x01')
self.assertEqual(mem[0xffffb601], '\x03')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x80794b9], '\x0f')
self.assertEqual(mem[0x80794ba], 'E')
self.assertEqual(mem[0x80794bb], 'M')
self.assertEqual(mem[0x80794bc], '\x00')
self.assertEqual(cpu.EIP, 134714557)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.ECX, 769)
def test_CMOVNE_20(self):
''' Instruction CMOVNE_20
Groups: cmov
0xf7fe99a0: cmovne eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe99a0] = '\x0f'
mem[0xf7fe99a1] = 'E'
mem[0xf7fe99a2] = '\xc2'
cpu.EIP = 0xf7fe99a0
cpu.ZF = True
cpu.EDX = 0x0
cpu.EAX = 0x2004000
cpu.execute()
self.assertEqual(mem[0xf7fe99a0], '\x0f')
self.assertEqual(mem[0xf7fe99a1], 'E')
self.assertEqual(mem[0xf7fe99a2], '\xc2')
self.assertEqual(cpu.EIP, 4160657827)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.EAX, 33570816)
def test_CMOVNE_21(self):
''' Instruction CMOVNE_21
Groups: cmov
0x80794ad: cmovne cx, dx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x080794b0] = '\xca'
mem[0x080794ad] = 'f'
mem[0x080794ae] = '\x0f'
mem[0x080794af] = 'E'
cpu.EIP = 0x80794ad
cpu.ZF = False
cpu.CX = 0x1
cpu.DX = 0x0
cpu.execute()
self.assertEqual(mem[0x80794b0], '\xca')
self.assertEqual(mem[0x80794ad], 'f')
self.assertEqual(mem[0x80794ae], '\x0f')
self.assertEqual(mem[0x80794af], 'E')
self.assertEqual(cpu.EIP, 134714545)
self.assertEqual(cpu.CX, 0)
self.assertEqual(cpu.DX, 0)
def test_CMOVNE_3(self):
''' Instruction CMOVNE_3
Groups: cmov
0xf7fe99a0: cmovne eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe99a0] = '\x0f'
mem[0xf7fe99a1] = 'E'
mem[0xf7fe99a2] = '\xc2'
cpu.EIP = 0xf7fe99a0
cpu.ZF = True
cpu.EDX = 0x0
cpu.EAX = 0x10
cpu.execute()
self.assertEqual(mem[0xf7fe99a0], '\x0f')
self.assertEqual(mem[0xf7fe99a1], 'E')
self.assertEqual(mem[0xf7fe99a2], '\xc2')
self.assertEqual(cpu.EIP, 4160657827)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.EAX, 16)
def test_CMOVNE_4(self):
''' Instruction CMOVNE_4
Groups: cmov
0xf7fe99a0: cmovne eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe99a0] = '\x0f'
mem[0xf7fe99a1] = 'E'
mem[0xf7fe99a2] = '\xc2'
cpu.EIP = 0xf7fe99a0
cpu.ZF = True
cpu.EDX = 0x0
cpu.EAX = 0x40
cpu.execute()
self.assertEqual(mem[0xf7fe99a0], '\x0f')
self.assertEqual(mem[0xf7fe99a1], 'E')
self.assertEqual(mem[0xf7fe99a2], '\xc2')
self.assertEqual(cpu.EIP, 4160657827)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.EAX, 64)
def test_CMOVNE_5(self):
''' Instruction CMOVNE_5
Groups: cmov
0xf7fe99a0: cmovne eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe99a0] = '\x0f'
mem[0xf7fe99a1] = 'E'
mem[0xf7fe99a2] = '\xc2'
cpu.EIP = 0xf7fe99a0
cpu.ZF = True
cpu.EDX = 0x0
cpu.EAX = 0x1
cpu.execute()
self.assertEqual(mem[0xf7fe99a0], '\x0f')
self.assertEqual(mem[0xf7fe99a1], 'E')
self.assertEqual(mem[0xf7fe99a2], '\xc2')
self.assertEqual(cpu.EIP, 4160657827)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.EAX, 1)
def test_CMOVNE_6(self):
''' Instruction CMOVNE_6
Groups: cmov
0xf7fe66d5: cmovne eax, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe66d5] = '\x0f'
mem[0xf7fe66d6] = 'E'
mem[0xf7fe66d7] = '\xc1'
cpu.EIP = 0xf7fe66d5
cpu.ZF = True
cpu.EAX = 0xf7ffde94
cpu.ECX = 0xf7ff5844
cpu.execute()
self.assertEqual(mem[0xf7fe66d5], '\x0f')
self.assertEqual(mem[0xf7fe66d6], 'E')
self.assertEqual(mem[0xf7fe66d7], '\xc1')
self.assertEqual(cpu.EIP, 4160644824)
self.assertEqual(cpu.ECX, 4160706628)
self.assertEqual(cpu.EAX, 4160741012)
def test_CMOVNE_7(self):
''' Instruction CMOVNE_7
Groups: cmov
0xf7fe99a0: cmovne eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe99a0] = '\x0f'
mem[0xf7fe99a1] = 'E'
mem[0xf7fe99a2] = '\xc2'
cpu.EIP = 0xf7fe99a0
cpu.ZF = True
cpu.EDX = 0x0
cpu.EAX = 0x1002
cpu.execute()
self.assertEqual(mem[0xf7fe99a0], '\x0f')
self.assertEqual(mem[0xf7fe99a1], 'E')
self.assertEqual(mem[0xf7fe99a2], '\xc2')
self.assertEqual(cpu.EIP, 4160657827)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.EAX, 4098)
def test_CMOVNE_8(self):
''' Instruction CMOVNE_8
Groups: cmov
0xf7fe99a0: cmovne eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe99a0] = '\x0f'
mem[0xf7fe99a1] = 'E'
mem[0xf7fe99a2] = '\xc2'
cpu.EIP = 0xf7fe99a0
cpu.ZF = True
cpu.EDX = 0x0
cpu.EAX = 0x8
cpu.execute()
self.assertEqual(mem[0xf7fe99a0], '\x0f')
self.assertEqual(mem[0xf7fe99a1], 'E')
self.assertEqual(mem[0xf7fe99a2], '\xc2')
self.assertEqual(cpu.EIP, 4160657827)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.EAX, 8)
def test_CMOVNE_9(self):
''' Instruction CMOVNE_9
Groups: cmov
0xf7fe99a0: cmovne eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe99a0] = '\x0f'
mem[0xf7fe99a1] = 'E'
mem[0xf7fe99a2] = '\xc2'
cpu.EIP = 0xf7fe99a0
cpu.ZF = True
cpu.EDX = 0x0
cpu.EAX = 0x80
cpu.execute()
self.assertEqual(mem[0xf7fe99a0], '\x0f')
self.assertEqual(mem[0xf7fe99a1], 'E')
self.assertEqual(mem[0xf7fe99a2], '\xc2')
self.assertEqual(cpu.EIP, 4160657827)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.EAX, 128)
def test_CMOVNO_1(self):
''' Instruction CMOVNO_1
Groups: cmov
0x80794e1: cmovno cx, word ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x01'
mem[0x080794e1] = 'f'
mem[0x080794e2] = '\x0f'
mem[0x080794e3] = 'A'
mem[0x080794e4] = 'M'
mem[0x080794e5] = '\x00'
mem[0xffffb601] = '\x03'
cpu.EIP = 0x80794e1
cpu.CX = 0x0
cpu.EBP = 0xffffb600
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x01')
self.assertEqual(mem[0x80794e1], 'f')
self.assertEqual(mem[0x80794e2], '\x0f')
self.assertEqual(mem[0x80794e3], 'A')
self.assertEqual(mem[0x80794e4], 'M')
self.assertEqual(mem[0x80794e5], '\x00')
self.assertEqual(mem[0xffffb601], '\x03')
self.assertEqual(cpu.EIP, 134714598)
self.assertEqual(cpu.CX, 769)
self.assertEqual(cpu.EBP, 4294948352)
def test_CMOVNO_2(self):
''' Instruction CMOVNO_2
Groups: cmov
0x80794e6: cmovno ecx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x080794e8] = '\xca'
mem[0x080794e6] = '\x0f'
mem[0x080794e7] = 'A'
cpu.EIP = 0x80794e6
cpu.EDX = 0x0
cpu.OF = False
cpu.ECX = 0x301
cpu.execute()
self.assertEqual(mem[0x80794e8], '\xca')
self.assertEqual(mem[0x80794e6], '\x0f')
self.assertEqual(mem[0x80794e7], 'A')
self.assertEqual(cpu.EIP, 134714601)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.ECX, 0)
def test_CMOVNO_3(self):
''' Instruction CMOVNO_3
Groups: cmov
0x80794dd: cmovno cx, dx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x080794e0] = '\xca'
mem[0x080794dd] = 'f'
mem[0x080794de] = '\x0f'
mem[0x080794df] = 'A'
cpu.EIP = 0x80794dd
cpu.CX = 0x301
cpu.DX = 0x0
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x80794e0], '\xca')
self.assertEqual(mem[0x80794dd], 'f')
self.assertEqual(mem[0x80794de], '\x0f')
self.assertEqual(mem[0x80794df], 'A')
self.assertEqual(cpu.EIP, 134714593)
self.assertEqual(cpu.CX, 0)
self.assertEqual(cpu.DX, 0)
def test_CMOVNO_4(self):
''' Instruction CMOVNO_4
Groups: cmov
0x80794e9: cmovno ecx, dword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x01'
mem[0xffffb601] = '\x03'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x080794e9] = '\x0f'
mem[0x080794ea] = 'A'
mem[0x080794eb] = 'M'
mem[0x080794ec] = '\x00'
cpu.EIP = 0x80794e9
cpu.EBP = 0xffffb600
cpu.OF = False
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x01')
self.assertEqual(mem[0xffffb601], '\x03')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x80794e9], '\x0f')
self.assertEqual(mem[0x80794ea], 'A')
self.assertEqual(mem[0x80794eb], 'M')
self.assertEqual(mem[0x80794ec], '\x00')
self.assertEqual(cpu.EIP, 134714605)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.ECX, 769)
def test_CMOVNP_1(self):
''' Instruction CMOVNP_1
Groups: cmov
0x80794d1: cmovnp cx, word ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x01'
mem[0xffffb601] = '\x03'
mem[0x080794d1] = 'f'
mem[0x080794d2] = '\x0f'
mem[0x080794d3] = 'K'
mem[0x080794d4] = 'M'
mem[0x080794d5] = '\x00'
cpu.EIP = 0x80794d1
cpu.CX = 0x301
cpu.PF = True
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x01')
self.assertEqual(mem[0xffffb601], '\x03')
self.assertEqual(mem[0x80794d1], 'f')
self.assertEqual(mem[0x80794d2], '\x0f')
self.assertEqual(mem[0x80794d3], 'K')
self.assertEqual(mem[0x80794d4], 'M')
self.assertEqual(mem[0x80794d5], '\x00')
self.assertEqual(cpu.EIP, 134714582)
self.assertEqual(cpu.CX, 769)
self.assertEqual(cpu.EBP, 4294948352)
def test_CMOVNP_2(self):
''' Instruction CMOVNP_2
Groups: cmov
0x80794cd: cmovnp cx, dx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x080794d0] = '\xca'
mem[0x080794cd] = 'f'
mem[0x080794ce] = '\x0f'
mem[0x080794cf] = 'K'
cpu.EIP = 0x80794cd
cpu.CX = 0x301
cpu.PF = True
cpu.DX = 0x0
cpu.execute()
self.assertEqual(mem[0x80794d0], '\xca')
self.assertEqual(mem[0x80794cd], 'f')
self.assertEqual(mem[0x80794ce], '\x0f')
self.assertEqual(mem[0x80794cf], 'K')
self.assertEqual(cpu.EIP, 134714577)
self.assertEqual(cpu.CX, 769)
self.assertEqual(cpu.DX, 0)
def test_CMOVNP_3(self):
''' Instruction CMOVNP_3
Groups: cmov
0x80794d6: cmovnp ecx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x080794d8] = '\xca'
mem[0x080794d6] = '\x0f'
mem[0x080794d7] = 'K'
cpu.EIP = 0x80794d6
cpu.EDX = 0x0
cpu.PF = True
cpu.ECX = 0x301
cpu.execute()
self.assertEqual(mem[0x80794d8], '\xca')
self.assertEqual(mem[0x80794d6], '\x0f')
self.assertEqual(mem[0x80794d7], 'K')
self.assertEqual(cpu.EIP, 134714585)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.ECX, 769)
def test_CMOVNP_4(self):
''' Instruction CMOVNP_4
Groups: cmov
0x80794d9: cmovnp ecx, dword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x01'
mem[0xffffb601] = '\x03'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x080794d9] = '\x0f'
mem[0x080794da] = 'K'
mem[0x080794db] = 'M'
mem[0x080794dc] = '\x00'
cpu.EIP = 0x80794d9
cpu.PF = True
cpu.EBP = 0xffffb600
cpu.ECX = 0x301
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x01')
self.assertEqual(mem[0xffffb601], '\x03')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x80794d9], '\x0f')
self.assertEqual(mem[0x80794da], 'K')
self.assertEqual(mem[0x80794db], 'M')
self.assertEqual(mem[0x80794dc], '\x00')
self.assertEqual(cpu.EIP, 134714589)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.ECX, 769)
def test_CMOVNS_1(self):
''' Instruction CMOVNS_1
Groups: cmov
0x80794c1: cmovns cx, word ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x01'
mem[0x080794c1] = 'f'
mem[0x080794c2] = '\x0f'
mem[0x080794c3] = 'I'
mem[0x080794c4] = 'M'
mem[0x080794c5] = '\x00'
mem[0xffffb601] = '\x03'
cpu.EIP = 0x80794c1
cpu.CX = 0x301
cpu.EBP = 0xffffb600
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x01')
self.assertEqual(mem[0x80794c1], 'f')
self.assertEqual(mem[0x80794c2], '\x0f')
self.assertEqual(mem[0x80794c3], 'I')
self.assertEqual(mem[0x80794c4], 'M')
self.assertEqual(mem[0x80794c5], '\x00')
self.assertEqual(mem[0xffffb601], '\x03')
self.assertEqual(cpu.EIP, 134714566)
self.assertEqual(cpu.CX, 769)
self.assertEqual(cpu.EBP, 4294948352)
def test_CMOVNS_2(self):
''' Instruction CMOVNS_2
Groups: cmov
0x80794c9: cmovns ecx, dword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x01'
mem[0xffffb601] = '\x03'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x080794c9] = '\x0f'
mem[0x080794ca] = 'I'
mem[0x080794cb] = 'M'
mem[0x080794cc] = '\x00'
cpu.EIP = 0x80794c9
cpu.EBP = 0xffffb600
cpu.SF = True
cpu.ECX = 0x301
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x01')
self.assertEqual(mem[0xffffb601], '\x03')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x80794c9], '\x0f')
self.assertEqual(mem[0x80794ca], 'I')
self.assertEqual(mem[0x80794cb], 'M')
self.assertEqual(mem[0x80794cc], '\x00')
self.assertEqual(cpu.EIP, 134714573)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.ECX, 769)
def test_CMOVNS_3(self):
''' Instruction CMOVNS_3
Groups: cmov
0x80794bd: cmovns cx, dx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x080794c0] = '\xca'
mem[0x080794bd] = 'f'
mem[0x080794be] = '\x0f'
mem[0x080794bf] = 'I'
cpu.EIP = 0x80794bd
cpu.CX = 0x301
cpu.SF = True
cpu.DX = 0x0
cpu.execute()
self.assertEqual(mem[0x80794c0], '\xca')
self.assertEqual(mem[0x80794bd], 'f')
self.assertEqual(mem[0x80794be], '\x0f')
self.assertEqual(mem[0x80794bf], 'I')
self.assertEqual(cpu.EIP, 134714561)
self.assertEqual(cpu.CX, 769)
self.assertEqual(cpu.DX, 0)
def test_CMOVNS_4(self):
''' Instruction CMOVNS_4
Groups: cmov
0x80794c6: cmovns ecx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x080794c8] = '\xca'
mem[0x080794c6] = '\x0f'
mem[0x080794c7] = 'I'
cpu.EIP = 0x80794c6
cpu.EDX = 0x0
cpu.SF = True
cpu.ECX = 0x301
cpu.execute()
self.assertEqual(mem[0x80794c8], '\xca')
self.assertEqual(mem[0x80794c6], '\x0f')
self.assertEqual(mem[0x80794c7], 'I')
self.assertEqual(cpu.EIP, 134714569)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.ECX, 769)
def test_CMOVO_1(self):
''' Instruction CMOVO_1
Groups: cmov
0x804d677: cmovo ecx, dword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x0804d677] = '\x0f'
mem[0x0804d678] = '@'
mem[0x0804d679] = 'M'
mem[0x0804d67a] = '\x00'
cpu.EIP = 0x804d677
cpu.EBP = 0xffffb600
cpu.OF = False
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x804d677], '\x0f')
self.assertEqual(mem[0x804d678], '@')
self.assertEqual(mem[0x804d679], 'M')
self.assertEqual(mem[0x804d67a], '\x00')
self.assertEqual(cpu.EIP, 134534779)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.ECX, 0)
def test_CMOVO_2(self):
''' Instruction CMOVO_2
Groups: cmov
0x804d674: cmovo ecx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x0804d674] = '\x0f'
mem[0x0804d675] = '@'
mem[0x0804d676] = '\xca'
cpu.EIP = 0x804d674
cpu.EDX = 0xffffffff
cpu.OF = False
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0x804d674], '\x0f')
self.assertEqual(mem[0x804d675], '@')
self.assertEqual(mem[0x804d676], '\xca')
self.assertEqual(cpu.EIP, 134534775)
self.assertEqual(cpu.EDX, 4294967295)
self.assertEqual(cpu.ECX, 0)
def test_CMOVO_3(self):
''' Instruction CMOVO_3
Groups: cmov
0x804d66b: cmovo cx, dx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x0804d66b] = 'f'
mem[0x0804d66c] = '\x0f'
mem[0x0804d66d] = '@'
mem[0x0804d66e] = '\xca'
cpu.EIP = 0x804d66b
cpu.CX = 0x0
cpu.DX = 0xffff
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x804d66b], 'f')
self.assertEqual(mem[0x804d66c], '\x0f')
self.assertEqual(mem[0x804d66d], '@')
self.assertEqual(mem[0x804d66e], '\xca')
self.assertEqual(cpu.EIP, 134534767)
self.assertEqual(cpu.CX, 0)
self.assertEqual(cpu.DX, 65535)
def test_CMOVO_4(self):
''' Instruction CMOVO_4
Groups: cmov
0x804d66f: cmovo cx, word ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0x0804d66f] = 'f'
mem[0x0804d670] = '\x0f'
mem[0x0804d671] = '@'
mem[0x0804d672] = 'M'
mem[0x0804d673] = '\x00'
cpu.EIP = 0x804d66f
cpu.CX = 0x0
cpu.EBP = 0xffffb600
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0x804d66f], 'f')
self.assertEqual(mem[0x804d670], '\x0f')
self.assertEqual(mem[0x804d671], '@')
self.assertEqual(mem[0x804d672], 'M')
self.assertEqual(mem[0x804d673], '\x00')
self.assertEqual(cpu.EIP, 134534772)
self.assertEqual(cpu.CX, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_CMOVP_1(self):
''' Instruction CMOVP_1
Groups: cmov
0x804d63c: cmovp cx, dx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x0804d63c] = 'f'
mem[0x0804d63d] = '\x0f'
mem[0x0804d63e] = 'J'
mem[0x0804d63f] = '\xca'
cpu.EIP = 0x804d63c
cpu.CX = 0x0
cpu.PF = True
cpu.DX = 0xffff
cpu.execute()
self.assertEqual(mem[0x804d63c], 'f')
self.assertEqual(mem[0x804d63d], '\x0f')
self.assertEqual(mem[0x804d63e], 'J')
self.assertEqual(mem[0x804d63f], '\xca')
self.assertEqual(cpu.EIP, 134534720)
self.assertEqual(cpu.CX, 65535)
self.assertEqual(cpu.DX, 65535)
def test_CMOVP_2(self):
''' Instruction CMOVP_2
Groups: cmov
0x804d648: cmovp ecx, dword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x0804d648] = '\x0f'
mem[0x0804d649] = 'J'
mem[0x0804d64a] = 'M'
mem[0x0804d64b] = '\x00'
cpu.EIP = 0x804d648
cpu.PF = True
cpu.EBP = 0xffffb600
cpu.ECX = 0xffffffff
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x804d648], '\x0f')
self.assertEqual(mem[0x804d649], 'J')
self.assertEqual(mem[0x804d64a], 'M')
self.assertEqual(mem[0x804d64b], '\x00')
self.assertEqual(cpu.EIP, 134534732)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.ECX, 0)
def test_CMOVP_3(self):
''' Instruction CMOVP_3
Groups: cmov
0x804d640: cmovp cx, word ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x0804d640] = 'f'
mem[0x0804d641] = '\x0f'
mem[0x0804d642] = 'J'
mem[0x0804d643] = 'M'
mem[0x0804d644] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb600] = '\x00'
cpu.EIP = 0x804d640
cpu.CX = 0xffff
cpu.PF = True
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0x804d640], 'f')
self.assertEqual(mem[0x804d641], '\x0f')
self.assertEqual(mem[0x804d642], 'J')
self.assertEqual(mem[0x804d643], 'M')
self.assertEqual(mem[0x804d644], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(cpu.EIP, 134534725)
self.assertEqual(cpu.CX, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_CMOVP_4(self):
''' Instruction CMOVP_4
Groups: cmov
0x804d645: cmovp ecx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x0804d645] = '\x0f'
mem[0x0804d646] = 'J'
mem[0x0804d647] = '\xca'
cpu.EIP = 0x804d645
cpu.EDX = 0xffffffff
cpu.PF = True
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0x804d645], '\x0f')
self.assertEqual(mem[0x804d646], 'J')
self.assertEqual(mem[0x804d647], '\xca')
self.assertEqual(cpu.EIP, 134534728)
self.assertEqual(cpu.EDX, 4294967295)
self.assertEqual(cpu.ECX, 4294967295)
def test_CMOVS_1(self):
''' Instruction CMOVS_1
Groups: cmov
0x8079391: cmovs ecx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079391] = '\x0f'
mem[0x08079392] = 'H'
mem[0x08079393] = '\xca'
cpu.EIP = 0x8079391
cpu.EDX = 0x0
cpu.SF = False
cpu.ECX = 0x1800080
cpu.execute()
self.assertEqual(mem[0x8079391], '\x0f')
self.assertEqual(mem[0x8079392], 'H')
self.assertEqual(mem[0x8079393], '\xca')
self.assertEqual(cpu.EIP, 134714260)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.ECX, 25165952)
def test_CMOVS_2(self):
''' Instruction CMOVS_2
Groups: cmov
0x8079394: cmovs ecx, dword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x01'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x08079394] = '\x0f'
mem[0x08079395] = 'H'
mem[0x08079396] = 'M'
mem[0x08079397] = '\x00'
cpu.EIP = 0x8079394
cpu.EBP = 0xffffb600
cpu.SF = False
cpu.ECX = 0x1800080
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x01')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x8079394], '\x0f')
self.assertEqual(mem[0x8079395], 'H')
self.assertEqual(mem[0x8079396], 'M')
self.assertEqual(mem[0x8079397], '\x00')
self.assertEqual(cpu.EIP, 134714264)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.ECX, 25165952)
def test_CMOVS_3(self):
''' Instruction CMOVS_3
Groups: cmov
0x807938c: cmovs cx, word ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x01'
mem[0xffffb601] = '\x00'
mem[0x0807938c] = 'f'
mem[0x0807938d] = '\x0f'
mem[0x0807938e] = 'H'
mem[0x0807938f] = 'M'
mem[0x08079390] = '\x00'
cpu.EIP = 0x807938c
cpu.CX = 0x80
cpu.EBP = 0xffffb600
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x01')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0x807938c], 'f')
self.assertEqual(mem[0x807938d], '\x0f')
self.assertEqual(mem[0x807938e], 'H')
self.assertEqual(mem[0x807938f], 'M')
self.assertEqual(mem[0x8079390], '\x00')
self.assertEqual(cpu.EIP, 134714257)
self.assertEqual(cpu.CX, 128)
self.assertEqual(cpu.EBP, 4294948352)
def test_CMOVS_4(self):
''' Instruction CMOVS_4
Groups: cmov
0x8079388: cmovs cx, dx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079388] = 'f'
mem[0x08079389] = '\x0f'
mem[0x0807938a] = 'H'
mem[0x0807938b] = '\xca'
cpu.EIP = 0x8079388
cpu.CX = 0x80
cpu.SF = False
cpu.DX = 0x0
cpu.execute()
self.assertEqual(mem[0x8079388], 'f')
self.assertEqual(mem[0x8079389], '\x0f')
self.assertEqual(mem[0x807938a], 'H')
self.assertEqual(mem[0x807938b], '\xca')
self.assertEqual(cpu.EIP, 134714252)
self.assertEqual(cpu.CX, 128)
self.assertEqual(cpu.DX, 0)
def test_CMPSB_1(self):
''' Instruction CMPSB_1
Groups:
0x8056678: cmpsb byte ptr [esi], byte ptr es:[edi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08056000, 0x1000, 'rwx')
mem.mmap(0x0807e000, 0x2000, 'rwx')
mem[0x08056678] = '\xa6'
mem[0x0807e037] = '\xe5'
mem[0x0807f037] = '\xed'
cpu.EIP = 0x8056678
cpu.PF = True
cpu.AF = False
cpu.DF = False
cpu.OF = False
cpu.ZF = False
cpu.EDI = 0x807f037
cpu.CF = False
cpu.ESI = 0x807e037
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0x8056678], '\xa6')
self.assertEqual(mem[0x807f037], '\xed')
self.assertEqual(mem[0x807e037], '\xe5')
self.assertEqual(cpu.EIP, 134571641)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.EDI, 134737976)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.ESI, 134733880)
self.assertEqual(cpu.SF, True)
def test_CMPSD_1(self):
''' Instruction CMPSD_1
Groups:
0x805667b: cmpsd dword ptr [esi], dword ptr es:[edi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08056000, 0x1000, 'rwx')
mem.mmap(0x0807e000, 0x2000, 'rwx')
mem[0x0807e03b] = '\xe5'
mem[0x0807f03b] = '\xed'
mem[0x0807e03a] = '\x1e'
mem[0x0807e03c] = '\xe5'
mem[0x0807f03a] = '\x1e'
mem[0x0805667b] = '\xa7'
mem[0x0807f03c] = '\xed'
mem[0x0807f03d] = '\xd1'
mem[0x0807e03d] = 'Q'
cpu.EIP = 0x805667b
cpu.PF = False
cpu.AF = True
cpu.DF = False
cpu.OF = False
cpu.ZF = False
cpu.EDI = 0x807f03a
cpu.CF = True
cpu.ESI = 0x807e03a
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x807e03b], '\xe5')
self.assertEqual(mem[0x807f03a], '\x1e')
self.assertEqual(mem[0x805667b], '\xa7')
self.assertEqual(mem[0x807e03a], '\x1e')
self.assertEqual(mem[0x807f03b], '\xed')
self.assertEqual(mem[0x807e03c], '\xe5')
self.assertEqual(mem[0x807e03d], 'Q')
self.assertEqual(mem[0x807f03d], '\xd1')
self.assertEqual(mem[0x807f03c], '\xed')
self.assertEqual(cpu.EIP, 134571644)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.EDI, 134737982)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.ESI, 134733886)
self.assertEqual(cpu.SF, False)
def test_CMPSW_1(self):
''' Instruction CMPSW_1
Groups:
0x8056679: cmpsw word ptr [esi], word ptr es:[edi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08056000, 0x1000, 'rwx')
mem.mmap(0x0807e000, 0x2000, 'rwx')
mem[0x0807e038] = '\xe5'
mem[0x0807f039] = '\xd1'
mem[0x08056679] = 'f'
mem[0x0807f038] = '\xed'
mem[0x0807e039] = 'Q'
mem[0x0805667a] = '\xa7'
cpu.EIP = 0x8056679
cpu.PF = False
cpu.AF = True
cpu.DF = False
cpu.OF = False
cpu.ZF = False
cpu.EDI = 0x807f038
cpu.CF = True
cpu.ESI = 0x807e038
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0x807f038], '\xed')
self.assertEqual(mem[0x807e039], 'Q')
self.assertEqual(mem[0x8056679], 'f')
self.assertEqual(mem[0x807e038], '\xe5')
self.assertEqual(mem[0x807f039], '\xd1')
self.assertEqual(mem[0x805667a], '\xa7')
self.assertEqual(cpu.EIP, 134571643)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.EDI, 134737978)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.ESI, 134733882)
self.assertEqual(cpu.SF, False)
def test_CMP_1(self):
''' Instruction CMP_1
Groups:
0xf7fe0b35: cmp edi, 0x23
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe0000, 0x1000, 'rwx')
mem[0xf7fe0b35] = '\x83'
mem[0xf7fe0b36] = '\xff'
mem[0xf7fe0b37] = '#'
cpu.EIP = 0xf7fe0b35
cpu.PF = False
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.EDI = 0x1
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe0b35], '\x83')
self.assertEqual(mem[0xf7fe0b36], '\xff')
self.assertEqual(mem[0xf7fe0b37], '#')
self.assertEqual(cpu.EIP, 4160621368)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.EDI, 1)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.SF, True)
def test_CMP_10(self):
''' Instruction CMP_10
Groups:
0xf7fe4caa: cmp word ptr [edi + 0xe], 0
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e20000, 0x1000, 'rwx')
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4caa] = 'f'
mem[0xf7fe4cab] = '\x83'
mem[0xf7fe4cac] = '\x7f'
mem[0xf7fe4cad] = '\x0e'
mem[0xf7fe4cae] = '\x00'
mem[0xf7e20892] = ' '
mem[0xf7e20893] = '\x00'
cpu.EIP = 0xf7fe4caa
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = True
cpu.EDI = 0xf7e20884
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe4caa], 'f')
self.assertEqual(mem[0xf7fe4cab], '\x83')
self.assertEqual(mem[0xf7fe4cac], '\x7f')
self.assertEqual(mem[0xf7fe4cad], '\x0e')
self.assertEqual(mem[0xf7fe4cae], '\x00')
self.assertEqual(mem[0xf7e20892], ' ')
self.assertEqual(mem[0xf7e20893], '\x00')
self.assertEqual(cpu.EIP, 4160638127)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.EDI, 4158785668)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_CMP_11(self):
''' Instruction CMP_11
Groups:
0xf7ff41ad: cmp ecx, 1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff41ad] = '\x83'
mem[0xf7ff41ae] = '\xf9'
mem[0xf7ff41af] = '\x01'
cpu.EIP = 0xf7ff41ad
cpu.PF = False
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.ECX = 0x14
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7ff41ad], '\x83')
self.assertEqual(mem[0xf7ff41ae], '\xf9')
self.assertEqual(mem[0xf7ff41af], '\x01')
self.assertEqual(cpu.EIP, 4160700848)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.ECX, 20)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_CMP_12(self):
''' Instruction CMP_12
Groups:
0xf7ff3e6a: cmp al, byte ptr [edx]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fdc000, 0x1000, 'rwx')
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6a] = ':'
mem[0xf7ff3e6b] = '\x02'
mem[0xf7fdc4fe] = '_'
cpu.SF = False
cpu.EIP = 0xf7ff3e6a
cpu.EDX = 0xf7fdc4fe
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.AL = 0x5f
cpu.execute()
self.assertEqual(mem[0xf7ff3e6a], ':')
self.assertEqual(mem[0xf7ff3e6b], '\x02')
self.assertEqual(mem[0xf7fdc4fe], '_')
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.EIP, 4160700012)
self.assertEqual(cpu.EDX, 4160603390)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.AL, 95)
def test_CMP_13(self):
''' Instruction CMP_13
Groups:
0xf7fe71ac: cmp byte ptr [esi + 4], 8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e2a000, 0x1000, 'rwx')
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7e2af60] = '\x08'
mem[0xf7fe71ac] = '\x80'
mem[0xf7fe71ad] = '~'
mem[0xf7fe71ae] = '\x04'
mem[0xf7fe71af] = '\x08'
cpu.EIP = 0xf7fe71ac
cpu.PF = False
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.ESI = 0xf7e2af5c
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7e2af60], '\x08')
self.assertEqual(mem[0xf7fe71ac], '\x80')
self.assertEqual(mem[0xf7fe71ad], '~')
self.assertEqual(mem[0xf7fe71ae], '\x04')
self.assertEqual(mem[0xf7fe71af], '\x08')
self.assertEqual(cpu.EIP, 4160647600)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.ESI, 4158828380)
self.assertEqual(cpu.SF, False)
def test_CMP_14(self):
''' Instruction CMP_14
Groups:
0xf7ff3e6a: cmp al, byte ptr [edx]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e28000, 0x1000, 'rwx')
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6a] = ':'
mem[0xf7ff3e6b] = '\x02'
mem[0xf7e28067] = '2'
cpu.SF = False
cpu.EIP = 0xf7ff3e6a
cpu.EDX = 0xf7e28067
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.AL = 0x32
cpu.execute()
self.assertEqual(mem[0xf7ff3e6a], ':')
self.assertEqual(mem[0xf7ff3e6b], '\x02')
self.assertEqual(mem[0xf7e28067], '2')
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.EIP, 4160700012)
self.assertEqual(cpu.EDX, 4158816359)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.AL, 50)
def test_CMP_15(self):
''' Instruction CMP_15
Groups:
0xf7fe71bb: cmp ecx, esi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bb] = '9'
mem[0xf7fe71bc] = '\xf1'
cpu.EIP = 0xf7fe71bb
cpu.PF = False
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.ECX = 0xf7e2c06c
cpu.CF = False
cpu.ESI = 0xf7e29f8c
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fe71bb], '9')
self.assertEqual(mem[0xf7fe71bc], '\xf1')
self.assertEqual(cpu.EIP, 4160647613)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.ECX, 4158832748)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.ESI, 4158824332)
self.assertEqual(cpu.SF, False)
def test_CMP_16(self):
''' Instruction CMP_16
Groups:
0xf7fe71bb: cmp ecx, esi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bb] = '9'
mem[0xf7fe71bc] = '\xf1'
cpu.EIP = 0xf7fe71bb
cpu.PF = False
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.ECX = 0xf7e2c06c
cpu.CF = False
cpu.ESI = 0xf7e29f44
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fe71bb], '9')
self.assertEqual(mem[0xf7fe71bc], '\xf1')
self.assertEqual(cpu.EIP, 4160647613)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.ECX, 4158832748)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.ESI, 4158824260)
self.assertEqual(cpu.SF, False)
def test_CMP_17(self):
''' Instruction CMP_17
Groups:
0xf7fe71bb: cmp ecx, esi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bb] = '9'
mem[0xf7fe71bc] = '\xf1'
cpu.EIP = 0xf7fe71bb
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.ECX = 0xf7e2c06c
cpu.CF = False
cpu.ESI = 0xf7e2bac4
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fe71bb], '9')
self.assertEqual(mem[0xf7fe71bc], '\xf1')
self.assertEqual(cpu.EIP, 4160647613)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.ECX, 4158832748)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.ESI, 4158831300)
self.assertEqual(cpu.SF, False)
def test_CMP_18(self):
''' Instruction CMP_18
Groups:
0xf7fe4fa7: cmp dl, 2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4fa8] = '\xfa'
mem[0xf7fe4fa9] = '\x02'
mem[0xf7fe4fa7] = '\x80'
cpu.EIP = 0xf7fe4fa7
cpu.DL = 0x2
cpu.PF = False
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe4fa8], '\xfa')
self.assertEqual(mem[0xf7fe4fa9], '\x02')
self.assertEqual(mem[0xf7fe4fa7], '\x80')
self.assertEqual(cpu.EIP, 4160638890)
self.assertEqual(cpu.DL, 2)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_CMP_19(self):
''' Instruction CMP_19
Groups:
0xf7ff3e6a: cmp al, byte ptr [edx]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6a] = ':'
mem[0xf7ff3e6b] = '\x02'
mem[0xf7fdaac5] = 'i'
cpu.SF = False
cpu.EIP = 0xf7ff3e6a
cpu.EDX = 0xf7fdaac5
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.AL = 0x64
cpu.execute()
self.assertEqual(mem[0xf7ff3e6a], ':')
self.assertEqual(mem[0xf7ff3e6b], '\x02')
self.assertEqual(mem[0xf7fdaac5], 'i')
self.assertEqual(cpu.SF, True)
self.assertEqual(cpu.EIP, 4160700012)
self.assertEqual(cpu.EDX, 4160596677)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.AL, 100)
def test_CMP_2(self):
''' Instruction CMP_2
Groups:
0xf7fe71bb: cmp ecx, esi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bb] = '9'
mem[0xf7fe71bc] = '\xf1'
cpu.EIP = 0xf7fe71bb
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.ECX = 0xf7e2c06c
cpu.CF = False
cpu.ESI = 0xf7e2b12c
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fe71bb], '9')
self.assertEqual(mem[0xf7fe71bc], '\xf1')
self.assertEqual(cpu.EIP, 4160647613)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.ECX, 4158832748)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.ESI, 4158828844)
self.assertEqual(cpu.SF, False)
def test_CMP_20(self):
''' Instruction CMP_20
Groups:
0xf7ff3e6a: cmp al, byte ptr [edx]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fdc000, 0x1000, 'rwx')
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6a] = ':'
mem[0xf7ff3e6b] = '\x02'
mem[0xf7fdc626] = '2'
cpu.SF = False
cpu.EIP = 0xf7ff3e6a
cpu.EDX = 0xf7fdc626
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.AL = 0x32
cpu.execute()
self.assertEqual(mem[0xf7ff3e6a], ':')
self.assertEqual(mem[0xf7ff3e6b], '\x02')
self.assertEqual(mem[0xf7fdc626], '2')
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.EIP, 4160700012)
self.assertEqual(cpu.EDX, 4160603686)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.AL, 50)
def test_CMP_21(self):
''' Instruction CMP_21
Groups:
0xf7fe71bb: cmp ecx, esi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bb] = '9'
mem[0xf7fe71bc] = '\xf1'
cpu.EIP = 0xf7fe71bb
cpu.PF = False
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.ECX = 0xf7e2c06c
cpu.CF = False
cpu.ESI = 0xf7e2b944
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fe71bb], '9')
self.assertEqual(mem[0xf7fe71bc], '\xf1')
self.assertEqual(cpu.EIP, 4160647613)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.ECX, 4158832748)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.ESI, 4158830916)
self.assertEqual(cpu.SF, False)
def test_CMP_3(self):
''' Instruction CMP_3
Groups:
0xf7ff0681: cmp cl, dl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff0681] = '8'
mem[0xf7ff0682] = '\xd1'
cpu.EIP = 0xf7ff0681
cpu.DL = 0x62
cpu.PF = False
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.CL = 0x62
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7ff0681], '8')
self.assertEqual(mem[0xf7ff0682], '\xd1')
self.assertEqual(cpu.EIP, 4160685699)
self.assertEqual(cpu.DL, 98)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CL, 98)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_CMP_4(self):
''' Instruction CMP_4
Groups:
0xf7fe4ea2: cmp esi, dword ptr [esp + 0xac]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd39c] = '\x00'
mem[0xffffd39d] = '\x00'
mem[0xffffd39e] = '\x00'
mem[0xffffd39f] = '\x00'
mem[0xf7fe4ea2] = ';'
mem[0xf7fe4ea3] = '\xb4'
mem[0xf7fe4ea4] = '$'
mem[0xf7fe4ea5] = '\xac'
mem[0xf7fe4ea6] = '\x00'
mem[0xf7fe4ea7] = '\x00'
mem[0xf7fe4ea8] = '\x00'
cpu.EIP = 0xf7fe4ea2
cpu.PF = False
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.ESP = 0xffffd2f0
cpu.CF = False
cpu.ESI = 0xf7fda858
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xffffd39c], '\x00')
self.assertEqual(mem[0xffffd39d], '\x00')
self.assertEqual(mem[0xffffd39e], '\x00')
self.assertEqual(mem[0xffffd39f], '\x00')
self.assertEqual(mem[0xf7fe4ea2], ';')
self.assertEqual(mem[0xf7fe4ea3], '\xb4')
self.assertEqual(mem[0xf7fe4ea4], '$')
self.assertEqual(mem[0xf7fe4ea5], '\xac')
self.assertEqual(mem[0xf7fe4ea6], '\x00')
self.assertEqual(mem[0xf7fe4ea7], '\x00')
self.assertEqual(mem[0xf7fe4ea8], '\x00')
self.assertEqual(cpu.EIP, 4160638633)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.ESP, 4294955760)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.ESI, 4160596056)
self.assertEqual(cpu.SF, True)
def test_CMP_5(self):
''' Instruction CMP_5
Groups:
0xf7ff3e6a: cmp al, byte ptr [edx]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e28000, 0x1000, 'rwx')
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7e28099] = 'G'
mem[0xf7ff3e6a] = ':'
mem[0xf7ff3e6b] = '\x02'
cpu.SF = False
cpu.EIP = 0xf7ff3e6a
cpu.EDX = 0xf7e28099
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = True
cpu.CF = False
cpu.AL = 0x47
cpu.execute()
self.assertEqual(mem[0xf7e28099], 'G')
self.assertEqual(mem[0xf7ff3e6a], ':')
self.assertEqual(mem[0xf7ff3e6b], '\x02')
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.EIP, 4160700012)
self.assertEqual(cpu.EDX, 4158816409)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.AL, 71)
def test_CMP_6(self):
''' Instruction CMP_6
Groups:
0xf7ff0681: cmp cl, dl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff0681] = '8'
mem[0xf7ff0682] = '\xd1'
cpu.EIP = 0xf7ff0681
cpu.DL = 0x63
cpu.PF = False
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.CL = 0x63
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7ff0681], '8')
self.assertEqual(mem[0xf7ff0682], '\xd1')
self.assertEqual(cpu.EIP, 4160685699)
self.assertEqual(cpu.DL, 99)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CL, 99)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_CMP_7(self):
''' Instruction CMP_7
Groups:
0xf7fe7f28: cmp eax, 2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7f28] = '\x83'
mem[0xf7fe7f29] = '\xf8'
mem[0xf7fe7f2a] = '\x02'
cpu.EIP = 0xf7fe7f28
cpu.EAX = 0xffffffde
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = True
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe7f28], '\x83')
self.assertEqual(mem[0xf7fe7f29], '\xf8')
self.assertEqual(mem[0xf7fe7f2a], '\x02')
self.assertEqual(cpu.EIP, 4160651051)
self.assertEqual(cpu.EAX, 4294967262)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, True)
def test_CMP_8(self):
''' Instruction CMP_8
Groups:
0xf7fe579d: cmp dl, 3
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe579d] = '\x80'
mem[0xf7fe579e] = '\xfa'
mem[0xf7fe579f] = '\x03'
cpu.EIP = 0xf7fe579d
cpu.DL = 0x0
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = True
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe579d], '\x80')
self.assertEqual(mem[0xf7fe579e], '\xfa')
self.assertEqual(mem[0xf7fe579f], '\x03')
self.assertEqual(cpu.EIP, 4160640928)
self.assertEqual(cpu.DL, 0)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.SF, True)
def test_CMP_9(self):
''' Instruction CMP_9
Groups:
0xf7fe0abc: cmp byte ptr [eax + 4], 8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fdc000, 0x1000, 'rwx')
mem.mmap(0xf7fe0000, 0x1000, 'rwx')
mem[0xf7fdc780] = '\x08'
mem[0xf7fe0abc] = '\x80'
mem[0xf7fe0abd] = 'x'
mem[0xf7fe0abe] = '\x04'
mem[0xf7fe0abf] = '\x08'
cpu.EIP = 0xf7fe0abc
cpu.EAX = 0xf7fdc77c
cpu.PF = False
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fdc780], '\x08')
self.assertEqual(mem[0xf7fe0abc], '\x80')
self.assertEqual(mem[0xf7fe0abd], 'x')
self.assertEqual(mem[0xf7fe0abe], '\x04')
self.assertEqual(mem[0xf7fe0abf], '\x08')
self.assertEqual(cpu.EIP, 4160621248)
self.assertEqual(cpu.EAX, 4160604028)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_CWDE_1(self):
''' Instruction CWDE_1
Groups:
0x807934a: cwde
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x0807934a] = '\x98'
cpu.EIP = 0x807934a
cpu.EAX = 0x137
cpu.execute()
self.assertEqual(mem[0x807934a], '\x98')
self.assertEqual(cpu.EIP, 134714187)
self.assertEqual(cpu.EAX, 311)
def test_CWDE_2(self):
''' Instruction CWDE_2
Groups:
0x807028c: cwde
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x0807028c] = '\x98'
cpu.EIP = 0x807028c
cpu.EAX = 0xb594ecf8
cpu.execute()
self.assertEqual(mem[0x807028c], '\x98')
self.assertEqual(cpu.EIP, 134677133)
self.assertEqual(cpu.EAX, 4294962424)
def test_DEC_1(self):
''' Instruction DEC_1
Groups: not64bitmode
0xf7ff3ee8: dec edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ee8] = 'J'
cpu.EIP = 0xf7ff3ee8
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.PF = True
cpu.EDX = 0xa0ffc9d2
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7ff3ee8], 'J')
self.assertEqual(cpu.EIP, 4160700137)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EDX, 2701117905)
self.assertEqual(cpu.SF, True)
def test_DEC_10(self):
''' Instruction DEC_10
Groups: not64bitmode
0xf7ff3ee8: dec edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ee8] = 'J'
cpu.EIP = 0xf7ff3ee8
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.PF = True
cpu.EDX = 0xc7cc96d1
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7ff3ee8], 'J')
self.assertEqual(cpu.EIP, 4160700137)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.EDX, 3352073936)
self.assertEqual(cpu.SF, True)
def test_DEC_11(self):
''' Instruction DEC_11
Groups: not64bitmode
0xf7ff3f1c: dec edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3f1c] = 'J'
cpu.EIP = 0xf7ff3f1c
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.PF = False
cpu.EDX = 0x8a9198d3
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7ff3f1c], 'J')
self.assertEqual(cpu.EIP, 4160700189)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EDX, 2324797650)
self.assertEqual(cpu.SF, True)
def test_DEC_12(self):
''' Instruction DEC_12
Groups: not64bitmode
0x8059862: dec cx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x08059862] = 'f'
mem[0x08059863] = 'I'
cpu.EIP = 0x8059862
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.CX = 0xff
cpu.PF = True
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0x8059862], 'f')
self.assertEqual(mem[0x8059863], 'I')
self.assertEqual(cpu.EIP, 134584420)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CX, 254)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
def test_DEC_13(self):
''' Instruction DEC_13
Groups: not64bitmode
0xf7ff3ee8: dec edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ee8] = 'J'
cpu.EIP = 0xf7ff3ee8
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.PF = True
cpu.EDX = 0xffffff99
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7ff3ee8], 'J')
self.assertEqual(cpu.EIP, 4160700137)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.EDX, 4294967192)
self.assertEqual(cpu.SF, True)
def test_DEC_14(self):
''' Instruction DEC_14
Groups: not64bitmode
0xf7ff3ee8: dec edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ee8] = 'J'
cpu.EIP = 0xf7ff3ee8
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.PF = True
cpu.EDX = 0x0
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7ff3ee8], 'J')
self.assertEqual(cpu.EIP, 4160700137)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EDX, 4294967295)
self.assertEqual(cpu.SF, True)
def test_DEC_15(self):
''' Instruction DEC_15
Groups: not64bitmode
0xf7ff3ee8: dec edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ee8] = 'J'
cpu.EIP = 0xf7ff3ee8
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.PF = False
cpu.EDX = 0x908cd19d
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7ff3ee8], 'J')
self.assertEqual(cpu.EIP, 4160700137)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EDX, 2425147804)
self.assertEqual(cpu.SF, True)
def test_DEC_16(self):
''' Instruction DEC_16
Groups: not64bitmode
0xf7ff3ece: dec edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ece] = 'J'
cpu.EIP = 0xf7ff3ece
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.PF = False
cpu.EDX = 0x908cd19d
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7ff3ece], 'J')
self.assertEqual(cpu.EIP, 4160700111)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EDX, 2425147804)
self.assertEqual(cpu.SF, True)
def test_DEC_17(self):
''' Instruction DEC_17
Groups: not64bitmode
0x8059864: dec ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x08059864] = 'I'
cpu.EIP = 0x8059864
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.PF = False
cpu.SF = False
cpu.ECX = 0xfe
cpu.execute()
self.assertEqual(mem[0x8059864], 'I')
self.assertEqual(cpu.EIP, 134584421)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ECX, 253)
def test_DEC_18(self):
''' Instruction DEC_18
Groups: not64bitmode
0xf7ff3f02: dec edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3f02] = 'J'
cpu.EIP = 0xf7ff3f02
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.PF = True
cpu.EDX = 0x9693d2ca
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7ff3f02], 'J')
self.assertEqual(cpu.EIP, 4160700163)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EDX, 2526270153)
self.assertEqual(cpu.SF, True)
def test_DEC_19(self):
''' Instruction DEC_19
Groups: not64bitmode
0xf7ff3ece: dec edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ece] = 'J'
cpu.EIP = 0xf7ff3ece
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.PF = False
cpu.EDX = 0x908cd19d
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7ff3ece], 'J')
self.assertEqual(cpu.EIP, 4160700111)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EDX, 2425147804)
self.assertEqual(cpu.SF, True)
def test_DEC_2(self):
''' Instruction DEC_2
Groups: not64bitmode
0xf7ff3cea: dec edi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3cea] = 'O'
cpu.EIP = 0xf7ff3cea
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.EDI = 0x1
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7ff3cea], 'O')
self.assertEqual(cpu.EIP, 4160699627)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.EDI, 0)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_DEC_20(self):
''' Instruction DEC_20
Groups: not64bitmode
0xf7ff3ece: dec edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ece] = 'J'
cpu.EIP = 0xf7ff3ece
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.PF = True
cpu.EDX = 0x9d9693d1
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7ff3ece], 'J')
self.assertEqual(cpu.EIP, 4160700111)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.EDX, 2643891152)
self.assertEqual(cpu.SF, True)
def test_DEC_21(self):
''' Instruction DEC_21
Groups: not64bitmode
0xf7ff3ee8: dec edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ee8] = 'J'
cpu.EIP = 0xf7ff3ee8
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.PF = True
cpu.EDX = 0xa0ffc9d2
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7ff3ee8], 'J')
self.assertEqual(cpu.EIP, 4160700137)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EDX, 2701117905)
self.assertEqual(cpu.SF, True)
def test_DEC_3(self):
''' Instruction DEC_3
Groups: not64bitmode
0xf7ff3ece: dec edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ece] = 'J'
cpu.EIP = 0xf7ff3ece
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.PF = False
cpu.EDX = 0x9a91989b
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7ff3ece], 'J')
self.assertEqual(cpu.EIP, 4160700111)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EDX, 2593233050)
self.assertEqual(cpu.SF, True)
def test_DEC_4(self):
''' Instruction DEC_4
Groups: not64bitmode
0xf7ff3ece: dec edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ece] = 'J'
cpu.EIP = 0xf7ff3ece
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.PF = False
cpu.EDX = 0xcc96d09e
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7ff3ece], 'J')
self.assertEqual(cpu.EIP, 4160700111)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.EDX, 3432435869)
self.assertEqual(cpu.SF, True)
def test_DEC_5(self):
''' Instruction DEC_5
Groups: not64bitmode
0xf7ff3f02: dec edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3f02] = 'J'
cpu.EIP = 0xf7ff3f02
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.PF = False
cpu.EDX = 0x8cd19a8c
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7ff3f02], 'J')
self.assertEqual(cpu.EIP, 4160700163)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EDX, 2362546827)
self.assertEqual(cpu.SF, True)
def test_DEC_6(self):
''' Instruction DEC_6
Groups: not64bitmode
0xf7ff3ece: dec edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ece] = 'J'
cpu.EIP = 0xf7ff3ece
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.PF = False
cpu.EDX = 0x8a919694
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7ff3ece], 'J')
self.assertEqual(cpu.EIP, 4160700111)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EDX, 2324797075)
self.assertEqual(cpu.SF, True)
def test_DEC_7(self):
''' Instruction DEC_7
Groups: not64bitmode
0xf7ff3ece: dec edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ece] = 'J'
cpu.EIP = 0xf7ff3ece
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.PF = True
cpu.EDX = 0x9d9693d1
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7ff3ece], 'J')
self.assertEqual(cpu.EIP, 4160700111)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.EDX, 2643891152)
self.assertEqual(cpu.SF, True)
def test_DEC_8(self):
''' Instruction DEC_8
Groups: not64bitmode
0xf7ff3cea: dec edi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3cea] = 'O'
cpu.EIP = 0xf7ff3cea
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.EDI = 0x1
cpu.PF = True
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7ff3cea], 'O')
self.assertEqual(cpu.EIP, 4160699627)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.EDI, 0)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_DEC_9(self):
''' Instruction DEC_9
Groups: not64bitmode
0xf7ff3ee8: dec edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ee8] = 'J'
cpu.EIP = 0xf7ff3ee8
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.PF = False
cpu.EDX = 0x93d2c9c8
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7ff3ee8], 'J')
self.assertEqual(cpu.EIP, 4160700137)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.EDX, 2480064967)
self.assertEqual(cpu.SF, True)
def test_EMMS_1(self):
''' Instruction EMMS_1
Groups: mmx
0x804d5b9: emms
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x0804d5b9] = '\x0f'
mem[0x0804d5ba] = 'w'
cpu.EIP = 0x804d5b9
cpu.execute()
self.assertEqual(mem[0x804d5b9], '\x0f')
self.assertEqual(mem[0x804d5ba], 'w')
self.assertEqual(cpu.EIP, 134534587)
def test_FNSTCW_1(self):
''' Instruction FNSTCW_1
Groups:
0x8079485: fnstcw word ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x01'
mem[0xffffb601] = '\x00'
mem[0x08079485] = '\xd9'
mem[0x08079486] = '}'
mem[0x08079487] = '\x00'
cpu.FPCW = 0x37f
cpu.EIP = 0x8079485
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x7f')
self.assertEqual(mem[0xffffb601], '\x03')
self.assertEqual(mem[0x8079485], '\xd9')
self.assertEqual(mem[0x8079486], '}')
self.assertEqual(mem[0x8079487], '\x00')
self.assertEqual(cpu.EIP, 134714504)
self.assertEqual(cpu.EBP, 4294948352)
def test_IMUL_1(self):
''' Instruction IMUL_1
Groups:
0x8070337: imul cx, cx, 0xffff
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x08070338] = 'i'
mem[0x08070339] = '\xc9'
mem[0x0807033a] = '\xff'
mem[0x0807033b] = '\xff'
mem[0x08070337] = 'f'
cpu.EIP = 0x8070337
cpu.OF = False
cpu.CF = False
cpu.EAX = 0x0
cpu.CX = 0x0
cpu.EDX = 0x0
cpu.execute()
self.assertEqual(mem[0x8070338], 'i')
self.assertEqual(mem[0x8070339], '\xc9')
self.assertEqual(mem[0x807033a], '\xff')
self.assertEqual(mem[0x807033b], '\xff')
self.assertEqual(mem[0x8070337], 'f')
self.assertEqual(cpu.EIP, 134677308)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.CX, 0)
self.assertEqual(cpu.EDX, 0)
def test_IMUL_10(self):
''' Instruction IMUL_10
Groups:
0xf7ff16bf: imul edi, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem[0xf7ff16c0] = '\xaf'
mem[0xf7ff16c1] = '\xf9'
mem[0xf7ff16bf] = '\x0f'
cpu.EIP = 0xf7ff16bf
cpu.OF = False
cpu.EDI = 0x3
cpu.CF = False
cpu.EAX = 0x13
cpu.EDX = 0x2
cpu.ECX = 0x10
cpu.execute()
self.assertEqual(mem[0xf7ff16c0], '\xaf')
self.assertEqual(mem[0xf7ff16c1], '\xf9')
self.assertEqual(mem[0xf7ff16bf], '\x0f')
self.assertEqual(cpu.EIP, 4160689858)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.EDI, 48)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 19)
self.assertEqual(cpu.EDX, 2)
self.assertEqual(cpu.ECX, 16)
def test_IMUL_11(self):
''' Instruction IMUL_11
Groups:
0x807037d: imul ecx, edx, 0x7fffffff
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x08070380] = '\xff'
mem[0x08070381] = '\xff'
mem[0x08070382] = '\x7f'
mem[0x0807037d] = 'i'
mem[0x0807037e] = '\xca'
mem[0x0807037f] = '\xff'
cpu.EIP = 0x807037d
cpu.OF = False
cpu.CF = False
cpu.EAX = 0x0
cpu.EDX = 0x0
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0x8070380], '\xff')
self.assertEqual(mem[0x8070381], '\xff')
self.assertEqual(mem[0x8070382], '\x7f')
self.assertEqual(mem[0x807037d], 'i')
self.assertEqual(mem[0x807037e], '\xca')
self.assertEqual(mem[0x807037f], '\xff')
self.assertEqual(cpu.EIP, 134677379)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.ECX, 0)
def test_IMUL_12(self):
''' Instruction IMUL_12
Groups:
0xf7fe6597: imul edx, edi, 0x4c
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe6598] = '\xd7'
mem[0xf7fe6599] = 'L'
mem[0xf7fe6597] = 'k'
cpu.EIP = 0xf7fe6597
cpu.OF = False
cpu.EDI = 0x0
cpu.CF = False
cpu.EAX = 0xf7ffd51c
cpu.EDX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe6598], '\xd7')
self.assertEqual(mem[0xf7fe6599], 'L')
self.assertEqual(mem[0xf7fe6597], 'k')
self.assertEqual(cpu.EIP, 4160644506)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.EDI, 0)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 4160738588)
self.assertEqual(cpu.EDX, 0)
def test_IMUL_13(self):
''' Instruction IMUL_13
Groups:
0x8070359: imul cx, dx, 0x8000
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x08070359] = 'f'
mem[0x0807035a] = 'i'
mem[0x0807035b] = '\xca'
mem[0x0807035c] = '\x00'
mem[0x0807035d] = '\x80'
cpu.EIP = 0x8070359
cpu.OF = False
cpu.CF = False
cpu.EAX = 0x0
cpu.CX = 0x0
cpu.DX = 0x0
cpu.EDX = 0x0
cpu.execute()
self.assertEqual(mem[0x8070359], 'f')
self.assertEqual(mem[0x807035a], 'i')
self.assertEqual(mem[0x807035b], '\xca')
self.assertEqual(mem[0x807035c], '\x00')
self.assertEqual(mem[0x807035d], '\x80')
self.assertEqual(cpu.EIP, 134677342)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.CX, 0)
self.assertEqual(cpu.DX, 0)
self.assertEqual(cpu.EDX, 0)
def test_IMUL_14(self):
''' Instruction IMUL_14
Groups:
0x8070368: imul cx, word ptr [ebp], 0x8000
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x85'
mem[0x08070368] = 'f'
mem[0x08070369] = 'i'
mem[0x0807036a] = 'M'
mem[0x0807036b] = '\x00'
mem[0x0807036c] = '\x00'
mem[0x0807036d] = '\x80'
cpu.EIP = 0x8070368
cpu.OF = True
cpu.CF = True
cpu.EAX = 0x0
cpu.CX = 0xa00
cpu.EBP = 0xffffb600
cpu.EDX = 0x0
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x85')
self.assertEqual(mem[0x8070368], 'f')
self.assertEqual(mem[0x8070369], 'i')
self.assertEqual(mem[0x807036a], 'M')
self.assertEqual(mem[0x807036b], '\x00')
self.assertEqual(mem[0x807036c], '\x00')
self.assertEqual(mem[0x807036d], '\x80')
self.assertEqual(cpu.EIP, 134677358)
self.assertEqual(cpu.OF, True)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.CX, 0)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.EDX, 0)
def test_IMUL_15(self):
''' Instruction IMUL_15
Groups:
0x8070320: imul cx, dx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x08070320] = 'f'
mem[0x08070321] = '\x0f'
mem[0x08070322] = '\xaf'
mem[0x08070323] = '\xca'
cpu.EIP = 0x8070320
cpu.OF = False
cpu.CF = False
cpu.EAX = 0x0
cpu.CX = 0x8500
cpu.DX = 0x0
cpu.EDX = 0x0
cpu.execute()
self.assertEqual(mem[0x8070320], 'f')
self.assertEqual(mem[0x8070321], '\x0f')
self.assertEqual(mem[0x8070322], '\xaf')
self.assertEqual(mem[0x8070323], '\xca')
self.assertEqual(cpu.EIP, 134677284)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.CX, 0)
self.assertEqual(cpu.DX, 0)
self.assertEqual(cpu.EDX, 0)
def test_IMUL_16(self):
''' Instruction IMUL_16
Groups:
0xf7fe1dc2: imul eax, dword ptr [ebp + 0x20], 0x4c
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe1000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe1dc2] = 'k'
mem[0xf7fe1dc3] = 'E'
mem[0xf7fe1dc4] = ' '
mem[0xf7fe1dc5] = 'L'
mem[0xffffd0a8] = '\x00'
mem[0xffffd0a9] = '\x00'
mem[0xffffd0aa] = '\x00'
mem[0xffffd0ab] = '\x00'
cpu.EIP = 0xf7fe1dc2
cpu.OF = False
cpu.CF = False
cpu.EAX = 0xf7ffd040
cpu.EBP = 0xffffd088
cpu.EDX = 0x3
cpu.execute()
self.assertEqual(mem[0xf7fe1dc2], 'k')
self.assertEqual(mem[0xf7fe1dc3], 'E')
self.assertEqual(mem[0xf7fe1dc4], ' ')
self.assertEqual(mem[0xf7fe1dc5], 'L')
self.assertEqual(mem[0xffffd0a8], '\x00')
self.assertEqual(mem[0xffffd0a9], '\x00')
self.assertEqual(mem[0xffffd0aa], '\x00')
self.assertEqual(mem[0xffffd0ab], '\x00')
self.assertEqual(cpu.EIP, 4160626118)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.EBP, 4294955144)
self.assertEqual(cpu.EDX, 3)
def test_IMUL_17(self):
''' Instruction IMUL_17
Groups:
0x807032d: imul cx, cx, 0xff
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x08070330] = '\xff'
mem[0x08070331] = '\x00'
mem[0x0807032d] = 'f'
mem[0x0807032e] = 'i'
mem[0x0807032f] = '\xc9'
cpu.EIP = 0x807032d
cpu.OF = False
cpu.CF = False
cpu.EAX = 0x0
cpu.CX = 0x0
cpu.EDX = 0x0
cpu.execute()
self.assertEqual(mem[0x8070330], '\xff')
self.assertEqual(mem[0x8070331], '\x00')
self.assertEqual(mem[0x807032d], 'f')
self.assertEqual(mem[0x807032e], 'i')
self.assertEqual(mem[0x807032f], '\xc9')
self.assertEqual(cpu.EIP, 134677298)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.CX, 0)
self.assertEqual(cpu.EDX, 0)
def test_IMUL_18(self):
''' Instruction IMUL_18
Groups:
0x8070316: imul word ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x85'
mem[0x08070316] = 'f'
mem[0x08070317] = '\xf7'
mem[0x08070318] = 'm'
mem[0x08070319] = '\x00'
cpu.EIP = 0x8070316
cpu.OF = False
cpu.CF = False
cpu.EAX = 0x7b000000
cpu.EBP = 0xffffb600
cpu.EDX = 0xfffffe1e
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x85')
self.assertEqual(mem[0x8070316], 'f')
self.assertEqual(mem[0x8070317], '\xf7')
self.assertEqual(mem[0x8070318], 'm')
self.assertEqual(mem[0x8070319], '\x00')
self.assertEqual(cpu.EIP, 134677274)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 2063597568)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.EDX, 4294901760)
def test_IMUL_19(self):
''' Instruction IMUL_19
Groups:
0x807030c: imul cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x0807030c] = '\xf6'
mem[0x0807030d] = '\xe9'
cpu.EIP = 0x807030c
cpu.CL = 0x0
cpu.OF = False
cpu.CF = False
cpu.EAX = 0xffff0000
cpu.EDX = 0xffffffff
cpu.execute()
self.assertEqual(mem[0x807030c], '\xf6')
self.assertEqual(mem[0x807030d], '\xe9')
self.assertEqual(cpu.EIP, 134677262)
self.assertEqual(cpu.CL, 0)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 4294901760)
self.assertEqual(cpu.EDX, 4294967295)
def test_IMUL_2(self):
''' Instruction IMUL_2
Groups:
0x807030e: imul cx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x08070310] = '\xe9'
mem[0x0807030e] = 'f'
mem[0x0807030f] = '\xf7'
cpu.EIP = 0x807030e
cpu.OF = False
cpu.CF = False
cpu.EAX = 0xffff0000
cpu.CX = 0x8500
cpu.EDX = 0xffffffff
cpu.execute()
self.assertEqual(mem[0x8070310], '\xe9')
self.assertEqual(mem[0x807030e], 'f')
self.assertEqual(mem[0x807030f], '\xf7')
self.assertEqual(cpu.EIP, 134677265)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 4294901760)
self.assertEqual(cpu.CX, 34048)
self.assertEqual(cpu.EDX, 4294901760)
def test_IMUL_20(self):
''' Instruction IMUL_20
Groups:
0x8070313: imul byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0x08070313] = '\xf6'
mem[0x08070314] = 'm'
mem[0x08070315] = '\x00'
cpu.EIP = 0x8070313
cpu.OF = True
cpu.CF = True
cpu.EAX = 0x7b000000
cpu.EBP = 0xffffb600
cpu.EDX = 0xfffffe1e
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0x8070313], '\xf6')
self.assertEqual(mem[0x8070314], 'm')
self.assertEqual(mem[0x8070315], '\x00')
self.assertEqual(cpu.EIP, 134677270)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 2063597568)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.EDX, 4294966814)
def test_IMUL_21(self):
''' Instruction IMUL_21
Groups:
0xf7fed3c3: imul eax, edi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fed000, 0x1000, 'rwx')
mem[0xf7fed3c3] = '\x0f'
mem[0xf7fed3c4] = '\xaf'
mem[0xf7fed3c5] = '\xc7'
cpu.EIP = 0xf7fed3c3
cpu.OF = False
cpu.EDI = 0x40
cpu.CF = False
cpu.EAX = 0x1c
cpu.EDX = 0xb
cpu.execute()
self.assertEqual(mem[0xf7fed3c3], '\x0f')
self.assertEqual(mem[0xf7fed3c4], '\xaf')
self.assertEqual(mem[0xf7fed3c5], '\xc7')
self.assertEqual(cpu.EIP, 4160672710)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.EDI, 64)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 1792)
self.assertEqual(cpu.EDX, 11)
def test_IMUL_3(self):
''' Instruction IMUL_3
Groups:
0x807031d: imul dword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x85'
mem[0xffffb602] = '\xe1'
mem[0xffffb603] = '\x01'
mem[0x0807031d] = '\xf7'
mem[0x0807031e] = 'm'
mem[0x0807031f] = '\x00'
cpu.EIP = 0x807031d
cpu.OF = True
cpu.CF = True
cpu.EAX = 0x0
cpu.EBP = 0xffffb600
cpu.EDX = 0xe75ae7
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x85')
self.assertEqual(mem[0xffffb602], '\xe1')
self.assertEqual(mem[0xffffb603], '\x01')
self.assertEqual(mem[0x807031d], '\xf7')
self.assertEqual(mem[0x807031e], 'm')
self.assertEqual(mem[0x807031f], '\x00')
self.assertEqual(cpu.EIP, 134677280)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.EDX, 0)
def test_IMUL_4(self):
''' Instruction IMUL_4
Groups:
0xf7fe6734: imul eax, dword ptr [esp + 0x58], 0x4c
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem.mmap(0xffffc000, 0x1000, 'rwx')
mem[0xf7fe6738] = 'L'
mem[0xf7fe6734] = 'k'
mem[0xf7fe6735] = 'D'
mem[0xf7fe6736] = '$'
mem[0xf7fe6737] = 'X'
mem[0xffffcf88] = '\x00'
mem[0xffffcf89] = '\x00'
mem[0xffffcf8a] = '\x00'
mem[0xffffcf8b] = '\x00'
cpu.EIP = 0xf7fe6734
cpu.ESP = 0xffffcf30
cpu.OF = False
cpu.CF = False
cpu.EAX = 0xf7fdaa10
cpu.EDX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe6738], 'L')
self.assertEqual(mem[0xf7fe6734], 'k')
self.assertEqual(mem[0xf7fe6735], 'D')
self.assertEqual(mem[0xf7fe6736], '$')
self.assertEqual(mem[0xf7fe6737], 'X')
self.assertEqual(mem[0xffffcf88], '\x00')
self.assertEqual(mem[0xffffcf89], '\x00')
self.assertEqual(mem[0xffffcf8a], '\x00')
self.assertEqual(mem[0xffffcf8b], '\x00')
self.assertEqual(cpu.EIP, 4160644921)
self.assertEqual(cpu.ESP, 4294954800)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.EDX, 0)
def test_IMUL_5(self):
''' Instruction IMUL_5
Groups:
0xf7fe65c5: imul edx, edi, 0x4c
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe65c5] = 'k'
mem[0xf7fe65c6] = '\xd7'
mem[0xf7fe65c7] = 'L'
cpu.EIP = 0xf7fe65c5
cpu.OF = False
cpu.EDI = 0x0
cpu.CF = False
cpu.EAX = 0xf7ffdc28
cpu.EDX = 0xf7ffd040
cpu.execute()
self.assertEqual(mem[0xf7fe65c5], 'k')
self.assertEqual(mem[0xf7fe65c6], '\xd7')
self.assertEqual(mem[0xf7fe65c7], 'L')
self.assertEqual(cpu.EIP, 4160644552)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.EDI, 0)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 4160740392)
self.assertEqual(cpu.EDX, 0)
def test_IMUL_6(self):
''' Instruction IMUL_6
Groups:
0xf7fe6597: imul edx, edi, 0x4c
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe6598] = '\xd7'
mem[0xf7fe6599] = 'L'
mem[0xf7fe6597] = 'k'
cpu.EIP = 0xf7fe6597
cpu.OF = False
cpu.EDI = 0x0
cpu.CF = False
cpu.EAX = 0xf7ffd51c
cpu.EDX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe6598], '\xd7')
self.assertEqual(mem[0xf7fe6599], 'L')
self.assertEqual(mem[0xf7fe6597], 'k')
self.assertEqual(cpu.EIP, 4160644506)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.EDI, 0)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 4160738588)
self.assertEqual(cpu.EDX, 0)
def test_IMUL_7(self):
''' Instruction IMUL_7
Groups:
0xf7eaa033: imul edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa033] = '\xf7'
mem[0xf7eaa034] = '\xea'
cpu.EIP = 0xf7eaa033
cpu.EDX = 0x55555556
cpu.CF = False
cpu.EAX = 0x3
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xf7eaa033], '\xf7')
self.assertEqual(mem[0xf7eaa034], '\xea')
self.assertEqual(cpu.EIP, 4159348789)
self.assertEqual(cpu.EDX, 1)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.OF, True)
self.assertEqual(cpu.EAX, 2)
def test_IMUL_8(self):
''' Instruction IMUL_8
Groups:
0xf7ff16bf: imul edi, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem[0xf7ff16c0] = '\xaf'
mem[0xf7ff16c1] = '\xf9'
mem[0xf7ff16bf] = '\x0f'
cpu.EIP = 0xf7ff16bf
cpu.OF = False
cpu.EDI = 0x2ed
cpu.CF = False
cpu.EAX = 0x2ed
cpu.EDX = 0x100
cpu.ECX = 0x1
cpu.execute()
self.assertEqual(mem[0xf7ff16c0], '\xaf')
self.assertEqual(mem[0xf7ff16c1], '\xf9')
self.assertEqual(mem[0xf7ff16bf], '\x0f')
self.assertEqual(cpu.EIP, 4160689858)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.EDI, 749)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 749)
self.assertEqual(cpu.EDX, 256)
self.assertEqual(cpu.ECX, 1)
def test_IMUL_9(self):
''' Instruction IMUL_9
Groups:
0x8070343: imul ecx, ecx, 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x08070343] = 'k'
mem[0x08070344] = '\xc9'
mem[0x08070345] = '\x04'
cpu.EIP = 0x8070343
cpu.OF = False
cpu.CF = False
cpu.EAX = 0x0
cpu.EDX = 0x0
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0x8070343], 'k')
self.assertEqual(mem[0x8070344], '\xc9')
self.assertEqual(mem[0x8070345], '\x04')
self.assertEqual(cpu.EIP, 134677318)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.ECX, 0)
def test_INC_1(self):
''' Instruction INC_1
Groups: not64bitmode
0x80798f6: inc esi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x080798f6] = 'F'
cpu.EIP = 0x80798f6
cpu.AF = False
cpu.OF = False
cpu.ZF = True
cpu.PF = False
cpu.SF = False
cpu.ESI = 0x9
cpu.execute()
self.assertEqual(mem[0x80798f6], 'F')
self.assertEqual(cpu.EIP, 134715639)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ESI, 10)
def test_INC_10(self):
''' Instruction INC_10
Groups: not64bitmode
0xf7ff3e6e: inc ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6e] = 'A'
cpu.EIP = 0xf7ff3e6e
cpu.AF = False
cpu.OF = False
cpu.ZF = True
cpu.PF = True
cpu.SF = False
cpu.ECX = 0xf7fdc639
cpu.execute()
self.assertEqual(mem[0xf7ff3e6e], 'A')
self.assertEqual(cpu.EIP, 4160700015)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, True)
self.assertEqual(cpu.ECX, 4160603706)
def test_INC_11(self):
''' Instruction INC_11
Groups: not64bitmode
0xf7ff3e6f: inc edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6f] = 'B'
cpu.EIP = 0xf7ff3e6f
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.PF = True
cpu.EDX = 0xf7e280a2
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7ff3e6f], 'B')
self.assertEqual(cpu.EIP, 4160700016)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EDX, 4158816419)
self.assertEqual(cpu.SF, True)
def test_INC_12(self):
''' Instruction INC_12
Groups: not64bitmode
0xf7ff3e6e: inc ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6e] = 'A'
cpu.EIP = 0xf7ff3e6e
cpu.AF = False
cpu.OF = False
cpu.ZF = True
cpu.PF = True
cpu.SF = False
cpu.ECX = 0xf7e2806a
cpu.execute()
self.assertEqual(mem[0xf7ff3e6e], 'A')
self.assertEqual(cpu.EIP, 4160700015)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, True)
self.assertEqual(cpu.ECX, 4158816363)
def test_INC_13(self):
''' Instruction INC_13
Groups: not64bitmode
0xf7ff3e6e: inc ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6e] = 'A'
cpu.EIP = 0xf7ff3e6e
cpu.AF = False
cpu.OF = False
cpu.ZF = True
cpu.PF = True
cpu.SF = False
cpu.ECX = 0xf7e2806a
cpu.execute()
self.assertEqual(mem[0xf7ff3e6e], 'A')
self.assertEqual(cpu.EIP, 4160700015)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, True)
self.assertEqual(cpu.ECX, 4158816363)
def test_INC_14(self):
''' Instruction INC_14
Groups: not64bitmode
0xf7ff3e6e: inc ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6e] = 'A'
cpu.EIP = 0xf7ff3e6e
cpu.AF = False
cpu.OF = False
cpu.ZF = True
cpu.PF = True
cpu.SF = False
cpu.ECX = 0xf7e2809f
cpu.execute()
self.assertEqual(mem[0xf7ff3e6e], 'A')
self.assertEqual(cpu.EIP, 4160700015)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, True)
self.assertEqual(cpu.ECX, 4158816416)
def test_INC_15(self):
''' Instruction INC_15
Groups: not64bitmode
0x807b66d: inc edi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b66d] = 'G'
cpu.EIP = 0x807b66d
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.EDI = 0xd
cpu.PF = True
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0x807b66d], 'G')
self.assertEqual(cpu.EIP, 134723182)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.EDI, 14)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
def test_INC_16(self):
''' Instruction INC_16
Groups: not64bitmode
0xf7e901c4: inc edi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e90000, 0x1000, 'rwx')
mem[0xf7e901c4] = 'G'
cpu.EIP = 0xf7e901c4
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.EDI = 0xffffffff
cpu.PF = True
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7e901c4], 'G')
self.assertEqual(cpu.EIP, 4159242693)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.EDI, 0)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_INC_17(self):
''' Instruction INC_17
Groups: not64bitmode
0xf7ff3e6e: inc ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6e] = 'A'
cpu.EIP = 0xf7ff3e6e
cpu.AF = False
cpu.OF = False
cpu.ZF = True
cpu.PF = True
cpu.SF = False
cpu.ECX = 0x80481f3
cpu.execute()
self.assertEqual(mem[0xf7ff3e6e], 'A')
self.assertEqual(cpu.EIP, 4160700015)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ECX, 134513140)
def test_INC_18(self):
''' Instruction INC_18
Groups: not64bitmode
0x807adab: inc esi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807adab] = 'F'
cpu.EIP = 0x807adab
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.PF = True
cpu.SF = False
cpu.ESI = 0x0
cpu.execute()
self.assertEqual(mem[0x807adab], 'F')
self.assertEqual(cpu.EIP, 134720940)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ESI, 1)
def test_INC_19(self):
''' Instruction INC_19
Groups: not64bitmode
0xf7ff3e6e: inc ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6e] = 'A'
cpu.EIP = 0xf7ff3e6e
cpu.AF = False
cpu.OF = False
cpu.ZF = True
cpu.PF = True
cpu.SF = False
cpu.ECX = 0xf7e2806e
cpu.execute()
self.assertEqual(mem[0xf7ff3e6e], 'A')
self.assertEqual(cpu.EIP, 4160700015)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, True)
self.assertEqual(cpu.ECX, 4158816367)
def test_INC_2(self):
''' Instruction INC_2
Groups: not64bitmode
0xf7ff3e6e: inc ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6e] = 'A'
cpu.EIP = 0xf7ff3e6e
cpu.AF = False
cpu.OF = False
cpu.ZF = True
cpu.PF = True
cpu.SF = False
cpu.ECX = 0xf7e28054
cpu.execute()
self.assertEqual(mem[0xf7ff3e6e], 'A')
self.assertEqual(cpu.EIP, 4160700015)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, True)
self.assertEqual(cpu.ECX, 4158816341)
def test_INC_20(self):
''' Instruction INC_20
Groups: not64bitmode
0x807a42d: inc esi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a42d] = 'F'
cpu.EIP = 0x807a42d
cpu.AF = True
cpu.OF = False
cpu.ZF = True
cpu.PF = True
cpu.SF = True
cpu.ESI = 0xf
cpu.execute()
self.assertEqual(mem[0x807a42d], 'F')
self.assertEqual(cpu.EIP, 134718510)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ESI, 16)
def test_INC_21(self):
''' Instruction INC_21
Groups: not64bitmode
0x8079cb3: inc esi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079cb3] = 'F'
cpu.EIP = 0x8079cb3
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.PF = False
cpu.SF = True
cpu.ESI = 0x10
cpu.execute()
self.assertEqual(mem[0x8079cb3], 'F')
self.assertEqual(cpu.EIP, 134716596)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ESI, 17)
def test_INC_3(self):
''' Instruction INC_3
Groups: not64bitmode
0xf7ff3e6e: inc ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6e] = 'A'
cpu.EIP = 0xf7ff3e6e
cpu.AF = False
cpu.OF = False
cpu.ZF = True
cpu.PF = True
cpu.SF = False
cpu.ECX = 0xf7e28065
cpu.execute()
self.assertEqual(mem[0xf7ff3e6e], 'A')
self.assertEqual(cpu.EIP, 4160700015)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, True)
self.assertEqual(cpu.ECX, 4158816358)
def test_INC_4(self):
''' Instruction INC_4
Groups: not64bitmode
0x8079f01: inc edi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079f01] = 'G'
cpu.EIP = 0x8079f01
cpu.AF = True
cpu.OF = False
cpu.ZF = True
cpu.EDI = 0x7
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x8079f01], 'G')
self.assertEqual(cpu.EIP, 134717186)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.EDI, 8)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
def test_INC_5(self):
''' Instruction INC_5
Groups: not64bitmode
0xf7ff3e6e: inc ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6e] = 'A'
cpu.EIP = 0xf7ff3e6e
cpu.AF = False
cpu.OF = False
cpu.ZF = True
cpu.PF = True
cpu.SF = False
cpu.ECX = 0xf7e28050
cpu.execute()
self.assertEqual(mem[0xf7ff3e6e], 'A')
self.assertEqual(cpu.EIP, 4160700015)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, True)
self.assertEqual(cpu.ECX, 4158816337)
def test_INC_6(self):
''' Instruction INC_6
Groups: not64bitmode
0xf7ff3e6f: inc edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6f] = 'B'
cpu.EIP = 0xf7ff3e6f
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.PF = False
cpu.EDX = 0xf7e28067
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7ff3e6f], 'B')
self.assertEqual(cpu.EIP, 4160700016)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.EDX, 4158816360)
self.assertEqual(cpu.SF, True)
def test_INC_7(self):
''' Instruction INC_7
Groups: not64bitmode
0xf7ff3e6f: inc edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6f] = 'B'
cpu.EIP = 0xf7ff3e6f
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.PF = True
cpu.EDX = 0xf7fdc613
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7ff3e6f], 'B')
self.assertEqual(cpu.EIP, 4160700016)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EDX, 4160603668)
self.assertEqual(cpu.SF, True)
def test_INC_8(self):
''' Instruction INC_8
Groups: not64bitmode
0xf7ff3e6e: inc ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6e] = 'A'
cpu.EIP = 0xf7ff3e6e
cpu.AF = False
cpu.OF = False
cpu.ZF = True
cpu.PF = True
cpu.SF = False
cpu.ECX = 0xf7e28062
cpu.execute()
self.assertEqual(mem[0xf7ff3e6e], 'A')
self.assertEqual(cpu.EIP, 4160700015)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, True)
self.assertEqual(cpu.ECX, 4158816355)
def test_INC_9(self):
''' Instruction INC_9
Groups: not64bitmode
0xf7ff3e6f: inc edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6f] = 'B'
cpu.EIP = 0xf7ff3e6f
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.PF = False
cpu.EDX = 0xf7e27290
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7ff3e6f], 'B')
self.assertEqual(cpu.EIP, 4160700016)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.EDX, 4158812817)
self.assertEqual(cpu.SF, True)
def test_JAE_1(self):
''' Instruction JAE_1
Groups: jump
0xf7fddb2d: jae 0xf7fddbb3
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fdd000, 0x1000, 'rwx')
mem[0xf7fddb2d] = '\x0f'
mem[0xf7fddb2e] = '\x83'
mem[0xf7fddb2f] = '\x80'
mem[0xf7fddb30] = '\x00'
mem[0xf7fddb31] = '\x00'
mem[0xf7fddb32] = '\x00'
cpu.EIP = 0xf7fddb2d
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7fddb2d], '\x0f')
self.assertEqual(mem[0xf7fddb2e], '\x83')
self.assertEqual(mem[0xf7fddb2f], '\x80')
self.assertEqual(mem[0xf7fddb30], '\x00')
self.assertEqual(mem[0xf7fddb31], '\x00')
self.assertEqual(mem[0xf7fddb32], '\x00')
self.assertEqual(cpu.EIP, 4160609075)
def test_JAE_10(self):
''' Instruction JAE_10
Groups: jump
0xf7fe4cc3: jae 0xf7fe4d78
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc3] = '\x0f'
mem[0xf7fe4cc4] = '\x83'
mem[0xf7fe4cc5] = '\xaf'
mem[0xf7fe4cc6] = '\x00'
mem[0xf7fe4cc7] = '\x00'
mem[0xf7fe4cc8] = '\x00'
cpu.EIP = 0xf7fe4cc3
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7fe4cc3], '\x0f')
self.assertEqual(mem[0xf7fe4cc4], '\x83')
self.assertEqual(mem[0xf7fe4cc5], '\xaf')
self.assertEqual(mem[0xf7fe4cc6], '\x00')
self.assertEqual(mem[0xf7fe4cc7], '\x00')
self.assertEqual(mem[0xf7fe4cc8], '\x00')
self.assertEqual(cpu.EIP, 4160638153)
def test_JAE_11(self):
''' Instruction JAE_11
Groups: jump
0xf7fe4cc3: jae 0xf7fe4d78
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc3] = '\x0f'
mem[0xf7fe4cc4] = '\x83'
mem[0xf7fe4cc5] = '\xaf'
mem[0xf7fe4cc6] = '\x00'
mem[0xf7fe4cc7] = '\x00'
mem[0xf7fe4cc8] = '\x00'
cpu.EIP = 0xf7fe4cc3
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7fe4cc3], '\x0f')
self.assertEqual(mem[0xf7fe4cc4], '\x83')
self.assertEqual(mem[0xf7fe4cc5], '\xaf')
self.assertEqual(mem[0xf7fe4cc6], '\x00')
self.assertEqual(mem[0xf7fe4cc7], '\x00')
self.assertEqual(mem[0xf7fe4cc8], '\x00')
self.assertEqual(cpu.EIP, 4160638153)
def test_JAE_12(self):
''' Instruction JAE_12
Groups: jump
0xf7fddb2d: jae 0xf7fddbb3
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fdd000, 0x1000, 'rwx')
mem[0xf7fddb2d] = '\x0f'
mem[0xf7fddb2e] = '\x83'
mem[0xf7fddb2f] = '\x80'
mem[0xf7fddb30] = '\x00'
mem[0xf7fddb31] = '\x00'
mem[0xf7fddb32] = '\x00'
cpu.EIP = 0xf7fddb2d
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7fddb2d], '\x0f')
self.assertEqual(mem[0xf7fddb2e], '\x83')
self.assertEqual(mem[0xf7fddb2f], '\x80')
self.assertEqual(mem[0xf7fddb30], '\x00')
self.assertEqual(mem[0xf7fddb31], '\x00')
self.assertEqual(mem[0xf7fddb32], '\x00')
self.assertEqual(cpu.EIP, 4160609075)
def test_JAE_13(self):
''' Instruction JAE_13
Groups: jump
0xf7fe4cc3: jae 0xf7fe4d78
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc3] = '\x0f'
mem[0xf7fe4cc4] = '\x83'
mem[0xf7fe4cc5] = '\xaf'
mem[0xf7fe4cc6] = '\x00'
mem[0xf7fe4cc7] = '\x00'
mem[0xf7fe4cc8] = '\x00'
cpu.EIP = 0xf7fe4cc3
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7fe4cc3], '\x0f')
self.assertEqual(mem[0xf7fe4cc4], '\x83')
self.assertEqual(mem[0xf7fe4cc5], '\xaf')
self.assertEqual(mem[0xf7fe4cc6], '\x00')
self.assertEqual(mem[0xf7fe4cc7], '\x00')
self.assertEqual(mem[0xf7fe4cc8], '\x00')
self.assertEqual(cpu.EIP, 4160638153)
def test_JAE_14(self):
''' Instruction JAE_14
Groups: jump
0xf7fe4cc3: jae 0xf7fe4d78
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc3] = '\x0f'
mem[0xf7fe4cc4] = '\x83'
mem[0xf7fe4cc5] = '\xaf'
mem[0xf7fe4cc6] = '\x00'
mem[0xf7fe4cc7] = '\x00'
mem[0xf7fe4cc8] = '\x00'
cpu.EIP = 0xf7fe4cc3
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7fe4cc3], '\x0f')
self.assertEqual(mem[0xf7fe4cc4], '\x83')
self.assertEqual(mem[0xf7fe4cc5], '\xaf')
self.assertEqual(mem[0xf7fe4cc6], '\x00')
self.assertEqual(mem[0xf7fe4cc7], '\x00')
self.assertEqual(mem[0xf7fe4cc8], '\x00')
self.assertEqual(cpu.EIP, 4160638153)
def test_JAE_15(self):
''' Instruction JAE_15
Groups: jump
0x807ab94: jae 0x807ab99
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807ab94] = 's'
mem[0x0807ab95] = '\x03'
cpu.EIP = 0x807ab94
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0x807ab94], 's')
self.assertEqual(mem[0x807ab95], '\x03')
self.assertEqual(cpu.EIP, 134720406)
def test_JAE_16(self):
''' Instruction JAE_16
Groups: jump
0xf7fe1fcd: jae 0xf7fe21e8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe1000, 0x1000, 'rwx')
mem[0xf7fe1fcd] = '\x0f'
mem[0xf7fe1fce] = '\x83'
mem[0xf7fe1fcf] = '\x15'
mem[0xf7fe1fd0] = '\x02'
mem[0xf7fe1fd1] = '\x00'
mem[0xf7fe1fd2] = '\x00'
cpu.EIP = 0xf7fe1fcd
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7fe1fcd], '\x0f')
self.assertEqual(mem[0xf7fe1fce], '\x83')
self.assertEqual(mem[0xf7fe1fcf], '\x15')
self.assertEqual(mem[0xf7fe1fd0], '\x02')
self.assertEqual(mem[0xf7fe1fd1], '\x00')
self.assertEqual(mem[0xf7fe1fd2], '\x00')
self.assertEqual(cpu.EIP, 4160626643)
def test_JAE_17(self):
''' Instruction JAE_17
Groups: jump
0xf7e9019c: jae 0xf7e9027c
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e90000, 0x1000, 'rwx')
mem[0xf7e901a0] = '\x00'
mem[0xf7e901a1] = '\x00'
mem[0xf7e9019c] = '\x0f'
mem[0xf7e9019d] = '\x83'
mem[0xf7e9019e] = '\xda'
mem[0xf7e9019f] = '\x00'
cpu.EIP = 0xf7e9019c
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7e901a0], '\x00')
self.assertEqual(mem[0xf7e901a1], '\x00')
self.assertEqual(mem[0xf7e9019c], '\x0f')
self.assertEqual(mem[0xf7e9019d], '\x83')
self.assertEqual(mem[0xf7e9019e], '\xda')
self.assertEqual(mem[0xf7e9019f], '\x00')
self.assertEqual(cpu.EIP, 4159242658)
def test_JAE_18(self):
''' Instruction JAE_18
Groups: jump
0xf7ff4648: jae 0xf7ff464b
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4648] = 's'
mem[0xf7ff4649] = '\x01'
cpu.EIP = 0xf7ff4648
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7ff4648], 's')
self.assertEqual(mem[0xf7ff4649], '\x01')
self.assertEqual(cpu.EIP, 4160702026)
def test_JAE_19(self):
''' Instruction JAE_19
Groups: jump
0xf7eaa0c6: jae 0xf7eaa0e4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa0c6] = 's'
mem[0xf7eaa0c7] = '\x1c'
cpu.EIP = 0xf7eaa0c6
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7eaa0c6], 's')
self.assertEqual(mem[0xf7eaa0c7], '\x1c')
self.assertEqual(cpu.EIP, 4159348936)
def test_JAE_2(self):
''' Instruction JAE_2
Groups: jump
0xf7eaa0c6: jae 0xf7eaa0e4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa0c6] = 's'
mem[0xf7eaa0c7] = '\x1c'
cpu.EIP = 0xf7eaa0c6
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7eaa0c6], 's')
self.assertEqual(mem[0xf7eaa0c7], '\x1c')
self.assertEqual(cpu.EIP, 4159348936)
def test_JAE_20(self):
''' Instruction JAE_20
Groups: jump
0xf7eaa0c6: jae 0xf7eaa0e4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa0c6] = 's'
mem[0xf7eaa0c7] = '\x1c'
cpu.EIP = 0xf7eaa0c6
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7eaa0c6], 's')
self.assertEqual(mem[0xf7eaa0c7], '\x1c')
self.assertEqual(cpu.EIP, 4159348936)
def test_JAE_21(self):
''' Instruction JAE_21
Groups: jump
0xf7ff3d5f: jae 0xf7ff3e32
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3d60] = '\x83'
mem[0xf7ff3d61] = '\xcd'
mem[0xf7ff3d62] = '\x00'
mem[0xf7ff3d63] = '\x00'
mem[0xf7ff3d64] = '\x00'
mem[0xf7ff3d5f] = '\x0f'
cpu.EIP = 0xf7ff3d5f
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7ff3d60], '\x83')
self.assertEqual(mem[0xf7ff3d61], '\xcd')
self.assertEqual(mem[0xf7ff3d62], '\x00')
self.assertEqual(mem[0xf7ff3d63], '\x00')
self.assertEqual(mem[0xf7ff3d64], '\x00')
self.assertEqual(mem[0xf7ff3d5f], '\x0f')
self.assertEqual(cpu.EIP, 4160699749)
def test_JAE_3(self):
''' Instruction JAE_3
Groups: jump
0x807b4c9: jae 0x807b4ce
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b4c9] = 's'
mem[0x0807b4ca] = '\x03'
cpu.EIP = 0x807b4c9
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0x807b4c9], 's')
self.assertEqual(mem[0x807b4ca], '\x03')
self.assertEqual(cpu.EIP, 134722766)
def test_JAE_4(self):
''' Instruction JAE_4
Groups: jump
0xf7ff15a0: jae 0xf7ff15aa
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem[0xf7ff15a0] = 's'
mem[0xf7ff15a1] = '\x08'
cpu.EIP = 0xf7ff15a0
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7ff15a0], 's')
self.assertEqual(mem[0xf7ff15a1], '\x08')
self.assertEqual(cpu.EIP, 4160689570)
def test_JAE_5(self):
''' Instruction JAE_5
Groups: jump
0xf7fe4cc3: jae 0xf7fe4d78
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc3] = '\x0f'
mem[0xf7fe4cc4] = '\x83'
mem[0xf7fe4cc5] = '\xaf'
mem[0xf7fe4cc6] = '\x00'
mem[0xf7fe4cc7] = '\x00'
mem[0xf7fe4cc8] = '\x00'
cpu.EIP = 0xf7fe4cc3
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7fe4cc3], '\x0f')
self.assertEqual(mem[0xf7fe4cc4], '\x83')
self.assertEqual(mem[0xf7fe4cc5], '\xaf')
self.assertEqual(mem[0xf7fe4cc6], '\x00')
self.assertEqual(mem[0xf7fe4cc7], '\x00')
self.assertEqual(mem[0xf7fe4cc8], '\x00')
self.assertEqual(cpu.EIP, 4160638153)
def test_JAE_6(self):
''' Instruction JAE_6
Groups: jump
0x807abb8: jae 0x807abbd
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807abb8] = 's'
mem[0x0807abb9] = '\x03'
cpu.EIP = 0x807abb8
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0x807abb8], 's')
self.assertEqual(mem[0x807abb9], '\x03')
self.assertEqual(cpu.EIP, 134720442)
def test_JAE_7(self):
''' Instruction JAE_7
Groups: jump
0x807a4b3: jae 0x807a4b8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a4b3] = 's'
mem[0x0807a4b4] = '\x03'
cpu.EIP = 0x807a4b3
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0x807a4b3], 's')
self.assertEqual(mem[0x807a4b4], '\x03')
self.assertEqual(cpu.EIP, 134718648)
def test_JAE_8(self):
''' Instruction JAE_8
Groups: jump
0xf7ff4543: jae 0xf7ff4546
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4543] = 's'
mem[0xf7ff4544] = '\x01'
cpu.EIP = 0xf7ff4543
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7ff4543], 's')
self.assertEqual(mem[0xf7ff4544], '\x01')
self.assertEqual(cpu.EIP, 4160701765)
def test_JAE_9(self):
''' Instruction JAE_9
Groups: jump
0xf7e901d1: jae 0xf7e90279
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e90000, 0x1000, 'rwx')
mem[0xf7e901d1] = '\x0f'
mem[0xf7e901d2] = '\x83'
mem[0xf7e901d3] = '\xa2'
mem[0xf7e901d4] = '\x00'
mem[0xf7e901d5] = '\x00'
mem[0xf7e901d6] = '\x00'
cpu.EIP = 0xf7e901d1
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7e901d1], '\x0f')
self.assertEqual(mem[0xf7e901d2], '\x83')
self.assertEqual(mem[0xf7e901d3], '\xa2')
self.assertEqual(mem[0xf7e901d4], '\x00')
self.assertEqual(mem[0xf7e901d5], '\x00')
self.assertEqual(mem[0xf7e901d6], '\x00')
self.assertEqual(cpu.EIP, 4159242711)
def test_JA_1(self):
''' Instruction JA_1
Groups: jump
0xf7ff062a: ja 0xf7ff06a8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff062a] = 'w'
mem[0xf7ff062b] = '|'
cpu.EIP = 0xf7ff062a
cpu.ZF = False
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xf7ff062a], 'w')
self.assertEqual(mem[0xf7ff062b], '|')
self.assertEqual(cpu.EIP, 4160685736)
def test_JA_10(self):
''' Instruction JA_10
Groups: jump
0xf7fe4f87: ja 0xf7fe4e88
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f87] = '\x0f'
mem[0xf7fe4f88] = '\x87'
mem[0xf7fe4f89] = '\xfb'
mem[0xf7fe4f8a] = '\xfe'
mem[0xf7fe4f8b] = '\xff'
mem[0xf7fe4f8c] = '\xff'
cpu.EIP = 0xf7fe4f87
cpu.ZF = False
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xf7fe4f87], '\x0f')
self.assertEqual(mem[0xf7fe4f88], '\x87')
self.assertEqual(mem[0xf7fe4f89], '\xfb')
self.assertEqual(mem[0xf7fe4f8a], '\xfe')
self.assertEqual(mem[0xf7fe4f8b], '\xff')
self.assertEqual(mem[0xf7fe4f8c], '\xff')
self.assertEqual(cpu.EIP, 4160638600)
def test_JA_11(self):
''' Instruction JA_11
Groups: jump
0xf7fe71bd: ja 0xf7fe71a8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bd] = 'w'
mem[0xf7fe71be] = '\xe9'
cpu.EIP = 0xf7fe71bd
cpu.ZF = False
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xf7fe71bd], 'w')
self.assertEqual(mem[0xf7fe71be], '\xe9')
self.assertEqual(cpu.EIP, 4160647592)
def test_JA_12(self):
''' Instruction JA_12
Groups: jump
0xf7fe71bd: ja 0xf7fe71a8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bd] = 'w'
mem[0xf7fe71be] = '\xe9'
cpu.EIP = 0xf7fe71bd
cpu.ZF = False
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xf7fe71bd], 'w')
self.assertEqual(mem[0xf7fe71be], '\xe9')
self.assertEqual(cpu.EIP, 4160647592)
def test_JA_13(self):
''' Instruction JA_13
Groups: jump
0xf7fe735a: ja 0xf7fe71f0
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe735a] = '\x0f'
mem[0xf7fe735b] = '\x87'
mem[0xf7fe735c] = '\x90'
mem[0xf7fe735d] = '\xfe'
mem[0xf7fe735e] = '\xff'
mem[0xf7fe735f] = '\xff'
cpu.EIP = 0xf7fe735a
cpu.ZF = False
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xf7fe735a], '\x0f')
self.assertEqual(mem[0xf7fe735b], '\x87')
self.assertEqual(mem[0xf7fe735c], '\x90')
self.assertEqual(mem[0xf7fe735d], '\xfe')
self.assertEqual(mem[0xf7fe735e], '\xff')
self.assertEqual(mem[0xf7fe735f], '\xff')
self.assertEqual(cpu.EIP, 4160647664)
def test_JA_14(self):
''' Instruction JA_14
Groups: jump
0xf7fe71bd: ja 0xf7fe71a8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bd] = 'w'
mem[0xf7fe71be] = '\xe9'
cpu.EIP = 0xf7fe71bd
cpu.ZF = False
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xf7fe71bd], 'w')
self.assertEqual(mem[0xf7fe71be], '\xe9')
self.assertEqual(cpu.EIP, 4160647592)
def test_JA_15(self):
''' Instruction JA_15
Groups: jump
0xf7fe71bd: ja 0xf7fe71a8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bd] = 'w'
mem[0xf7fe71be] = '\xe9'
cpu.EIP = 0xf7fe71bd
cpu.ZF = False
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xf7fe71bd], 'w')
self.assertEqual(mem[0xf7fe71be], '\xe9')
self.assertEqual(cpu.EIP, 4160647592)
def test_JA_16(self):
''' Instruction JA_16
Groups: jump
0xf7fe4f87: ja 0xf7fe4e88
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f87] = '\x0f'
mem[0xf7fe4f88] = '\x87'
mem[0xf7fe4f89] = '\xfb'
mem[0xf7fe4f8a] = '\xfe'
mem[0xf7fe4f8b] = '\xff'
mem[0xf7fe4f8c] = '\xff'
cpu.EIP = 0xf7fe4f87
cpu.ZF = False
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xf7fe4f87], '\x0f')
self.assertEqual(mem[0xf7fe4f88], '\x87')
self.assertEqual(mem[0xf7fe4f89], '\xfb')
self.assertEqual(mem[0xf7fe4f8a], '\xfe')
self.assertEqual(mem[0xf7fe4f8b], '\xff')
self.assertEqual(mem[0xf7fe4f8c], '\xff')
self.assertEqual(cpu.EIP, 4160638600)
def test_JA_17(self):
''' Instruction JA_17
Groups: jump
0xf7fe71bd: ja 0xf7fe71a8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bd] = 'w'
mem[0xf7fe71be] = '\xe9'
cpu.EIP = 0xf7fe71bd
cpu.ZF = False
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xf7fe71bd], 'w')
self.assertEqual(mem[0xf7fe71be], '\xe9')
self.assertEqual(cpu.EIP, 4160647592)
def test_JA_18(self):
''' Instruction JA_18
Groups: jump
0xf7fe71bd: ja 0xf7fe71a8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bd] = 'w'
mem[0xf7fe71be] = '\xe9'
cpu.EIP = 0xf7fe71bd
cpu.ZF = False
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xf7fe71bd], 'w')
self.assertEqual(mem[0xf7fe71be], '\xe9')
self.assertEqual(cpu.EIP, 4160647592)
def test_JA_19(self):
''' Instruction JA_19
Groups: jump
0xf7fe71bd: ja 0xf7fe71a8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bd] = 'w'
mem[0xf7fe71be] = '\xe9'
cpu.EIP = 0xf7fe71bd
cpu.ZF = False
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xf7fe71bd], 'w')
self.assertEqual(mem[0xf7fe71be], '\xe9')
self.assertEqual(cpu.EIP, 4160647592)
def test_JA_2(self):
''' Instruction JA_2
Groups: jump
0xf7fe71bd: ja 0xf7fe71a8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bd] = 'w'
mem[0xf7fe71be] = '\xe9'
cpu.EIP = 0xf7fe71bd
cpu.ZF = False
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xf7fe71bd], 'w')
self.assertEqual(mem[0xf7fe71be], '\xe9')
self.assertEqual(cpu.EIP, 4160647592)
def test_JA_20(self):
''' Instruction JA_20
Groups: jump
0xf7fe732f: ja 0xf7fe74b0
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe732f] = '\x0f'
mem[0xf7fe7330] = '\x87'
mem[0xf7fe7331] = '{'
mem[0xf7fe7332] = '\x01'
mem[0xf7fe7333] = '\x00'
mem[0xf7fe7334] = '\x00'
cpu.EIP = 0xf7fe732f
cpu.ZF = False
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7fe732f], '\x0f')
self.assertEqual(mem[0xf7fe7330], '\x87')
self.assertEqual(mem[0xf7fe7331], '{')
self.assertEqual(mem[0xf7fe7332], '\x01')
self.assertEqual(mem[0xf7fe7333], '\x00')
self.assertEqual(mem[0xf7fe7334], '\x00')
self.assertEqual(cpu.EIP, 4160647989)
def test_JA_21(self):
''' Instruction JA_21
Groups: jump
0xf7fe732f: ja 0xf7fe74b0
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe732f] = '\x0f'
mem[0xf7fe7330] = '\x87'
mem[0xf7fe7331] = '{'
mem[0xf7fe7332] = '\x01'
mem[0xf7fe7333] = '\x00'
mem[0xf7fe7334] = '\x00'
cpu.EIP = 0xf7fe732f
cpu.ZF = False
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7fe732f], '\x0f')
self.assertEqual(mem[0xf7fe7330], '\x87')
self.assertEqual(mem[0xf7fe7331], '{')
self.assertEqual(mem[0xf7fe7332], '\x01')
self.assertEqual(mem[0xf7fe7333], '\x00')
self.assertEqual(mem[0xf7fe7334], '\x00')
self.assertEqual(cpu.EIP, 4160647989)
def test_JA_3(self):
''' Instruction JA_3
Groups: jump
0xf7fe71bd: ja 0xf7fe71a8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bd] = 'w'
mem[0xf7fe71be] = '\xe9'
cpu.EIP = 0xf7fe71bd
cpu.ZF = False
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xf7fe71bd], 'w')
self.assertEqual(mem[0xf7fe71be], '\xe9')
self.assertEqual(cpu.EIP, 4160647592)
def test_JA_4(self):
''' Instruction JA_4
Groups: jump
0xf7fe6dd7: ja 0xf7fe6da8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe6dd8] = '\xcf'
mem[0xf7fe6dd7] = 'w'
cpu.EIP = 0xf7fe6dd7
cpu.ZF = True
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xf7fe6dd8], '\xcf')
self.assertEqual(mem[0xf7fe6dd7], 'w')
self.assertEqual(cpu.EIP, 4160646617)
def test_JA_5(self):
''' Instruction JA_5
Groups: jump
0xf7fe71bd: ja 0xf7fe71a8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bd] = 'w'
mem[0xf7fe71be] = '\xe9'
cpu.EIP = 0xf7fe71bd
cpu.ZF = False
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xf7fe71bd], 'w')
self.assertEqual(mem[0xf7fe71be], '\xe9')
self.assertEqual(cpu.EIP, 4160647592)
def test_JA_6(self):
''' Instruction JA_6
Groups: jump
0xf7fe71bd: ja 0xf7fe71a8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bd] = 'w'
mem[0xf7fe71be] = '\xe9'
cpu.EIP = 0xf7fe71bd
cpu.ZF = False
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xf7fe71bd], 'w')
self.assertEqual(mem[0xf7fe71be], '\xe9')
self.assertEqual(cpu.EIP, 4160647592)
def test_JA_7(self):
''' Instruction JA_7
Groups: jump
0x8079dd2: ja 0x8079dd7
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079dd2] = 'w'
mem[0x08079dd3] = '\x03'
cpu.EIP = 0x8079dd2
cpu.ZF = True
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0x8079dd2], 'w')
self.assertEqual(mem[0x8079dd3], '\x03')
self.assertEqual(cpu.EIP, 134716884)
def test_JA_8(self):
''' Instruction JA_8
Groups: jump
0xf7fe71bd: ja 0xf7fe71a8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bd] = 'w'
mem[0xf7fe71be] = '\xe9'
cpu.EIP = 0xf7fe71bd
cpu.ZF = False
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xf7fe71bd], 'w')
self.assertEqual(mem[0xf7fe71be], '\xe9')
self.assertEqual(cpu.EIP, 4160647592)
def test_JA_9(self):
''' Instruction JA_9
Groups: jump
0xf7fe71bd: ja 0xf7fe71a8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bd] = 'w'
mem[0xf7fe71be] = '\xe9'
cpu.EIP = 0xf7fe71bd
cpu.ZF = False
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xf7fe71bd], 'w')
self.assertEqual(mem[0xf7fe71be], '\xe9')
self.assertEqual(cpu.EIP, 4160647592)
def test_JBE_1(self):
''' Instruction JBE_1
Groups: jump
0xf7ff0a21: jbe 0xf7ff0cb3
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff0a21] = '\x0f'
mem[0xf7ff0a22] = '\x86'
mem[0xf7ff0a23] = '\x8c'
mem[0xf7ff0a24] = '\x02'
mem[0xf7ff0a25] = '\x00'
mem[0xf7ff0a26] = '\x00'
cpu.EIP = 0xf7ff0a21
cpu.ZF = False
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xf7ff0a21], '\x0f')
self.assertEqual(mem[0xf7ff0a22], '\x86')
self.assertEqual(mem[0xf7ff0a23], '\x8c')
self.assertEqual(mem[0xf7ff0a24], '\x02')
self.assertEqual(mem[0xf7ff0a25], '\x00')
self.assertEqual(mem[0xf7ff0a26], '\x00')
self.assertEqual(cpu.EIP, 4160686631)
def test_JBE_10(self):
''' Instruction JBE_10
Groups: jump
0xf7fddcb8: jbe 0xf7fddca9
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fdd000, 0x1000, 'rwx')
mem[0xf7fddcb8] = 'v'
mem[0xf7fddcb9] = '\xef'
cpu.EIP = 0xf7fddcb8
cpu.ZF = False
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7fddcb8], 'v')
self.assertEqual(mem[0xf7fddcb9], '\xef')
self.assertEqual(cpu.EIP, 4160609449)
def test_JBE_11(self):
''' Instruction JBE_11
Groups: jump
0xf7fe07fc: jbe 0xf7fe07e9
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe0000, 0x1000, 'rwx')
mem[0xf7fe07fc] = 'v'
mem[0xf7fe07fd] = '\xeb'
cpu.EIP = 0xf7fe07fc
cpu.ZF = False
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xf7fe07fc], 'v')
self.assertEqual(mem[0xf7fe07fd], '\xeb')
self.assertEqual(cpu.EIP, 4160620542)
def test_JBE_12(self):
''' Instruction JBE_12
Groups: jump
0xf7fe26e0: jbe 0xf7fe26b8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe2000, 0x1000, 'rwx')
mem[0xf7fe26e0] = 'v'
mem[0xf7fe26e1] = '\xd6'
cpu.EIP = 0xf7fe26e0
cpu.ZF = False
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7fe26e0], 'v')
self.assertEqual(mem[0xf7fe26e1], '\xd6')
self.assertEqual(cpu.EIP, 4160628408)
def test_JBE_13(self):
''' Instruction JBE_13
Groups: jump
0xf7fddcc1: jbe 0xf7fddca0
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fdd000, 0x1000, 'rwx')
mem[0xf7fddcc1] = 'v'
mem[0xf7fddcc2] = '\xdd'
cpu.EIP = 0xf7fddcc1
cpu.ZF = False
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xf7fddcc1], 'v')
self.assertEqual(mem[0xf7fddcc2], '\xdd')
self.assertEqual(cpu.EIP, 4160609475)
def test_JBE_14(self):
''' Instruction JBE_14
Groups: jump
0xf7ff067b: jbe 0xf7ff06b1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff067b] = 'v'
mem[0xf7ff067c] = '4'
cpu.EIP = 0xf7ff067b
cpu.ZF = False
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xf7ff067b], 'v')
self.assertEqual(mem[0xf7ff067c], '4')
self.assertEqual(cpu.EIP, 4160685693)
def test_JBE_15(self):
''' Instruction JBE_15
Groups: jump
0x8079c05: jbe 0x8079c0a
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079c05] = 'v'
mem[0x08079c06] = '\x03'
cpu.EIP = 0x8079c05
cpu.ZF = True
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0x8079c05], 'v')
self.assertEqual(mem[0x8079c06], '\x03')
self.assertEqual(cpu.EIP, 134716426)
def test_JBE_16(self):
''' Instruction JBE_16
Groups: jump
0xf7ff067b: jbe 0xf7ff06b1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff067b] = 'v'
mem[0xf7ff067c] = '4'
cpu.EIP = 0xf7ff067b
cpu.ZF = False
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xf7ff067b], 'v')
self.assertEqual(mem[0xf7ff067c], '4')
self.assertEqual(cpu.EIP, 4160685693)
def test_JBE_17(self):
''' Instruction JBE_17
Groups: jump
0xf7fe07fc: jbe 0xf7fe07e9
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe0000, 0x1000, 'rwx')
mem[0xf7fe07fc] = 'v'
mem[0xf7fe07fd] = '\xeb'
cpu.EIP = 0xf7fe07fc
cpu.ZF = False
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7fe07fc], 'v')
self.assertEqual(mem[0xf7fe07fd], '\xeb')
self.assertEqual(cpu.EIP, 4160620521)
def test_JBE_18(self):
''' Instruction JBE_18
Groups: jump
0x807b67a: jbe 0x807b67f
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b67a] = 'v'
mem[0x0807b67b] = '\x03'
cpu.EIP = 0x807b67a
cpu.ZF = False
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0x807b67a], 'v')
self.assertEqual(mem[0x807b67b], '\x03')
self.assertEqual(cpu.EIP, 134723199)
def test_JBE_19(self):
''' Instruction JBE_19
Groups: jump
0x8079b90: jbe 0x8079b95
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079b90] = 'v'
mem[0x08079b91] = '\x03'
cpu.EIP = 0x8079b90
cpu.ZF = False
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0x8079b90], 'v')
self.assertEqual(mem[0x8079b91], '\x03')
self.assertEqual(cpu.EIP, 134716309)
def test_JBE_2(self):
''' Instruction JBE_2
Groups: jump
0xf7ff067b: jbe 0xf7ff06b1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff067b] = 'v'
mem[0xf7ff067c] = '4'
cpu.EIP = 0xf7ff067b
cpu.ZF = False
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xf7ff067b], 'v')
self.assertEqual(mem[0xf7ff067c], '4')
self.assertEqual(cpu.EIP, 4160685693)
def test_JBE_20(self):
''' Instruction JBE_20
Groups: jump
0xf7fe7427: jbe 0xf7fe7fe5
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7427] = '\x0f'
mem[0xf7fe7428] = '\x86'
mem[0xf7fe7429] = '\xb8'
mem[0xf7fe742a] = '\x0b'
mem[0xf7fe742b] = '\x00'
mem[0xf7fe742c] = '\x00'
cpu.EIP = 0xf7fe7427
cpu.ZF = False
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xf7fe7427], '\x0f')
self.assertEqual(mem[0xf7fe7428], '\x86')
self.assertEqual(mem[0xf7fe7429], '\xb8')
self.assertEqual(mem[0xf7fe742a], '\x0b')
self.assertEqual(mem[0xf7fe742b], '\x00')
self.assertEqual(mem[0xf7fe742c], '\x00')
self.assertEqual(cpu.EIP, 4160648237)
def test_JBE_21(self):
''' Instruction JBE_21
Groups: jump
0xf7fddf42: jbe 0xf7fddf30
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fdd000, 0x1000, 'rwx')
mem[0xf7fddf42] = 'v'
mem[0xf7fddf43] = '\xec'
cpu.EIP = 0xf7fddf42
cpu.ZF = False
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xf7fddf42], 'v')
self.assertEqual(mem[0xf7fddf43], '\xec')
self.assertEqual(cpu.EIP, 4160610116)
def test_JBE_3(self):
''' Instruction JBE_3
Groups: jump
0xf7fddcb8: jbe 0xf7fddca9
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fdd000, 0x1000, 'rwx')
mem[0xf7fddcb8] = 'v'
mem[0xf7fddcb9] = '\xef'
cpu.EIP = 0xf7fddcb8
cpu.ZF = False
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7fddcb8], 'v')
self.assertEqual(mem[0xf7fddcb9], '\xef')
self.assertEqual(cpu.EIP, 4160609449)
def test_JBE_4(self):
''' Instruction JBE_4
Groups: jump
0xf7fe080f: jbe 0xf7fe0a08
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe0000, 0x1000, 'rwx')
mem[0xf7fe080f] = '\x0f'
mem[0xf7fe0810] = '\x86'
mem[0xf7fe0811] = '\xf3'
mem[0xf7fe0812] = '\x01'
mem[0xf7fe0813] = '\x00'
mem[0xf7fe0814] = '\x00'
cpu.EIP = 0xf7fe080f
cpu.ZF = False
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7fe080f], '\x0f')
self.assertEqual(mem[0xf7fe0810], '\x86')
self.assertEqual(mem[0xf7fe0811], '\xf3')
self.assertEqual(mem[0xf7fe0812], '\x01')
self.assertEqual(mem[0xf7fe0813], '\x00')
self.assertEqual(mem[0xf7fe0814], '\x00')
self.assertEqual(cpu.EIP, 4160621064)
def test_JBE_5(self):
''' Instruction JBE_5
Groups: jump
0xf7fddb3e: jbe 0xf7fddb0c
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fdd000, 0x1000, 'rwx')
mem[0xf7fddb3e] = 'v'
mem[0xf7fddb3f] = '\xcc'
cpu.EIP = 0xf7fddb3e
cpu.ZF = False
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xf7fddb3e], 'v')
self.assertEqual(mem[0xf7fddb3f], '\xcc')
self.assertEqual(cpu.EIP, 4160609088)
def test_JBE_6(self):
''' Instruction JBE_6
Groups: jump
0xf7fe71dc: jbe 0xf7fe6dd9
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71e0] = '\xff'
mem[0xf7fe71e1] = '\xff'
mem[0xf7fe71dc] = '\x0f'
mem[0xf7fe71dd] = '\x86'
mem[0xf7fe71de] = '\xf7'
mem[0xf7fe71df] = '\xfb'
cpu.EIP = 0xf7fe71dc
cpu.ZF = False
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xf7fe71e0], '\xff')
self.assertEqual(mem[0xf7fe71e1], '\xff')
self.assertEqual(mem[0xf7fe71dc], '\x0f')
self.assertEqual(mem[0xf7fe71dd], '\x86')
self.assertEqual(mem[0xf7fe71de], '\xf7')
self.assertEqual(mem[0xf7fe71df], '\xfb')
self.assertEqual(cpu.EIP, 4160647650)
def test_JBE_7(self):
''' Instruction JBE_7
Groups: jump
0xf7fe26e0: jbe 0xf7fe26b8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe2000, 0x1000, 'rwx')
mem[0xf7fe26e0] = 'v'
mem[0xf7fe26e1] = '\xd6'
cpu.EIP = 0xf7fe26e0
cpu.ZF = False
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7fe26e0], 'v')
self.assertEqual(mem[0xf7fe26e1], '\xd6')
self.assertEqual(cpu.EIP, 4160628408)
def test_JBE_8(self):
''' Instruction JBE_8
Groups: jump
0xf7fe26d4: jbe 0xf7fe26c1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe2000, 0x1000, 'rwx')
mem[0xf7fe26d4] = 'v'
mem[0xf7fe26d5] = '\xeb'
cpu.EIP = 0xf7fe26d4
cpu.ZF = False
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7fe26d4], 'v')
self.assertEqual(mem[0xf7fe26d5], '\xeb')
self.assertEqual(cpu.EIP, 4160628417)
def test_JBE_9(self):
''' Instruction JBE_9
Groups: jump
0xf7ff067b: jbe 0xf7ff06b1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff067b] = 'v'
mem[0xf7ff067c] = '4'
cpu.EIP = 0xf7ff067b
cpu.ZF = False
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xf7ff067b], 'v')
self.assertEqual(mem[0xf7ff067c], '4')
self.assertEqual(cpu.EIP, 4160685693)
def test_JB_1(self):
''' Instruction JB_1
Groups: jump
0x807a3ec: jb 0x807a3f1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a3ec] = 'r'
mem[0x0807a3ed] = '\x03'
cpu.EIP = 0x807a3ec
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0x807a3ec], 'r')
self.assertEqual(mem[0x807a3ed], '\x03')
self.assertEqual(cpu.EIP, 134718449)
def test_JB_10(self):
''' Instruction JB_10
Groups: jump
0x807a20e: jb 0x807a213
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a20e] = 'r'
mem[0x0807a20f] = '\x03'
cpu.EIP = 0x807a20e
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0x807a20e], 'r')
self.assertEqual(mem[0x807a20f], '\x03')
self.assertEqual(cpu.EIP, 134717971)
def test_JB_11(self):
''' Instruction JB_11
Groups: jump
0xf7fe6e0f: jb 0xf7fe6dfc
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe6e10] = '\xeb'
mem[0xf7fe6e0f] = 'r'
cpu.EIP = 0xf7fe6e0f
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7fe6e10], '\xeb')
self.assertEqual(mem[0xf7fe6e0f], 'r')
self.assertEqual(cpu.EIP, 4160646652)
def test_JB_12(self):
''' Instruction JB_12
Groups: jump
0x807a30a: jb 0x807a30f
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a30a] = 'r'
mem[0x0807a30b] = '\x03'
cpu.EIP = 0x807a30a
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0x807a30a], 'r')
self.assertEqual(mem[0x807a30b], '\x03')
self.assertEqual(cpu.EIP, 134718223)
def test_JB_13(self):
''' Instruction JB_13
Groups: jump
0xf7fe6cef: jb 0xf7fe6cdc
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe6cf0] = '\xeb'
mem[0xf7fe6cef] = 'r'
cpu.EIP = 0xf7fe6cef
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7fe6cf0], '\xeb')
self.assertEqual(mem[0xf7fe6cef], 'r')
self.assertEqual(cpu.EIP, 4160646364)
def test_JB_14(self):
''' Instruction JB_14
Groups: jump
0x807a9b5: jb 0x807a9ba
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a9b5] = 'r'
mem[0x0807a9b6] = '\x03'
cpu.EIP = 0x807a9b5
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0x807a9b5], 'r')
self.assertEqual(mem[0x807a9b6], '\x03')
self.assertEqual(cpu.EIP, 134719927)
def test_JB_15(self):
''' Instruction JB_15
Groups: jump
0xf7eaa0d7: jb 0xf7eaa0c0
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa0d8] = '\xe7'
mem[0xf7eaa0d7] = 'r'
cpu.EIP = 0xf7eaa0d7
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7eaa0d8], '\xe7')
self.assertEqual(mem[0xf7eaa0d7], 'r')
self.assertEqual(cpu.EIP, 4159348928)
def test_JB_16(self):
''' Instruction JB_16
Groups: jump
0xf7eaa0d7: jb 0xf7eaa0c0
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa0d8] = '\xe7'
mem[0xf7eaa0d7] = 'r'
cpu.EIP = 0xf7eaa0d7
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7eaa0d8], '\xe7')
self.assertEqual(mem[0xf7eaa0d7], 'r')
self.assertEqual(cpu.EIP, 4159348928)
def test_JB_17(self):
''' Instruction JB_17
Groups: jump
0x807a91c: jb 0x807a921
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a91c] = 'r'
mem[0x0807a91d] = '\x03'
cpu.EIP = 0x807a91c
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0x807a91c], 'r')
self.assertEqual(mem[0x807a91d], '\x03')
self.assertEqual(cpu.EIP, 134719777)
def test_JB_18(self):
''' Instruction JB_18
Groups: jump
0x807a31d: jb 0x807a322
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a31d] = 'r'
mem[0x0807a31e] = '\x03'
cpu.EIP = 0x807a31d
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0x807a31d], 'r')
self.assertEqual(mem[0x807a31e], '\x03')
self.assertEqual(cpu.EIP, 134718239)
def test_JB_19(self):
''' Instruction JB_19
Groups: jump
0x807a2b0: jb 0x807a2b5
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a2b0] = 'r'
mem[0x0807a2b1] = '\x03'
cpu.EIP = 0x807a2b0
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0x807a2b0], 'r')
self.assertEqual(mem[0x807a2b1], '\x03')
self.assertEqual(cpu.EIP, 134718133)
def test_JB_2(self):
''' Instruction JB_2
Groups: jump
0xf7eaa0d7: jb 0xf7eaa0c0
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa0d8] = '\xe7'
mem[0xf7eaa0d7] = 'r'
cpu.EIP = 0xf7eaa0d7
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7eaa0d8], '\xe7')
self.assertEqual(mem[0xf7eaa0d7], 'r')
self.assertEqual(cpu.EIP, 4159348928)
def test_JB_20(self):
''' Instruction JB_20
Groups: jump
0xf7fe6cef: jb 0xf7fe6cdc
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe6cf0] = '\xeb'
mem[0xf7fe6cef] = 'r'
cpu.EIP = 0xf7fe6cef
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7fe6cf0], '\xeb')
self.assertEqual(mem[0xf7fe6cef], 'r')
self.assertEqual(cpu.EIP, 4160646364)
def test_JB_21(self):
''' Instruction JB_21
Groups: jump
0xf7fe6e0f: jb 0xf7fe6dfc
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe6e10] = '\xeb'
mem[0xf7fe6e0f] = 'r'
cpu.EIP = 0xf7fe6e0f
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7fe6e10], '\xeb')
self.assertEqual(mem[0xf7fe6e0f], 'r')
self.assertEqual(cpu.EIP, 4160646652)
def test_JB_3(self):
''' Instruction JB_3
Groups: jump
0x807a220: jb 0x807a225
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a220] = 'r'
mem[0x0807a221] = '\x03'
cpu.EIP = 0x807a220
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0x807a220], 'r')
self.assertEqual(mem[0x807a221], '\x03')
self.assertEqual(cpu.EIP, 134717989)
def test_JB_4(self):
''' Instruction JB_4
Groups: jump
0x807a39b: jb 0x807a3a0
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a39b] = 'r'
mem[0x0807a39c] = '\x03'
cpu.EIP = 0x807a39b
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0x807a39b], 'r')
self.assertEqual(mem[0x807a39c], '\x03')
self.assertEqual(cpu.EIP, 134718365)
def test_JB_5(self):
''' Instruction JB_5
Groups: jump
0xf7fe095a: jb 0xf7fe0966
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe0000, 0x1000, 'rwx')
mem[0xf7fe095a] = 'r'
mem[0xf7fe095b] = '\n'
cpu.EIP = 0xf7fe095a
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xf7fe095a], 'r')
self.assertEqual(mem[0xf7fe095b], '\n')
self.assertEqual(cpu.EIP, 4160620892)
def test_JB_6(self):
''' Instruction JB_6
Groups: jump
0xf7eaa0d7: jb 0xf7eaa0c0
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa0d8] = '\xe7'
mem[0xf7eaa0d7] = 'r'
cpu.EIP = 0xf7eaa0d7
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7eaa0d8], '\xe7')
self.assertEqual(mem[0xf7eaa0d7], 'r')
self.assertEqual(cpu.EIP, 4159348928)
def test_JB_7(self):
''' Instruction JB_7
Groups: jump
0x807a3bf: jb 0x807a3c4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a3c0] = '\x03'
mem[0x0807a3bf] = 'r'
cpu.EIP = 0x807a3bf
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0x807a3c0], '\x03')
self.assertEqual(mem[0x807a3bf], 'r')
self.assertEqual(cpu.EIP, 134718401)
def test_JB_8(self):
''' Instruction JB_8
Groups: jump
0xf7fe0acd: jb 0xf7fe0ab8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe0000, 0x1000, 'rwx')
mem[0xf7fe0acd] = 'r'
mem[0xf7fe0ace] = '\xe9'
cpu.EIP = 0xf7fe0acd
cpu.CF = True
cpu.execute()
self.assertEqual(mem[0xf7fe0acd], 'r')
self.assertEqual(mem[0xf7fe0ace], '\xe9')
self.assertEqual(cpu.EIP, 4160621240)
def test_JB_9(self):
''' Instruction JB_9
Groups: jump
0x807a2b9: jb 0x807a2be
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a2b9] = 'r'
mem[0x0807a2ba] = '\x03'
cpu.EIP = 0x807a2b9
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0x807a2b9], 'r')
self.assertEqual(mem[0x807a2ba], '\x03')
self.assertEqual(cpu.EIP, 134718139)
def test_JCXZ_1(self):
''' Instruction JCXZ_1
Groups: not64bitmode, jump
0x807b741: jcxz 0x807b747
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b741] = 'g'
mem[0x0807b742] = '\xe3'
mem[0x0807b743] = '\x03'
cpu.EIP = 0x807b741
cpu.CX = 0x50a
cpu.execute()
self.assertEqual(mem[0x807b741], 'g')
self.assertEqual(mem[0x807b742], '\xe3')
self.assertEqual(mem[0x807b743], '\x03')
self.assertEqual(cpu.EIP, 134723396)
self.assertEqual(cpu.CX, 1290)
def test_JCXZ_10(self):
''' Instruction JCXZ_10
Groups: not64bitmode, jump
0x807b7eb: jcxz 0x807b7f1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b7eb] = 'g'
mem[0x0807b7ec] = '\xe3'
mem[0x0807b7ed] = '\x03'
cpu.EIP = 0x807b7eb
cpu.CX = 0x50a
cpu.execute()
self.assertEqual(mem[0x807b7eb], 'g')
self.assertEqual(mem[0x807b7ec], '\xe3')
self.assertEqual(mem[0x807b7ed], '\x03')
self.assertEqual(cpu.EIP, 134723566)
self.assertEqual(cpu.CX, 1290)
def test_JCXZ_11(self):
''' Instruction JCXZ_11
Groups: not64bitmode, jump
0x807b7d7: jcxz 0x807b7dd
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b7d8] = '\xe3'
mem[0x0807b7d9] = '\x03'
mem[0x0807b7d7] = 'g'
cpu.EIP = 0x807b7d7
cpu.CX = 0x50a
cpu.execute()
self.assertEqual(mem[0x807b7d8], '\xe3')
self.assertEqual(mem[0x807b7d9], '\x03')
self.assertEqual(mem[0x807b7d7], 'g')
self.assertEqual(cpu.EIP, 134723546)
self.assertEqual(cpu.CX, 1290)
def test_JCXZ_12(self):
''' Instruction JCXZ_12
Groups: not64bitmode, jump
0x807b723: jcxz 0x807b729
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b723] = 'g'
mem[0x0807b724] = '\xe3'
mem[0x0807b725] = '\x03'
cpu.EIP = 0x807b723
cpu.CX = 0x50a
cpu.execute()
self.assertEqual(mem[0x807b723], 'g')
self.assertEqual(mem[0x807b724], '\xe3')
self.assertEqual(mem[0x807b725], '\x03')
self.assertEqual(cpu.EIP, 134723366)
self.assertEqual(cpu.CX, 1290)
def test_JCXZ_13(self):
''' Instruction JCXZ_13
Groups: not64bitmode, jump
0x807b787: jcxz 0x807b78d
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b788] = '\xe3'
mem[0x0807b789] = '\x03'
mem[0x0807b787] = 'g'
cpu.EIP = 0x807b787
cpu.CX = 0x50a
cpu.execute()
self.assertEqual(mem[0x807b788], '\xe3')
self.assertEqual(mem[0x807b789], '\x03')
self.assertEqual(mem[0x807b787], 'g')
self.assertEqual(cpu.EIP, 134723466)
self.assertEqual(cpu.CX, 1290)
def test_JCXZ_14(self):
''' Instruction JCXZ_14
Groups: not64bitmode, jump
0x807b737: jcxz 0x807b73d
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b738] = '\xe3'
mem[0x0807b739] = '\x03'
mem[0x0807b737] = 'g'
cpu.EIP = 0x807b737
cpu.CX = 0x50a
cpu.execute()
self.assertEqual(mem[0x807b738], '\xe3')
self.assertEqual(mem[0x807b739], '\x03')
self.assertEqual(mem[0x807b737], 'g')
self.assertEqual(cpu.EIP, 134723386)
self.assertEqual(cpu.CX, 1290)
def test_JCXZ_15(self):
''' Instruction JCXZ_15
Groups: not64bitmode, jump
0x807b6fb: jcxz 0x807b701
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b6fb] = 'g'
mem[0x0807b6fc] = '\xe3'
mem[0x0807b6fd] = '\x03'
cpu.EIP = 0x807b6fb
cpu.CX = 0x50a
cpu.execute()
self.assertEqual(mem[0x807b6fb], 'g')
self.assertEqual(mem[0x807b6fc], '\xe3')
self.assertEqual(mem[0x807b6fd], '\x03')
self.assertEqual(cpu.EIP, 134723326)
self.assertEqual(cpu.CX, 1290)
def test_JCXZ_16(self):
''' Instruction JCXZ_16
Groups: not64bitmode, jump
0x807b7f5: jcxz 0x807b7fb
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b7f5] = 'g'
mem[0x0807b7f6] = '\xe3'
mem[0x0807b7f7] = '\x03'
cpu.EIP = 0x807b7f5
cpu.CX = 0x50a
cpu.execute()
self.assertEqual(mem[0x807b7f5], 'g')
self.assertEqual(mem[0x807b7f6], '\xe3')
self.assertEqual(mem[0x807b7f7], '\x03')
self.assertEqual(cpu.EIP, 134723576)
self.assertEqual(cpu.CX, 1290)
def test_JCXZ_17(self):
''' Instruction JCXZ_17
Groups: not64bitmode, jump
0x807b7af: jcxz 0x807b7b5
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b7b0] = '\xe3'
mem[0x0807b7b1] = '\x03'
mem[0x0807b7af] = 'g'
cpu.EIP = 0x807b7af
cpu.CX = 0x50a
cpu.execute()
self.assertEqual(mem[0x807b7b0], '\xe3')
self.assertEqual(mem[0x807b7b1], '\x03')
self.assertEqual(mem[0x807b7af], 'g')
self.assertEqual(cpu.EIP, 134723506)
self.assertEqual(cpu.CX, 1290)
def test_JCXZ_18(self):
''' Instruction JCXZ_18
Groups: not64bitmode, jump
0x807b755: jcxz 0x807b75b
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b755] = 'g'
mem[0x0807b756] = '\xe3'
mem[0x0807b757] = '\x03'
cpu.EIP = 0x807b755
cpu.CX = 0x50a
cpu.execute()
self.assertEqual(mem[0x807b755], 'g')
self.assertEqual(mem[0x807b756], '\xe3')
self.assertEqual(mem[0x807b757], '\x03')
self.assertEqual(cpu.EIP, 134723416)
self.assertEqual(cpu.CX, 1290)
def test_JCXZ_19(self):
''' Instruction JCXZ_19
Groups: not64bitmode, jump
0x807b7e1: jcxz 0x807b7e7
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b7e1] = 'g'
mem[0x0807b7e2] = '\xe3'
mem[0x0807b7e3] = '\x03'
cpu.EIP = 0x807b7e1
cpu.CX = 0x50a
cpu.execute()
self.assertEqual(mem[0x807b7e1], 'g')
self.assertEqual(mem[0x807b7e2], '\xe3')
self.assertEqual(mem[0x807b7e3], '\x03')
self.assertEqual(cpu.EIP, 134723556)
self.assertEqual(cpu.CX, 1290)
def test_JCXZ_2(self):
''' Instruction JCXZ_2
Groups: not64bitmode, jump
0x807b705: jcxz 0x807b70b
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b705] = 'g'
mem[0x0807b706] = '\xe3'
mem[0x0807b707] = '\x03'
cpu.EIP = 0x807b705
cpu.CX = 0x50a
cpu.execute()
self.assertEqual(mem[0x807b705], 'g')
self.assertEqual(mem[0x807b706], '\xe3')
self.assertEqual(mem[0x807b707], '\x03')
self.assertEqual(cpu.EIP, 134723336)
self.assertEqual(cpu.CX, 1290)
def test_JCXZ_20(self):
''' Instruction JCXZ_20
Groups: not64bitmode, jump
0x807b769: jcxz 0x807b76f
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b769] = 'g'
mem[0x0807b76a] = '\xe3'
mem[0x0807b76b] = '\x03'
cpu.EIP = 0x807b769
cpu.CX = 0x50a
cpu.execute()
self.assertEqual(mem[0x807b769], 'g')
self.assertEqual(mem[0x807b76a], '\xe3')
self.assertEqual(mem[0x807b76b], '\x03')
self.assertEqual(cpu.EIP, 134723436)
self.assertEqual(cpu.CX, 1290)
def test_JCXZ_21(self):
''' Instruction JCXZ_21
Groups: not64bitmode, jump
0x807b70f: jcxz 0x807b715
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b710] = '\xe3'
mem[0x0807b711] = '\x03'
mem[0x0807b70f] = 'g'
cpu.EIP = 0x807b70f
cpu.CX = 0x50a
cpu.execute()
self.assertEqual(mem[0x807b710], '\xe3')
self.assertEqual(mem[0x807b711], '\x03')
self.assertEqual(mem[0x807b70f], 'g')
self.assertEqual(cpu.EIP, 134723346)
self.assertEqual(cpu.CX, 1290)
def test_JCXZ_3(self):
''' Instruction JCXZ_3
Groups: not64bitmode, jump
0x807b6f1: jcxz 0x807b6f7
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b6f1] = 'g'
mem[0x0807b6f2] = '\xe3'
mem[0x0807b6f3] = '\x03'
cpu.EIP = 0x807b6f1
cpu.CX = 0x50a
cpu.execute()
self.assertEqual(mem[0x807b6f1], 'g')
self.assertEqual(mem[0x807b6f2], '\xe3')
self.assertEqual(mem[0x807b6f3], '\x03')
self.assertEqual(cpu.EIP, 134723316)
self.assertEqual(cpu.CX, 1290)
def test_JCXZ_4(self):
''' Instruction JCXZ_4
Groups: not64bitmode, jump
0x807b7c3: jcxz 0x807b7c9
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b7c3] = 'g'
mem[0x0807b7c4] = '\xe3'
mem[0x0807b7c5] = '\x03'
cpu.EIP = 0x807b7c3
cpu.CX = 0x50a
cpu.execute()
self.assertEqual(mem[0x807b7c3], 'g')
self.assertEqual(mem[0x807b7c4], '\xe3')
self.assertEqual(mem[0x807b7c5], '\x03')
self.assertEqual(cpu.EIP, 134723526)
self.assertEqual(cpu.CX, 1290)
def test_JCXZ_5(self):
''' Instruction JCXZ_5
Groups: not64bitmode, jump
0x807b809: jcxz 0x807b80f
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b809] = 'g'
mem[0x0807b80a] = '\xe3'
mem[0x0807b80b] = '\x03'
cpu.EIP = 0x807b809
cpu.CX = 0x50a
cpu.execute()
self.assertEqual(mem[0x807b809], 'g')
self.assertEqual(mem[0x807b80a], '\xe3')
self.assertEqual(mem[0x807b80b], '\x03')
self.assertEqual(cpu.EIP, 134723596)
self.assertEqual(cpu.CX, 1290)
def test_JCXZ_6(self):
''' Instruction JCXZ_6
Groups: not64bitmode, jump
0x807b81d: jcxz 0x807b823
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b81d] = 'g'
mem[0x0807b81e] = '\xe3'
mem[0x0807b81f] = '\x03'
cpu.EIP = 0x807b81d
cpu.CX = 0x50a
cpu.execute()
self.assertEqual(mem[0x807b81d], 'g')
self.assertEqual(mem[0x807b81e], '\xe3')
self.assertEqual(mem[0x807b81f], '\x03')
self.assertEqual(cpu.EIP, 134723616)
self.assertEqual(cpu.CX, 1290)
def test_JCXZ_7(self):
''' Instruction JCXZ_7
Groups: not64bitmode, jump
0x807b813: jcxz 0x807b819
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b813] = 'g'
mem[0x0807b814] = '\xe3'
mem[0x0807b815] = '\x03'
cpu.EIP = 0x807b813
cpu.CX = 0x50a
cpu.execute()
self.assertEqual(mem[0x807b813], 'g')
self.assertEqual(mem[0x807b814], '\xe3')
self.assertEqual(mem[0x807b815], '\x03')
self.assertEqual(cpu.EIP, 134723606)
self.assertEqual(cpu.CX, 1290)
def test_JCXZ_8(self):
''' Instruction JCXZ_8
Groups: not64bitmode, jump
0x807b74b: jcxz 0x807b751
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b74b] = 'g'
mem[0x0807b74c] = '\xe3'
mem[0x0807b74d] = '\x03'
cpu.EIP = 0x807b74b
cpu.CX = 0x50a
cpu.execute()
self.assertEqual(mem[0x807b74b], 'g')
self.assertEqual(mem[0x807b74c], '\xe3')
self.assertEqual(mem[0x807b74d], '\x03')
self.assertEqual(cpu.EIP, 134723406)
self.assertEqual(cpu.CX, 1290)
def test_JCXZ_9(self):
''' Instruction JCXZ_9
Groups: not64bitmode, jump
0x807b7ff: jcxz 0x807b805
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b800] = '\xe3'
mem[0x0807b801] = '\x03'
mem[0x0807b7ff] = 'g'
cpu.EIP = 0x807b7ff
cpu.CX = 0x50a
cpu.execute()
self.assertEqual(mem[0x807b800], '\xe3')
self.assertEqual(mem[0x807b801], '\x03')
self.assertEqual(mem[0x807b7ff], 'g')
self.assertEqual(cpu.EIP, 134723586)
self.assertEqual(cpu.CX, 1290)
def test_JECXZ_1(self):
''' Instruction JECXZ_1
Groups: not64bitmode, jump
0x807aafa: jecxz 0x807aaff
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807aafa] = '\xe3'
mem[0x0807aafb] = '\x03'
cpu.EIP = 0x807aafa
cpu.ECX = 0xf1050a
cpu.execute()
self.assertEqual(mem[0x807aafa], '\xe3')
self.assertEqual(mem[0x807aafb], '\x03')
self.assertEqual(cpu.EIP, 134720252)
self.assertEqual(cpu.ECX, 15795466)
def test_JECXZ_10(self):
''' Instruction JECXZ_10
Groups: not64bitmode, jump
0x807aa85: jecxz 0x807aa8a
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807aa85] = '\xe3'
mem[0x0807aa86] = '\x03'
cpu.EIP = 0x807aa85
cpu.ECX = 0xf1050a
cpu.execute()
self.assertEqual(mem[0x807aa85], '\xe3')
self.assertEqual(mem[0x807aa86], '\x03')
self.assertEqual(cpu.EIP, 134720135)
self.assertEqual(cpu.ECX, 15795466)
def test_JECXZ_11(self):
''' Instruction JECXZ_11
Groups: not64bitmode, jump
0x807aabb: jecxz 0x807aac0
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807aabb] = '\xe3'
mem[0x0807aabc] = '\x03'
cpu.EIP = 0x807aabb
cpu.ECX = 0xf1050a
cpu.execute()
self.assertEqual(mem[0x807aabb], '\xe3')
self.assertEqual(mem[0x807aabc], '\x03')
self.assertEqual(cpu.EIP, 134720189)
self.assertEqual(cpu.ECX, 15795466)
def test_JECXZ_12(self):
''' Instruction JECXZ_12
Groups: not64bitmode, jump
0x807aa61: jecxz 0x807aa66
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807aa61] = '\xe3'
mem[0x0807aa62] = '\x03'
cpu.EIP = 0x807aa61
cpu.ECX = 0xf1050a
cpu.execute()
self.assertEqual(mem[0x807aa61], '\xe3')
self.assertEqual(mem[0x807aa62], '\x03')
self.assertEqual(cpu.EIP, 134720099)
self.assertEqual(cpu.ECX, 15795466)
def test_JECXZ_13(self):
''' Instruction JECXZ_13
Groups: not64bitmode, jump
0x807ab15: jecxz 0x807ab1a
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807ab15] = '\xe3'
mem[0x0807ab16] = '\x03'
cpu.EIP = 0x807ab15
cpu.ECX = 0xf1050a
cpu.execute()
self.assertEqual(mem[0x807ab15], '\xe3')
self.assertEqual(mem[0x807ab16], '\x03')
self.assertEqual(cpu.EIP, 134720279)
self.assertEqual(cpu.ECX, 15795466)
def test_JECXZ_14(self):
''' Instruction JECXZ_14
Groups: not64bitmode, jump
0x807aa34: jecxz 0x807aa39
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807aa34] = '\xe3'
mem[0x0807aa35] = '\x03'
cpu.EIP = 0x807aa34
cpu.ECX = 0xf1050a
cpu.execute()
self.assertEqual(mem[0x807aa34], '\xe3')
self.assertEqual(mem[0x807aa35], '\x03')
self.assertEqual(cpu.EIP, 134720054)
self.assertEqual(cpu.ECX, 15795466)
def test_JECXZ_15(self):
''' Instruction JECXZ_15
Groups: not64bitmode, jump
0x807ab0c: jecxz 0x807ab11
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807ab0c] = '\xe3'
mem[0x0807ab0d] = '\x03'
cpu.EIP = 0x807ab0c
cpu.ECX = 0xf1050a
cpu.execute()
self.assertEqual(mem[0x807ab0c], '\xe3')
self.assertEqual(mem[0x807ab0d], '\x03')
self.assertEqual(cpu.EIP, 134720270)
self.assertEqual(cpu.ECX, 15795466)
def test_JECXZ_16(self):
''' Instruction JECXZ_16
Groups: not64bitmode, jump
0xf7ff44ef: jecxz 0xf7ff451d
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff44f0] = ','
mem[0xf7ff44ef] = '\xe3'
cpu.EIP = 0xf7ff44ef
cpu.ECX = 0x44
cpu.execute()
self.assertEqual(mem[0xf7ff44f0], ',')
self.assertEqual(mem[0xf7ff44ef], '\xe3')
self.assertEqual(cpu.EIP, 4160701681)
self.assertEqual(cpu.ECX, 68)
def test_JECXZ_17(self):
''' Instruction JECXZ_17
Groups: not64bitmode, jump
0x807aa7c: jecxz 0x807aa81
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807aa7c] = '\xe3'
mem[0x0807aa7d] = '\x03'
cpu.EIP = 0x807aa7c
cpu.ECX = 0xf1050a
cpu.execute()
self.assertEqual(mem[0x807aa7c], '\xe3')
self.assertEqual(mem[0x807aa7d], '\x03')
self.assertEqual(cpu.EIP, 134720126)
self.assertEqual(cpu.ECX, 15795466)
def test_JECXZ_18(self):
''' Instruction JECXZ_18
Groups: not64bitmode, jump
0x807aadf: jecxz 0x807aae4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807aae0] = '\x03'
mem[0x0807aadf] = '\xe3'
cpu.EIP = 0x807aadf
cpu.ECX = 0xf1050a
cpu.execute()
self.assertEqual(mem[0x807aae0], '\x03')
self.assertEqual(mem[0x807aadf], '\xe3')
self.assertEqual(cpu.EIP, 134720225)
self.assertEqual(cpu.ECX, 15795466)
def test_JECXZ_19(self):
''' Instruction JECXZ_19
Groups: not64bitmode, jump
0x807aae8: jecxz 0x807aaed
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807aae8] = '\xe3'
mem[0x0807aae9] = '\x03'
cpu.EIP = 0x807aae8
cpu.ECX = 0xf1050a
cpu.execute()
self.assertEqual(mem[0x807aae8], '\xe3')
self.assertEqual(mem[0x807aae9], '\x03')
self.assertEqual(cpu.EIP, 134720234)
self.assertEqual(cpu.ECX, 15795466)
def test_JECXZ_2(self):
''' Instruction JECXZ_2
Groups: not64bitmode, jump
0x807aa19: jecxz 0x807aa1e
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807aa19] = '\xe3'
mem[0x0807aa1a] = '\x03'
cpu.EIP = 0x807aa19
cpu.ECX = 0xf1050a
cpu.execute()
self.assertEqual(mem[0x807aa19], '\xe3')
self.assertEqual(mem[0x807aa1a], '\x03')
self.assertEqual(cpu.EIP, 134720027)
self.assertEqual(cpu.ECX, 15795466)
def test_JECXZ_20(self):
''' Instruction JECXZ_20
Groups: not64bitmode, jump
0x807ab1e: jecxz 0x807ab23
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807ab1e] = '\xe3'
mem[0x0807ab1f] = '\x03'
cpu.EIP = 0x807ab1e
cpu.ECX = 0xf1050a
cpu.execute()
self.assertEqual(mem[0x807ab1e], '\xe3')
self.assertEqual(mem[0x807ab1f], '\x03')
self.assertEqual(cpu.EIP, 134720288)
self.assertEqual(cpu.ECX, 15795466)
def test_JECXZ_21(self):
''' Instruction JECXZ_21
Groups: not64bitmode, jump
0x807aaa9: jecxz 0x807aaae
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807aaa9] = '\xe3'
mem[0x0807aaaa] = '\x03'
cpu.EIP = 0x807aaa9
cpu.ECX = 0xf1050a
cpu.execute()
self.assertEqual(mem[0x807aaa9], '\xe3')
self.assertEqual(mem[0x807aaaa], '\x03')
self.assertEqual(cpu.EIP, 134720171)
self.assertEqual(cpu.ECX, 15795466)
def test_JECXZ_3(self):
''' Instruction JECXZ_3
Groups: not64bitmode, jump
0x807aa22: jecxz 0x807aa27
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807aa22] = '\xe3'
mem[0x0807aa23] = '\x03'
cpu.EIP = 0x807aa22
cpu.ECX = 0xf1050a
cpu.execute()
self.assertEqual(mem[0x807aa22], '\xe3')
self.assertEqual(mem[0x807aa23], '\x03')
self.assertEqual(cpu.EIP, 134720036)
self.assertEqual(cpu.ECX, 15795466)
def test_JECXZ_4(self):
''' Instruction JECXZ_4
Groups: not64bitmode, jump
0x807ab30: jecxz 0x807ab35
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807ab30] = '\xe3'
mem[0x0807ab31] = '\x03'
cpu.EIP = 0x807ab30
cpu.ECX = 0xf1050a
cpu.execute()
self.assertEqual(mem[0x807ab30], '\xe3')
self.assertEqual(mem[0x807ab31], '\x03')
self.assertEqual(cpu.EIP, 134720306)
self.assertEqual(cpu.ECX, 15795466)
def test_JECXZ_5(self):
''' Instruction JECXZ_5
Groups: not64bitmode, jump
0x807aa46: jecxz 0x807aa4b
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807aa46] = '\xe3'
mem[0x0807aa47] = '\x03'
cpu.EIP = 0x807aa46
cpu.ECX = 0xf1050a
cpu.execute()
self.assertEqual(mem[0x807aa46], '\xe3')
self.assertEqual(mem[0x807aa47], '\x03')
self.assertEqual(cpu.EIP, 134720072)
self.assertEqual(cpu.ECX, 15795466)
def test_JECXZ_6(self):
''' Instruction JECXZ_6
Groups: not64bitmode, jump
0x807aa58: jecxz 0x807aa5d
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807aa58] = '\xe3'
mem[0x0807aa59] = '\x03'
cpu.EIP = 0x807aa58
cpu.ECX = 0xf1050a
cpu.execute()
self.assertEqual(mem[0x807aa58], '\xe3')
self.assertEqual(mem[0x807aa59], '\x03')
self.assertEqual(cpu.EIP, 134720090)
self.assertEqual(cpu.ECX, 15795466)
def test_JECXZ_7(self):
''' Instruction JECXZ_7
Groups: not64bitmode, jump
0x807aab2: jecxz 0x807aab7
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807aab2] = '\xe3'
mem[0x0807aab3] = '\x03'
cpu.EIP = 0x807aab2
cpu.ECX = 0xf1050a
cpu.execute()
self.assertEqual(mem[0x807aab2], '\xe3')
self.assertEqual(mem[0x807aab3], '\x03')
self.assertEqual(cpu.EIP, 134720180)
self.assertEqual(cpu.ECX, 15795466)
def test_JECXZ_8(self):
''' Instruction JECXZ_8
Groups: not64bitmode, jump
0x807aac4: jecxz 0x807aac9
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807aac4] = '\xe3'
mem[0x0807aac5] = '\x03'
cpu.EIP = 0x807aac4
cpu.ECX = 0xf1050a
cpu.execute()
self.assertEqual(mem[0x807aac4], '\xe3')
self.assertEqual(mem[0x807aac5], '\x03')
self.assertEqual(cpu.EIP, 134720198)
self.assertEqual(cpu.ECX, 15795466)
def test_JECXZ_9(self):
''' Instruction JECXZ_9
Groups: not64bitmode, jump
0x807aa2b: jecxz 0x807aa30
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807aa2b] = '\xe3'
mem[0x0807aa2c] = '\x03'
cpu.EIP = 0x807aa2b
cpu.ECX = 0xf1050a
cpu.execute()
self.assertEqual(mem[0x807aa2b], '\xe3')
self.assertEqual(mem[0x807aa2c], '\x03')
self.assertEqual(cpu.EIP, 134720045)
self.assertEqual(cpu.ECX, 15795466)
def test_JE_1(self):
''' Instruction JE_1
Groups: jump
0xf7fe5498: je 0xf7fe4f45
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe5498] = '\x0f'
mem[0xf7fe5499] = '\x84'
mem[0xf7fe549a] = '\xa7'
mem[0xf7fe549b] = '\xfa'
mem[0xf7fe549c] = '\xff'
mem[0xf7fe549d] = '\xff'
cpu.EIP = 0xf7fe5498
cpu.ZF = False
cpu.execute()
self.assertEqual(mem[0xf7fe5498], '\x0f')
self.assertEqual(mem[0xf7fe5499], '\x84')
self.assertEqual(mem[0xf7fe549a], '\xa7')
self.assertEqual(mem[0xf7fe549b], '\xfa')
self.assertEqual(mem[0xf7fe549c], '\xff')
self.assertEqual(mem[0xf7fe549d], '\xff')
self.assertEqual(cpu.EIP, 4160640158)
def test_JE_10(self):
''' Instruction JE_10
Groups: jump
0xf7fe26cb: je 0xf7fe2459
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe2000, 0x1000, 'rwx')
mem[0xf7fe26cb] = '\x0f'
mem[0xf7fe26cc] = '\x84'
mem[0xf7fe26cd] = '\x88'
mem[0xf7fe26ce] = '\xfd'
mem[0xf7fe26cf] = '\xff'
mem[0xf7fe26d0] = '\xff'
cpu.EIP = 0xf7fe26cb
cpu.ZF = False
cpu.execute()
self.assertEqual(mem[0xf7fe26cb], '\x0f')
self.assertEqual(mem[0xf7fe26cc], '\x84')
self.assertEqual(mem[0xf7fe26cd], '\x88')
self.assertEqual(mem[0xf7fe26ce], '\xfd')
self.assertEqual(mem[0xf7fe26cf], '\xff')
self.assertEqual(mem[0xf7fe26d0], '\xff')
self.assertEqual(cpu.EIP, 4160628433)
def test_JE_11(self):
''' Instruction JE_11
Groups: jump
0xf7fe57c8: je 0xf7fe6291
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe57c8] = '\x0f'
mem[0xf7fe57c9] = '\x84'
mem[0xf7fe57ca] = '\xc3'
mem[0xf7fe57cb] = '\n'
mem[0xf7fe57cc] = '\x00'
mem[0xf7fe57cd] = '\x00'
cpu.EIP = 0xf7fe57c8
cpu.ZF = False
cpu.execute()
self.assertEqual(mem[0xf7fe57c8], '\x0f')
self.assertEqual(mem[0xf7fe57c9], '\x84')
self.assertEqual(mem[0xf7fe57ca], '\xc3')
self.assertEqual(mem[0xf7fe57cb], '\n')
self.assertEqual(mem[0xf7fe57cc], '\x00')
self.assertEqual(mem[0xf7fe57cd], '\x00')
self.assertEqual(cpu.EIP, 4160640974)
def test_JE_12(self):
''' Instruction JE_12
Groups: jump
0xf7fe4eed: je 0xf7fe4f80
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4eed] = '\x0f'
mem[0xf7fe4eee] = '\x84'
mem[0xf7fe4eef] = '\x8d'
mem[0xf7fe4ef0] = '\x00'
mem[0xf7fe4ef1] = '\x00'
mem[0xf7fe4ef2] = '\x00'
cpu.EIP = 0xf7fe4eed
cpu.ZF = False
cpu.execute()
self.assertEqual(mem[0xf7fe4eed], '\x0f')
self.assertEqual(mem[0xf7fe4eee], '\x84')
self.assertEqual(mem[0xf7fe4eef], '\x8d')
self.assertEqual(mem[0xf7fe4ef0], '\x00')
self.assertEqual(mem[0xf7fe4ef1], '\x00')
self.assertEqual(mem[0xf7fe4ef2], '\x00')
self.assertEqual(cpu.EIP, 4160638707)
def test_JE_13(self):
''' Instruction JE_13
Groups: jump
0xf7fe4f52: je 0xf7fe4f98
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f52] = 't'
mem[0xf7fe4f53] = 'D'
cpu.EIP = 0xf7fe4f52
cpu.ZF = False
cpu.execute()
self.assertEqual(mem[0xf7fe4f52], 't')
self.assertEqual(mem[0xf7fe4f53], 'D')
self.assertEqual(cpu.EIP, 4160638804)
def test_JE_14(self):
''' Instruction JE_14
Groups: jump
0xf7fe4cfc: je 0xf7fe4dca
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4d00] = '\x00'
mem[0xf7fe4d01] = '\x00'
mem[0xf7fe4cfc] = '\x0f'
mem[0xf7fe4cfd] = '\x84'
mem[0xf7fe4cfe] = '\xc8'
mem[0xf7fe4cff] = '\x00'
cpu.EIP = 0xf7fe4cfc
cpu.ZF = False
cpu.execute()
self.assertEqual(mem[0xf7fe4d00], '\x00')
self.assertEqual(mem[0xf7fe4d01], '\x00')
self.assertEqual(mem[0xf7fe4cfc], '\x0f')
self.assertEqual(mem[0xf7fe4cfd], '\x84')
self.assertEqual(mem[0xf7fe4cfe], '\xc8')
self.assertEqual(mem[0xf7fe4cff], '\x00')
self.assertEqual(cpu.EIP, 4160638210)
def test_JE_15(self):
''' Instruction JE_15
Groups: jump
0xf7fe4cfc: je 0xf7fe4dca
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4d00] = '\x00'
mem[0xf7fe4d01] = '\x00'
mem[0xf7fe4cfc] = '\x0f'
mem[0xf7fe4cfd] = '\x84'
mem[0xf7fe4cfe] = '\xc8'
mem[0xf7fe4cff] = '\x00'
cpu.EIP = 0xf7fe4cfc
cpu.ZF = False
cpu.execute()
self.assertEqual(mem[0xf7fe4d00], '\x00')
self.assertEqual(mem[0xf7fe4d01], '\x00')
self.assertEqual(mem[0xf7fe4cfc], '\x0f')
self.assertEqual(mem[0xf7fe4cfd], '\x84')
self.assertEqual(mem[0xf7fe4cfe], '\xc8')
self.assertEqual(mem[0xf7fe4cff], '\x00')
self.assertEqual(cpu.EIP, 4160638210)
def test_JE_16(self):
''' Instruction JE_16
Groups: jump
0xf7fe4cf8: je 0xf7fe4d40
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cf8] = 't'
mem[0xf7fe4cf9] = 'F'
cpu.EIP = 0xf7fe4cf8
cpu.ZF = False
cpu.execute()
self.assertEqual(mem[0xf7fe4cf8], 't')
self.assertEqual(mem[0xf7fe4cf9], 'F')
self.assertEqual(cpu.EIP, 4160638202)
def test_JE_17(self):
''' Instruction JE_17
Groups: jump
0xf7fe6ee1: je 0xf7fe79f1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe6ee1] = '\x0f'
mem[0xf7fe6ee2] = '\x84'
mem[0xf7fe6ee3] = '\n'
mem[0xf7fe6ee4] = '\x0b'
mem[0xf7fe6ee5] = '\x00'
mem[0xf7fe6ee6] = '\x00'
cpu.EIP = 0xf7fe6ee1
cpu.ZF = False
cpu.execute()
self.assertEqual(mem[0xf7fe6ee1], '\x0f')
self.assertEqual(mem[0xf7fe6ee2], '\x84')
self.assertEqual(mem[0xf7fe6ee3], '\n')
self.assertEqual(mem[0xf7fe6ee4], '\x0b')
self.assertEqual(mem[0xf7fe6ee5], '\x00')
self.assertEqual(mem[0xf7fe6ee6], '\x00')
self.assertEqual(cpu.EIP, 4160646887)
def test_JE_18(self):
''' Instruction JE_18
Groups: jump
0xf7ff3eb4: je 0xf7ff3ec1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3eb4] = 't'
mem[0xf7ff3eb5] = '\x0b'
cpu.EIP = 0xf7ff3eb4
cpu.ZF = False
cpu.execute()
self.assertEqual(mem[0xf7ff3eb4], 't')
self.assertEqual(mem[0xf7ff3eb5], '\x0b')
self.assertEqual(cpu.EIP, 4160700086)
def test_JE_19(self):
''' Instruction JE_19
Groups: jump
0xf7fe4ead: je 0xf7fe4f80
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4ead] = '\x0f'
mem[0xf7fe4eae] = '\x84'
mem[0xf7fe4eaf] = '\xcd'
mem[0xf7fe4eb0] = '\x00'
mem[0xf7fe4eb1] = '\x00'
mem[0xf7fe4eb2] = '\x00'
cpu.EIP = 0xf7fe4ead
cpu.ZF = False
cpu.execute()
self.assertEqual(mem[0xf7fe4ead], '\x0f')
self.assertEqual(mem[0xf7fe4eae], '\x84')
self.assertEqual(mem[0xf7fe4eaf], '\xcd')
self.assertEqual(mem[0xf7fe4eb0], '\x00')
self.assertEqual(mem[0xf7fe4eb1], '\x00')
self.assertEqual(mem[0xf7fe4eb2], '\x00')
self.assertEqual(cpu.EIP, 4160638643)
def test_JE_2(self):
''' Instruction JE_2
Groups: jump
0xf7e2eeb5: je 0xf7e2efc8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e2e000, 0x1000, 'rwx')
mem[0xf7e2eeb5] = '\x0f'
mem[0xf7e2eeb6] = '\x84'
mem[0xf7e2eeb7] = '\r'
mem[0xf7e2eeb8] = '\x01'
mem[0xf7e2eeb9] = '\x00'
mem[0xf7e2eeba] = '\x00'
cpu.EIP = 0xf7e2eeb5
cpu.ZF = True
cpu.execute()
self.assertEqual(mem[0xf7e2eeb5], '\x0f')
self.assertEqual(mem[0xf7e2eeb6], '\x84')
self.assertEqual(mem[0xf7e2eeb7], '\r')
self.assertEqual(mem[0xf7e2eeb8], '\x01')
self.assertEqual(mem[0xf7e2eeb9], '\x00')
self.assertEqual(mem[0xf7e2eeba], '\x00')
self.assertEqual(cpu.EIP, 4158844872)
def test_JE_20(self):
''' Instruction JE_20
Groups: jump
0xf7fe4faa: je 0xf7fe50e8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4faa] = '\x0f'
mem[0xf7fe4fab] = '\x84'
mem[0xf7fe4fac] = '8'
mem[0xf7fe4fad] = '\x01'
mem[0xf7fe4fae] = '\x00'
mem[0xf7fe4faf] = '\x00'
cpu.EIP = 0xf7fe4faa
cpu.ZF = False
cpu.execute()
self.assertEqual(mem[0xf7fe4faa], '\x0f')
self.assertEqual(mem[0xf7fe4fab], '\x84')
self.assertEqual(mem[0xf7fe4fac], '8')
self.assertEqual(mem[0xf7fe4fad], '\x01')
self.assertEqual(mem[0xf7fe4fae], '\x00')
self.assertEqual(mem[0xf7fe4faf], '\x00')
self.assertEqual(cpu.EIP, 4160638896)
def test_JE_21(self):
''' Instruction JE_21
Groups: jump
0xf7fe4faa: je 0xf7fe50e8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4faa] = '\x0f'
mem[0xf7fe4fab] = '\x84'
mem[0xf7fe4fac] = '8'
mem[0xf7fe4fad] = '\x01'
mem[0xf7fe4fae] = '\x00'
mem[0xf7fe4faf] = '\x00'
cpu.EIP = 0xf7fe4faa
cpu.ZF = True
cpu.execute()
self.assertEqual(mem[0xf7fe4faa], '\x0f')
self.assertEqual(mem[0xf7fe4fab], '\x84')
self.assertEqual(mem[0xf7fe4fac], '8')
self.assertEqual(mem[0xf7fe4fad], '\x01')
self.assertEqual(mem[0xf7fe4fae], '\x00')
self.assertEqual(mem[0xf7fe4faf], '\x00')
self.assertEqual(cpu.EIP, 4160639208)
def test_JE_3(self):
''' Instruction JE_3
Groups: jump
0xf7fe4f0f: je 0xf7fe54fc
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f0f] = '\x0f'
mem[0xf7fe4f10] = '\x84'
mem[0xf7fe4f11] = '\xe7'
mem[0xf7fe4f12] = '\x05'
mem[0xf7fe4f13] = '\x00'
mem[0xf7fe4f14] = '\x00'
cpu.EIP = 0xf7fe4f0f
cpu.ZF = False
cpu.execute()
self.assertEqual(mem[0xf7fe4f0f], '\x0f')
self.assertEqual(mem[0xf7fe4f10], '\x84')
self.assertEqual(mem[0xf7fe4f11], '\xe7')
self.assertEqual(mem[0xf7fe4f12], '\x05')
self.assertEqual(mem[0xf7fe4f13], '\x00')
self.assertEqual(mem[0xf7fe4f14], '\x00')
self.assertEqual(cpu.EIP, 4160638741)
def test_JE_4(self):
''' Instruction JE_4
Groups: jump
0xf7fe4ca2: je 0xf7fe4db7
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4ca2] = '\x0f'
mem[0xf7fe4ca3] = '\x84'
mem[0xf7fe4ca4] = '\x0f'
mem[0xf7fe4ca5] = '\x01'
mem[0xf7fe4ca6] = '\x00'
mem[0xf7fe4ca7] = '\x00'
cpu.EIP = 0xf7fe4ca2
cpu.ZF = False
cpu.execute()
self.assertEqual(mem[0xf7fe4ca2], '\x0f')
self.assertEqual(mem[0xf7fe4ca3], '\x84')
self.assertEqual(mem[0xf7fe4ca4], '\x0f')
self.assertEqual(mem[0xf7fe4ca5], '\x01')
self.assertEqual(mem[0xf7fe4ca6], '\x00')
self.assertEqual(mem[0xf7fe4ca7], '\x00')
self.assertEqual(cpu.EIP, 4160638120)
def test_JE_5(self):
''' Instruction JE_5
Groups: jump
0xf7fe8c4b: je 0xf7fe8a46
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe8000, 0x1000, 'rwx')
mem[0xf7fe8c4b] = '\x0f'
mem[0xf7fe8c4c] = '\x84'
mem[0xf7fe8c4d] = '\xf5'
mem[0xf7fe8c4e] = '\xfd'
mem[0xf7fe8c4f] = '\xff'
mem[0xf7fe8c50] = '\xff'
cpu.EIP = 0xf7fe8c4b
cpu.ZF = False
cpu.execute()
self.assertEqual(mem[0xf7fe8c4b], '\x0f')
self.assertEqual(mem[0xf7fe8c4c], '\x84')
self.assertEqual(mem[0xf7fe8c4d], '\xf5')
self.assertEqual(mem[0xf7fe8c4e], '\xfd')
self.assertEqual(mem[0xf7fe8c4f], '\xff')
self.assertEqual(mem[0xf7fe8c50], '\xff')
self.assertEqual(cpu.EIP, 4160654417)
def test_JE_6(self):
''' Instruction JE_6
Groups: jump
0xf7eaa215: je 0xf7eaa222
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa215] = 't'
mem[0xf7eaa216] = '\x0b'
cpu.EIP = 0xf7eaa215
cpu.ZF = False
cpu.execute()
self.assertEqual(mem[0xf7eaa215], 't')
self.assertEqual(mem[0xf7eaa216], '\x0b')
self.assertEqual(cpu.EIP, 4159349271)
def test_JE_7(self):
''' Instruction JE_7
Groups: jump
0xf7fe72b2: je 0xf7fe72c1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72b2] = 't'
mem[0xf7fe72b3] = '\r'
cpu.EIP = 0xf7fe72b2
cpu.ZF = False
cpu.execute()
self.assertEqual(mem[0xf7fe72b2], 't')
self.assertEqual(mem[0xf7fe72b3], '\r')
self.assertEqual(cpu.EIP, 4160647860)
def test_JE_8(self):
''' Instruction JE_8
Groups: jump
0xf7fe4cf8: je 0xf7fe4d40
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cf8] = 't'
mem[0xf7fe4cf9] = 'F'
cpu.EIP = 0xf7fe4cf8
cpu.ZF = False
cpu.execute()
self.assertEqual(mem[0xf7fe4cf8], 't')
self.assertEqual(mem[0xf7fe4cf9], 'F')
self.assertEqual(cpu.EIP, 4160638202)
def test_JE_9(self):
''' Instruction JE_9
Groups: jump
0xf7fe4faa: je 0xf7fe50e8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4faa] = '\x0f'
mem[0xf7fe4fab] = '\x84'
mem[0xf7fe4fac] = '8'
mem[0xf7fe4fad] = '\x01'
mem[0xf7fe4fae] = '\x00'
mem[0xf7fe4faf] = '\x00'
cpu.EIP = 0xf7fe4faa
cpu.ZF = False
cpu.execute()
self.assertEqual(mem[0xf7fe4faa], '\x0f')
self.assertEqual(mem[0xf7fe4fab], '\x84')
self.assertEqual(mem[0xf7fe4fac], '8')
self.assertEqual(mem[0xf7fe4fad], '\x01')
self.assertEqual(mem[0xf7fe4fae], '\x00')
self.assertEqual(mem[0xf7fe4faf], '\x00')
self.assertEqual(cpu.EIP, 4160638896)
def test_JGE_1(self):
''' Instruction JGE_1
Groups: jump
0x807a7c5: jge 0x807a7ca
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a7c5] = '}'
mem[0x0807a7c6] = '\x03'
cpu.EIP = 0x807a7c5
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807a7c5], '}')
self.assertEqual(mem[0x807a7c6], '\x03')
self.assertEqual(cpu.EIP, 134719434)
def test_JGE_10(self):
''' Instruction JGE_10
Groups: jump
0x807bc24: jge 0x807bc29
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807bc24] = '}'
mem[0x0807bc25] = '\x03'
cpu.EIP = 0x807bc24
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807bc24], '}')
self.assertEqual(mem[0x807bc25], '\x03')
self.assertEqual(cpu.EIP, 134724649)
def test_JGE_11(self):
''' Instruction JGE_11
Groups: jump
0x807a7d7: jge 0x807a7dc
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a7d8] = '\x03'
mem[0x0807a7d7] = '}'
cpu.EIP = 0x807a7d7
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807a7d8], '\x03')
self.assertEqual(mem[0x807a7d7], '}')
self.assertEqual(cpu.EIP, 134719452)
def test_JGE_12(self):
''' Instruction JGE_12
Groups: jump
0xf7ff41cc: jge 0xf7ff43e0
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff41cc] = '\x0f'
mem[0xf7ff41cd] = '\x8d'
mem[0xf7ff41ce] = '\x0e'
mem[0xf7ff41cf] = '\x02'
mem[0xf7ff41d0] = '\x00'
mem[0xf7ff41d1] = '\x00'
cpu.EIP = 0xf7ff41cc
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xf7ff41cc], '\x0f')
self.assertEqual(mem[0xf7ff41cd], '\x8d')
self.assertEqual(mem[0xf7ff41ce], '\x0e')
self.assertEqual(mem[0xf7ff41cf], '\x02')
self.assertEqual(mem[0xf7ff41d0], '\x00')
self.assertEqual(mem[0xf7ff41d1], '\x00')
self.assertEqual(cpu.EIP, 4160700882)
def test_JGE_13(self):
''' Instruction JGE_13
Groups: jump
0x807bc99: jge 0x807bc9e
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807bc99] = '}'
mem[0x0807bc9a] = '\x03'
cpu.EIP = 0x807bc99
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807bc99], '}')
self.assertEqual(mem[0x807bc9a], '\x03')
self.assertEqual(cpu.EIP, 134724763)
def test_JGE_14(self):
''' Instruction JGE_14
Groups: jump
0x807bc75: jge 0x807bc7a
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807bc75] = '}'
mem[0x0807bc76] = '\x03'
cpu.EIP = 0x807bc75
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807bc75], '}')
self.assertEqual(mem[0x807bc76], '\x03')
self.assertEqual(cpu.EIP, 134724727)
def test_JGE_15(self):
''' Instruction JGE_15
Groups: jump
0x807a828: jge 0x807a82d
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a828] = '}'
mem[0x0807a829] = '\x03'
cpu.EIP = 0x807a828
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807a828], '}')
self.assertEqual(mem[0x807a829], '\x03')
self.assertEqual(cpu.EIP, 134719533)
def test_JGE_16(self):
''' Instruction JGE_16
Groups: jump
0x807a8a6: jge 0x807a8ab
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a8a6] = '}'
mem[0x0807a8a7] = '\x03'
cpu.EIP = 0x807a8a6
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807a8a6], '}')
self.assertEqual(mem[0x807a8a7], '\x03')
self.assertEqual(cpu.EIP, 134719656)
def test_JGE_17(self):
''' Instruction JGE_17
Groups: jump
0x807a7f2: jge 0x807a7f7
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a7f2] = '}'
mem[0x0807a7f3] = '\x03'
cpu.EIP = 0x807a7f2
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807a7f2], '}')
self.assertEqual(mem[0x807a7f3], '\x03')
self.assertEqual(cpu.EIP, 134719479)
def test_JGE_18(self):
''' Instruction JGE_18
Groups: jump
0x807a7ce: jge 0x807a7d3
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a7ce] = '}'
mem[0x0807a7cf] = '\x03'
cpu.EIP = 0x807a7ce
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807a7ce], '}')
self.assertEqual(mem[0x807a7cf], '\x03')
self.assertEqual(cpu.EIP, 134719443)
def test_JGE_19(self):
''' Instruction JGE_19
Groups: jump
0x807bca2: jge 0x807bca7
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807bca2] = '}'
mem[0x0807bca3] = '\x03'
cpu.EIP = 0x807bca2
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807bca2], '}')
self.assertEqual(mem[0x807bca3], '\x03')
self.assertEqual(cpu.EIP, 134724772)
def test_JGE_2(self):
''' Instruction JGE_2
Groups: jump
0xf7ff41cc: jge 0xf7ff43e0
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff41cc] = '\x0f'
mem[0xf7ff41cd] = '\x8d'
mem[0xf7ff41ce] = '\x0e'
mem[0xf7ff41cf] = '\x02'
mem[0xf7ff41d0] = '\x00'
mem[0xf7ff41d1] = '\x00'
cpu.EIP = 0xf7ff41cc
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xf7ff41cc], '\x0f')
self.assertEqual(mem[0xf7ff41cd], '\x8d')
self.assertEqual(mem[0xf7ff41ce], '\x0e')
self.assertEqual(mem[0xf7ff41cf], '\x02')
self.assertEqual(mem[0xf7ff41d0], '\x00')
self.assertEqual(mem[0xf7ff41d1], '\x00')
self.assertEqual(cpu.EIP, 4160700882)
def test_JGE_20(self):
''' Instruction JGE_20
Groups: jump
0x807bc87: jge 0x807bc8c
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807bc88] = '\x03'
mem[0x0807bc87] = '}'
cpu.EIP = 0x807bc87
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807bc88], '\x03')
self.assertEqual(mem[0x807bc87], '}')
self.assertEqual(cpu.EIP, 134724745)
def test_JGE_21(self):
''' Instruction JGE_21
Groups: jump
0x807bbd3: jge 0x807bbd8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807bbd3] = '}'
mem[0x0807bbd4] = '\x03'
cpu.EIP = 0x807bbd3
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807bbd3], '}')
self.assertEqual(mem[0x807bbd4], '\x03')
self.assertEqual(cpu.EIP, 134724568)
def test_JGE_3(self):
''' Instruction JGE_3
Groups: jump
0x807bc63: jge 0x807bc68
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807bc63] = '}'
mem[0x0807bc64] = '\x03'
cpu.EIP = 0x807bc63
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807bc63], '}')
self.assertEqual(mem[0x807bc64], '\x03')
self.assertEqual(cpu.EIP, 134724709)
def test_JGE_4(self):
''' Instruction JGE_4
Groups: jump
0x807a870: jge 0x807a875
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a870] = '}'
mem[0x0807a871] = '\x03'
cpu.EIP = 0x807a870
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807a870], '}')
self.assertEqual(mem[0x807a871], '\x03')
self.assertEqual(cpu.EIP, 134719602)
def test_JGE_5(self):
''' Instruction JGE_5
Groups: jump
0x807a843: jge 0x807a848
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a843] = '}'
mem[0x0807a844] = '\x03'
cpu.EIP = 0x807a843
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807a843], '}')
self.assertEqual(mem[0x807a844], '\x03')
self.assertEqual(cpu.EIP, 134719560)
def test_JGE_6(self):
''' Instruction JGE_6
Groups: jump
0x807bc6c: jge 0x807bc71
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807bc6c] = '}'
mem[0x0807bc6d] = '\x03'
cpu.EIP = 0x807bc6c
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807bc6c], '}')
self.assertEqual(mem[0x807bc6d], '\x03')
self.assertEqual(cpu.EIP, 134724718)
def test_JGE_7(self):
''' Instruction JGE_7
Groups: jump
0x807a867: jge 0x807a86c
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a868] = '\x03'
mem[0x0807a867] = '}'
cpu.EIP = 0x807a867
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807a868], '\x03')
self.assertEqual(mem[0x807a867], '}')
self.assertEqual(cpu.EIP, 134719593)
def test_JGE_8(self):
''' Instruction JGE_8
Groups: jump
0x807a7e9: jge 0x807a7ee
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a7e9] = '}'
mem[0x0807a7ea] = '\x03'
cpu.EIP = 0x807a7e9
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807a7e9], '}')
self.assertEqual(mem[0x807a7ea], '\x03')
self.assertEqual(cpu.EIP, 134719470)
def test_JGE_9(self):
''' Instruction JGE_9
Groups: jump
0x807bc48: jge 0x807bc4d
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807bc48] = '}'
mem[0x0807bc49] = '\x03'
cpu.EIP = 0x807bc48
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807bc48], '}')
self.assertEqual(mem[0x807bc49], '\x03')
self.assertEqual(cpu.EIP, 134724682)
def test_JG_1(self):
''' Instruction JG_1
Groups: jump
0x807a76a: jg 0x807a76f
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a76a] = '\x7f'
mem[0x0807a76b] = '\x03'
cpu.EIP = 0x807a76a
cpu.ZF = False
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807a76a], '\x7f')
self.assertEqual(mem[0x807a76b], '\x03')
self.assertEqual(cpu.EIP, 134719340)
def test_JG_10(self):
''' Instruction JG_10
Groups: jump
0x807a746: jg 0x807a74b
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a746] = '\x7f'
mem[0x0807a747] = '\x03'
cpu.EIP = 0x807a746
cpu.ZF = False
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807a746], '\x7f')
self.assertEqual(mem[0x807a747], '\x03')
self.assertEqual(cpu.EIP, 134719304)
def test_JG_11(self):
''' Instruction JG_11
Groups: jump
0x8079fc3: jg 0x8079fc8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079fc3] = '\x7f'
mem[0x08079fc4] = '\x03'
cpu.EIP = 0x8079fc3
cpu.ZF = False
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079fc3], '\x7f')
self.assertEqual(mem[0x8079fc4], '\x03')
self.assertEqual(cpu.EIP, 134717384)
def test_JG_12(self):
''' Instruction JG_12
Groups: jump
0x8079fb1: jg 0x8079fb6
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079fb1] = '\x7f'
mem[0x08079fb2] = '\x03'
cpu.EIP = 0x8079fb1
cpu.ZF = False
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079fb1], '\x7f')
self.assertEqual(mem[0x8079fb2], '\x03')
self.assertEqual(cpu.EIP, 134717366)
def test_JG_13(self):
''' Instruction JG_13
Groups: jump
0x8079fd5: jg 0x8079fda
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079fd5] = '\x7f'
mem[0x08079fd6] = '\x03'
cpu.EIP = 0x8079fd5
cpu.ZF = False
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079fd5], '\x7f')
self.assertEqual(mem[0x8079fd6], '\x03')
self.assertEqual(cpu.EIP, 134717402)
def test_JG_14(self):
''' Instruction JG_14
Groups: jump
0x807a05c: jg 0x807a061
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a05c] = '\x7f'
mem[0x0807a05d] = '\x03'
cpu.EIP = 0x807a05c
cpu.ZF = False
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807a05c], '\x7f')
self.assertEqual(mem[0x807a05d], '\x03')
self.assertEqual(cpu.EIP, 134717534)
def test_JG_15(self):
''' Instruction JG_15
Groups: jump
0x807a69b: jg 0x807a6a0
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a69b] = '\x7f'
mem[0x0807a69c] = '\x03'
cpu.EIP = 0x807a69b
cpu.ZF = False
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807a69b], '\x7f')
self.assertEqual(mem[0x807a69c], '\x03')
self.assertEqual(cpu.EIP, 134719136)
def test_JG_16(self):
''' Instruction JG_16
Groups: jump
0x807a761: jg 0x807a766
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a761] = '\x7f'
mem[0x0807a762] = '\x03'
cpu.EIP = 0x807a761
cpu.ZF = False
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807a761], '\x7f')
self.assertEqual(mem[0x807a762], '\x03')
self.assertEqual(cpu.EIP, 134719331)
def test_JG_17(self):
''' Instruction JG_17
Groups: jump
0x807a785: jg 0x807a78a
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a785] = '\x7f'
mem[0x0807a786] = '\x03'
cpu.EIP = 0x807a785
cpu.ZF = True
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807a785], '\x7f')
self.assertEqual(mem[0x807a786], '\x03')
self.assertEqual(cpu.EIP, 134719367)
def test_JG_18(self):
''' Instruction JG_18
Groups: jump
0x807a7a9: jg 0x807a7ae
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a7a9] = '\x7f'
mem[0x0807a7aa] = '\x03'
cpu.EIP = 0x807a7a9
cpu.ZF = True
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807a7a9], '\x7f')
self.assertEqual(mem[0x807a7aa], '\x03')
self.assertEqual(cpu.EIP, 134719403)
def test_JG_19(self):
''' Instruction JG_19
Groups: jump
0x807a7b2: jg 0x807a7b7
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a7b2] = '\x7f'
mem[0x0807a7b3] = '\x03'
cpu.EIP = 0x807a7b2
cpu.ZF = True
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807a7b2], '\x7f')
self.assertEqual(mem[0x807a7b3], '\x03')
self.assertEqual(cpu.EIP, 134719412)
def test_JG_2(self):
''' Instruction JG_2
Groups: jump
0x807a707: jg 0x807a70c
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a708] = '\x03'
mem[0x0807a707] = '\x7f'
cpu.EIP = 0x807a707
cpu.ZF = True
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807a708], '\x03')
self.assertEqual(mem[0x807a707], '\x7f')
self.assertEqual(cpu.EIP, 134719241)
def test_JG_20(self):
''' Instruction JG_20
Groups: jump
0x807a773: jg 0x807a778
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a773] = '\x7f'
mem[0x0807a774] = '\x03'
cpu.EIP = 0x807a773
cpu.ZF = True
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807a773], '\x7f')
self.assertEqual(mem[0x807a774], '\x03')
self.assertEqual(cpu.EIP, 134719349)
def test_JG_21(self):
''' Instruction JG_21
Groups: jump
0xf7fde27e: jg 0xf7fde9f9
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fde000, 0x1000, 'rwx')
mem[0xf7fde280] = 'u'
mem[0xf7fde281] = '\x07'
mem[0xf7fde282] = '\x00'
mem[0xf7fde283] = '\x00'
mem[0xf7fde27e] = '\x0f'
mem[0xf7fde27f] = '\x8f'
cpu.EIP = 0xf7fde27e
cpu.ZF = False
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xf7fde280], 'u')
self.assertEqual(mem[0xf7fde281], '\x07')
self.assertEqual(mem[0xf7fde282], '\x00')
self.assertEqual(mem[0xf7fde283], '\x00')
self.assertEqual(mem[0xf7fde27e], '\x0f')
self.assertEqual(mem[0xf7fde27f], '\x8f')
self.assertEqual(cpu.EIP, 4160612857)
def test_JG_3(self):
''' Instruction JG_3
Groups: jump
0x807a78e: jg 0x807a793
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a78e] = '\x7f'
mem[0x0807a78f] = '\x03'
cpu.EIP = 0x807a78e
cpu.ZF = True
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807a78e], '\x7f')
self.assertEqual(mem[0x807a78f], '\x03')
self.assertEqual(cpu.EIP, 134719376)
def test_JG_4(self):
''' Instruction JG_4
Groups: jump
0x8079f9f: jg 0x8079fa4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079fa0] = '\x03'
mem[0x08079f9f] = '\x7f'
cpu.EIP = 0x8079f9f
cpu.ZF = False
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079fa0], '\x03')
self.assertEqual(mem[0x8079f9f], '\x7f')
self.assertEqual(cpu.EIP, 134717348)
def test_JG_5(self):
''' Instruction JG_5
Groups: jump
0x807a6c8: jg 0x807a6cd
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a6c8] = '\x7f'
mem[0x0807a6c9] = '\x03'
cpu.EIP = 0x807a6c8
cpu.ZF = False
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807a6c8], '\x7f')
self.assertEqual(mem[0x807a6c9], '\x03')
self.assertEqual(cpu.EIP, 134719181)
def test_JG_6(self):
''' Instruction JG_6
Groups: jump
0x807a6a4: jg 0x807a6a9
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a6a4] = '\x7f'
mem[0x0807a6a5] = '\x03'
cpu.EIP = 0x807a6a4
cpu.ZF = False
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807a6a4], '\x7f')
self.assertEqual(mem[0x807a6a5], '\x03')
self.assertEqual(cpu.EIP, 134719145)
def test_JG_7(self):
''' Instruction JG_7
Groups: jump
0xf7e2e773: jg 0xf7e2e83e
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e2e000, 0x1000, 'rwx')
mem[0xf7e2e773] = '\x0f'
mem[0xf7e2e774] = '\x8f'
mem[0xf7e2e775] = '\xc5'
mem[0xf7e2e776] = '\x00'
mem[0xf7e2e777] = '\x00'
mem[0xf7e2e778] = '\x00'
cpu.EIP = 0xf7e2e773
cpu.ZF = False
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xf7e2e773], '\x0f')
self.assertEqual(mem[0xf7e2e774], '\x8f')
self.assertEqual(mem[0xf7e2e775], '\xc5')
self.assertEqual(mem[0xf7e2e776], '\x00')
self.assertEqual(mem[0xf7e2e777], '\x00')
self.assertEqual(mem[0xf7e2e778], '\x00')
self.assertEqual(cpu.EIP, 4158842942)
def test_JG_8(self):
''' Instruction JG_8
Groups: jump
0x8079fa8: jg 0x8079fad
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079fa8] = '\x7f'
mem[0x08079fa9] = '\x03'
cpu.EIP = 0x8079fa8
cpu.ZF = False
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079fa8], '\x7f')
self.assertEqual(mem[0x8079fa9], '\x03')
self.assertEqual(cpu.EIP, 134717357)
def test_JG_9(self):
''' Instruction JG_9
Groups: jump
0x807a6da: jg 0x807a6df
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a6da] = '\x7f'
mem[0x0807a6db] = '\x03'
cpu.EIP = 0x807a6da
cpu.ZF = False
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807a6da], '\x7f')
self.assertEqual(mem[0x807a6db], '\x03')
self.assertEqual(cpu.EIP, 134719199)
def test_JLE_1(self):
''' Instruction JLE_1
Groups: jump
0x807b3b1: jle 0x807b3b6
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b3b1] = '~'
mem[0x0807b3b2] = '\x03'
cpu.EIP = 0x807b3b1
cpu.ZF = True
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807b3b1], '~')
self.assertEqual(mem[0x807b3b2], '\x03')
self.assertEqual(cpu.EIP, 134722486)
def test_JLE_10(self):
''' Instruction JLE_10
Groups: jump
0xf7fe577d: jle 0xf7fe5720
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe577d] = '~'
mem[0xf7fe577e] = '\xa1'
cpu.EIP = 0xf7fe577d
cpu.ZF = False
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xf7fe577d], '~')
self.assertEqual(mem[0xf7fe577e], '\xa1')
self.assertEqual(cpu.EIP, 4160640895)
def test_JLE_11(self):
''' Instruction JLE_11
Groups: jump
0x807b936: jle 0x807b93b
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b936] = '~'
mem[0x0807b937] = '\x03'
cpu.EIP = 0x807b936
cpu.ZF = True
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807b936], '~')
self.assertEqual(mem[0x807b937], '\x03')
self.assertEqual(cpu.EIP, 134723899)
def test_JLE_12(self):
''' Instruction JLE_12
Groups: jump
0xf7ff0830: jle 0xf7ff07ef
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff0830] = '~'
mem[0xf7ff0831] = '\xbd'
cpu.EIP = 0xf7ff0830
cpu.ZF = False
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xf7ff0830], '~')
self.assertEqual(mem[0xf7ff0831], '\xbd')
self.assertEqual(cpu.EIP, 4160686063)
def test_JLE_13(self):
''' Instruction JLE_13
Groups: jump
0x807b909: jle 0x807b90e
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b909] = '~'
mem[0x0807b90a] = '\x03'
cpu.EIP = 0x807b909
cpu.ZF = True
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807b909], '~')
self.assertEqual(mem[0x807b90a], '\x03')
self.assertEqual(cpu.EIP, 134723854)
def test_JLE_14(self):
''' Instruction JLE_14
Groups: jump
0xf7fe577d: jle 0xf7fe5720
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe577d] = '~'
mem[0xf7fe577e] = '\xa1'
cpu.EIP = 0xf7fe577d
cpu.ZF = False
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xf7fe577d], '~')
self.assertEqual(mem[0xf7fe577e], '\xa1')
self.assertEqual(cpu.EIP, 4160640895)
def test_JLE_15(self):
''' Instruction JLE_15
Groups: jump
0x807b879: jle 0x807b87e
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b879] = '~'
mem[0x0807b87a] = '\x03'
cpu.EIP = 0x807b879
cpu.ZF = True
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807b879], '~')
self.assertEqual(mem[0x807b87a], '\x03')
self.assertEqual(cpu.EIP, 134723710)
def test_JLE_16(self):
''' Instruction JLE_16
Groups: jump
0x807b8dc: jle 0x807b8e1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b8dc] = '~'
mem[0x0807b8dd] = '\x03'
cpu.EIP = 0x807b8dc
cpu.ZF = False
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807b8dc], '~')
self.assertEqual(mem[0x807b8dd], '\x03')
self.assertEqual(cpu.EIP, 134723809)
def test_JLE_17(self):
''' Instruction JLE_17
Groups: jump
0x807b867: jle 0x807b86c
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b868] = '\x03'
mem[0x0807b867] = '~'
cpu.EIP = 0x807b867
cpu.ZF = False
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807b868], '\x03')
self.assertEqual(mem[0x807b867], '~')
self.assertEqual(cpu.EIP, 134723689)
def test_JLE_18(self):
''' Instruction JLE_18
Groups: jump
0xf7fe577d: jle 0xf7fe5720
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe577d] = '~'
mem[0xf7fe577e] = '\xa1'
cpu.EIP = 0xf7fe577d
cpu.ZF = False
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xf7fe577d], '~')
self.assertEqual(mem[0xf7fe577e], '\xa1')
self.assertEqual(cpu.EIP, 4160640895)
def test_JLE_19(self):
''' Instruction JLE_19
Groups: jump
0x807b369: jle 0x807b36e
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b369] = '~'
mem[0x0807b36a] = '\x03'
cpu.EIP = 0x807b369
cpu.ZF = False
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807b369], '~')
self.assertEqual(mem[0x807b36a], '\x03')
self.assertEqual(cpu.EIP, 134722411)
def test_JLE_2(self):
''' Instruction JLE_2
Groups: jump
0xf7fe577d: jle 0xf7fe5720
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe577d] = '~'
mem[0xf7fe577e] = '\xa1'
cpu.EIP = 0xf7fe577d
cpu.ZF = False
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xf7fe577d], '~')
self.assertEqual(mem[0xf7fe577e], '\xa1')
self.assertEqual(cpu.EIP, 4160640895)
def test_JLE_20(self):
''' Instruction JLE_20
Groups: jump
0x807b3f9: jle 0x807b3fe
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b3f9] = '~'
mem[0x0807b3fa] = '\x03'
cpu.EIP = 0x807b3f9
cpu.ZF = False
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807b3f9], '~')
self.assertEqual(mem[0x807b3fa], '\x03')
self.assertEqual(cpu.EIP, 134722558)
def test_JLE_21(self):
''' Instruction JLE_21
Groups: jump
0xf7fe577d: jle 0xf7fe5720
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe577d] = '~'
mem[0xf7fe577e] = '\xa1'
cpu.EIP = 0xf7fe577d
cpu.ZF = False
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xf7fe577d], '~')
self.assertEqual(mem[0xf7fe577e], '\xa1')
self.assertEqual(cpu.EIP, 4160640895)
def test_JLE_3(self):
''' Instruction JLE_3
Groups: jump
0xf7fe577d: jle 0xf7fe5720
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe577d] = '~'
mem[0xf7fe577e] = '\xa1'
cpu.EIP = 0xf7fe577d
cpu.ZF = False
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xf7fe577d], '~')
self.assertEqual(mem[0xf7fe577e], '\xa1')
self.assertEqual(cpu.EIP, 4160640895)
def test_JLE_4(self):
''' Instruction JLE_4
Groups: jump
0xf7fe577d: jle 0xf7fe5720
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe577d] = '~'
mem[0xf7fe577e] = '\xa1'
cpu.EIP = 0xf7fe577d
cpu.ZF = False
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xf7fe577d], '~')
self.assertEqual(mem[0xf7fe577e], '\xa1')
self.assertEqual(cpu.EIP, 4160640895)
def test_JLE_5(self):
''' Instruction JLE_5
Groups: jump
0x807b8e5: jle 0x807b8ea
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b8e5] = '~'
mem[0x0807b8e6] = '\x03'
cpu.EIP = 0x807b8e5
cpu.ZF = False
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807b8e5], '~')
self.assertEqual(mem[0x807b8e6], '\x03')
self.assertEqual(cpu.EIP, 134723818)
def test_JLE_6(self):
''' Instruction JLE_6
Groups: jump
0xf7fe577d: jle 0xf7fe5720
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe577d] = '~'
mem[0xf7fe577e] = '\xa1'
cpu.EIP = 0xf7fe577d
cpu.ZF = False
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xf7fe577d], '~')
self.assertEqual(mem[0xf7fe577e], '\xa1')
self.assertEqual(cpu.EIP, 4160640895)
def test_JLE_7(self):
''' Instruction JLE_7
Groups: jump
0xf7fe577d: jle 0xf7fe5720
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe577d] = '~'
mem[0xf7fe577e] = '\xa1'
cpu.EIP = 0xf7fe577d
cpu.ZF = False
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xf7fe577d], '~')
self.assertEqual(mem[0xf7fe577e], '\xa1')
self.assertEqual(cpu.EIP, 4160640895)
def test_JLE_8(self):
''' Instruction JLE_8
Groups: jump
0x807b3d5: jle 0x807b3da
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b3d5] = '~'
mem[0x0807b3d6] = '\x03'
cpu.EIP = 0x807b3d5
cpu.ZF = True
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807b3d5], '~')
self.assertEqual(mem[0x807b3d6], '\x03')
self.assertEqual(cpu.EIP, 134722522)
def test_JLE_9(self):
''' Instruction JLE_9
Groups: jump
0xf7fe577d: jle 0xf7fe5720
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe577d] = '~'
mem[0xf7fe577e] = '\xa1'
cpu.EIP = 0xf7fe577d
cpu.ZF = False
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xf7fe577d], '~')
self.assertEqual(mem[0xf7fe577e], '\xa1')
self.assertEqual(cpu.EIP, 4160640895)
def test_JL_1(self):
''' Instruction JL_1
Groups: jump
0x8079aa5: jl 0x8079aaa
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079aa5] = '|'
mem[0x08079aa6] = '\x03'
cpu.EIP = 0x8079aa5
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079aa5], '|')
self.assertEqual(mem[0x8079aa6], '\x03')
self.assertEqual(cpu.EIP, 134716074)
def test_JL_10(self):
''' Instruction JL_10
Groups: jump
0x807aeca: jl 0x807aecf
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807aeca] = '|'
mem[0x0807aecb] = '\x03'
cpu.EIP = 0x807aeca
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807aeca], '|')
self.assertEqual(mem[0x807aecb], '\x03')
self.assertEqual(cpu.EIP, 134721228)
def test_JL_11(self):
''' Instruction JL_11
Groups: jump
0x807af87: jl 0x807af8c
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807af88] = '\x03'
mem[0x0807af87] = '|'
cpu.EIP = 0x807af87
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807af88], '\x03')
self.assertEqual(mem[0x807af87], '|')
self.assertEqual(cpu.EIP, 134721420)
def test_JL_12(self):
''' Instruction JL_12
Groups: jump
0x8079a27: jl 0x8079a2c
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079a28] = '\x03'
mem[0x08079a27] = '|'
cpu.EIP = 0x8079a27
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079a28], '\x03')
self.assertEqual(mem[0x8079a27], '|')
self.assertEqual(cpu.EIP, 134715945)
def test_JL_13(self):
''' Instruction JL_13
Groups: jump
0x8079a81: jl 0x8079a86
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079a81] = '|'
mem[0x08079a82] = '\x03'
cpu.EIP = 0x8079a81
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079a81], '|')
self.assertEqual(mem[0x8079a82], '\x03')
self.assertEqual(cpu.EIP, 134716038)
def test_JL_14(self):
''' Instruction JL_14
Groups: jump
0xf7ff41c4: jl 0xf7ff41b9
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff41c4] = '|'
mem[0xf7ff41c5] = '\xf3'
cpu.EIP = 0xf7ff41c4
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xf7ff41c4], '|')
self.assertEqual(mem[0xf7ff41c5], '\xf3')
self.assertEqual(cpu.EIP, 4160700870)
def test_JL_15(self):
''' Instruction JL_15
Groups: jump
0x807af09: jl 0x807af0e
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807af09] = '|'
mem[0x0807af0a] = '\x03'
cpu.EIP = 0x807af09
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807af09], '|')
self.assertEqual(mem[0x807af0a], '\x03')
self.assertEqual(cpu.EIP, 134721291)
def test_JL_16(self):
''' Instruction JL_16
Groups: jump
0x807aedc: jl 0x807aee1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807aedc] = '|'
mem[0x0807aedd] = '\x03'
cpu.EIP = 0x807aedc
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807aedc], '|')
self.assertEqual(mem[0x807aedd], '\x03')
self.assertEqual(cpu.EIP, 134721246)
def test_JL_17(self):
''' Instruction JL_17
Groups: jump
0x8079a5d: jl 0x8079a62
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079a5d] = '|'
mem[0x08079a5e] = '\x03'
cpu.EIP = 0x8079a5d
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079a5d], '|')
self.assertEqual(mem[0x8079a5e], '\x03')
self.assertEqual(cpu.EIP, 134716002)
def test_JL_18(self):
''' Instruction JL_18
Groups: jump
0x807aee5: jl 0x807aeea
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807aee5] = '|'
mem[0x0807aee6] = '\x03'
cpu.EIP = 0x807aee5
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807aee5], '|')
self.assertEqual(mem[0x807aee6], '\x03')
self.assertEqual(cpu.EIP, 134721255)
def test_JL_19(self):
''' Instruction JL_19
Groups: jump
0x8079adb: jl 0x8079ae0
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079adb] = '|'
mem[0x08079adc] = '\x03'
cpu.EIP = 0x8079adb
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079adb], '|')
self.assertEqual(mem[0x8079adc], '\x03')
self.assertEqual(cpu.EIP, 134716128)
def test_JL_2(self):
''' Instruction JL_2
Groups: jump
0x807aef7: jl 0x807aefc
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807aef8] = '\x03'
mem[0x0807aef7] = '|'
cpu.EIP = 0x807aef7
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807aef8], '\x03')
self.assertEqual(mem[0x807aef7], '|')
self.assertEqual(cpu.EIP, 134721273)
def test_JL_20(self):
''' Instruction JL_20
Groups: jump
0x807af63: jl 0x807af68
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807af63] = '|'
mem[0x0807af64] = '\x03'
cpu.EIP = 0x807af63
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807af63], '|')
self.assertEqual(mem[0x807af64], '\x03')
self.assertEqual(cpu.EIP, 134721384)
def test_JL_21(self):
''' Instruction JL_21
Groups: jump
0x8079a15: jl 0x8079a1a
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079a15] = '|'
mem[0x08079a16] = '\x03'
cpu.EIP = 0x8079a15
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079a15], '|')
self.assertEqual(mem[0x8079a16], '\x03')
self.assertEqual(cpu.EIP, 134715927)
def test_JL_3(self):
''' Instruction JL_3
Groups: jump
0xf7ff41c4: jl 0xf7ff41b9
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff41c4] = '|'
mem[0xf7ff41c5] = '\xf3'
cpu.EIP = 0xf7ff41c4
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xf7ff41c4], '|')
self.assertEqual(mem[0xf7ff41c5], '\xf3')
self.assertEqual(cpu.EIP, 4160700870)
def test_JL_4(self):
''' Instruction JL_4
Groups: jump
0x807afbd: jl 0x807afc2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807afbd] = '|'
mem[0x0807afbe] = '\x03'
cpu.EIP = 0x807afbd
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807afbd], '|')
self.assertEqual(mem[0x807afbe], '\x03')
self.assertEqual(cpu.EIP, 134721474)
def test_JL_5(self):
''' Instruction JL_5
Groups: jump
0x8079ac0: jl 0x8079ac5
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079ac0] = '|'
mem[0x08079ac1] = '\x03'
cpu.EIP = 0x8079ac0
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079ac0], '|')
self.assertEqual(mem[0x8079ac1], '\x03')
self.assertEqual(cpu.EIP, 134716101)
def test_JL_6(self):
''' Instruction JL_6
Groups: jump
0x8079a9c: jl 0x8079aa1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079a9c] = '|'
mem[0x08079a9d] = '\x03'
cpu.EIP = 0x8079a9c
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079a9c], '|')
self.assertEqual(mem[0x8079a9d], '\x03')
self.assertEqual(cpu.EIP, 134716065)
def test_JL_7(self):
''' Instruction JL_7
Groups: jump
0x807af75: jl 0x807af7a
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807af75] = '|'
mem[0x0807af76] = '\x03'
cpu.EIP = 0x807af75
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807af75], '|')
self.assertEqual(mem[0x807af76], '\x03')
self.assertEqual(cpu.EIP, 134721402)
def test_JL_8(self):
''' Instruction JL_8
Groups: jump
0x807af90: jl 0x807af95
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807af90] = '|'
mem[0x0807af91] = '\x03'
cpu.EIP = 0x807af90
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807af90], '|')
self.assertEqual(mem[0x807af91], '\x03')
self.assertEqual(cpu.EIP, 134721429)
def test_JL_9(self):
''' Instruction JL_9
Groups: jump
0x807aed3: jl 0x807aed8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807aed3] = '|'
mem[0x0807aed4] = '\x03'
cpu.EIP = 0x807aed3
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807aed3], '|')
self.assertEqual(mem[0x807aed4], '\x03')
self.assertEqual(cpu.EIP, 134721237)
def test_JMP_1(self):
''' Instruction JMP_1
Groups: jump
0xf7fe7445: jmp 0xf7fe7350
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7448] = '\xff'
mem[0xf7fe7449] = '\xff'
mem[0xf7fe7445] = '\xe9'
mem[0xf7fe7446] = '\x06'
mem[0xf7fe7447] = '\xff'
cpu.EIP = 0xf7fe7445
cpu.execute()
self.assertEqual(mem[0xf7fe7448], '\xff')
self.assertEqual(mem[0xf7fe7449], '\xff')
self.assertEqual(mem[0xf7fe7445], '\xe9')
self.assertEqual(mem[0xf7fe7446], '\x06')
self.assertEqual(mem[0xf7fe7447], '\xff')
self.assertEqual(cpu.EIP, 4160648016)
def test_JMP_10(self):
''' Instruction JMP_10
Groups: jump
0xf7ff0fa7: jmp 0xf7ff0e58
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff0fa8] = '\xac'
mem[0xf7ff0fa9] = '\xfe'
mem[0xf7ff0faa] = '\xff'
mem[0xf7ff0fab] = '\xff'
mem[0xf7ff0fa7] = '\xe9'
cpu.EIP = 0xf7ff0fa7
cpu.execute()
self.assertEqual(mem[0xf7ff0fa8], '\xac')
self.assertEqual(mem[0xf7ff0fa9], '\xfe')
self.assertEqual(mem[0xf7ff0faa], '\xff')
self.assertEqual(mem[0xf7ff0fab], '\xff')
self.assertEqual(mem[0xf7ff0fa7], '\xe9')
self.assertEqual(cpu.EIP, 4160687704)
def test_JMP_11(self):
''' Instruction JMP_11
Groups: jump
0x807ad1b: jmp 0x807ad1e
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807ad1b] = '\xeb'
mem[0x0807ad1c] = '\x01'
cpu.EIP = 0x807ad1b
cpu.execute()
self.assertEqual(mem[0x807ad1b], '\xeb')
self.assertEqual(mem[0x807ad1c], '\x01')
self.assertEqual(cpu.EIP, 134720798)
def test_JMP_12(self):
''' Instruction JMP_12
Groups: jump
0x8079c2d: jmp 0x8079c30
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079c2d] = '\xeb'
mem[0x08079c2e] = '\x01'
cpu.EIP = 0x8079c2d
cpu.execute()
self.assertEqual(mem[0x8079c2d], '\xeb')
self.assertEqual(mem[0x8079c2e], '\x01')
self.assertEqual(cpu.EIP, 134716464)
def test_JMP_13(self):
''' Instruction JMP_13
Groups: jump
0xf7fe571c: jmp 0xf7fe5731
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe571c] = '\xeb'
mem[0xf7fe571d] = '\x13'
cpu.EIP = 0xf7fe571c
cpu.execute()
self.assertEqual(mem[0xf7fe571c], '\xeb')
self.assertEqual(mem[0xf7fe571d], '\x13')
self.assertEqual(cpu.EIP, 4160640817)
def test_JMP_14(self):
''' Instruction JMP_14
Groups: not64bitmode, jump
0xf7ff0e4a: jmp edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff0e4a] = '\xff'
mem[0xf7ff0e4b] = '\xe2'
cpu.EIP = 0xf7ff0e4a
cpu.EDX = 0xf7ff1018
cpu.execute()
self.assertEqual(mem[0xf7ff0e4a], '\xff')
self.assertEqual(mem[0xf7ff0e4b], '\xe2')
self.assertEqual(cpu.EIP, 4160688152)
self.assertEqual(cpu.EDX, 4160688152)
def test_JMP_15(self):
''' Instruction JMP_15
Groups: not64bitmode, jump
0xf7fdc820: jmp dword ptr [ebx + 0x14]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fdc000, 0x1000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
mem[0xf7fdc820] = '\xff'
mem[0xf7fdc821] = '\xa3'
mem[0xf7fdc822] = '\x14'
mem[0xf7fdc823] = '\x00'
mem[0xf7fdc824] = '\x00'
mem[0xf7fdc825] = '\x00'
mem[0xf7ffd016] = '\xff'
mem[0xf7ffd017] = '\xf7'
mem[0xf7ffd014] = '\xa0'
mem[0xf7ffd015] = '\x16'
cpu.EIP = 0xf7fdc820
cpu.EBX = 0xf7ffd000
cpu.execute()
self.assertEqual(mem[0xf7fdc820], '\xff')
self.assertEqual(mem[0xf7fdc821], '\xa3')
self.assertEqual(mem[0xf7fdc822], '\x14')
self.assertEqual(mem[0xf7fdc823], '\x00')
self.assertEqual(mem[0xf7fdc824], '\x00')
self.assertEqual(mem[0xf7fdc825], '\x00')
self.assertEqual(mem[0xf7ffd016], '\xff')
self.assertEqual(mem[0xf7ffd017], '\xf7')
self.assertEqual(mem[0xf7ffd014], '\xa0')
self.assertEqual(mem[0xf7ffd015], '\x16')
self.assertEqual(cpu.EIP, 4160689824)
self.assertEqual(cpu.EBX, 4160737280)
def test_JMP_16(self):
''' Instruction JMP_16
Groups: jump
0x8079830: jmp 0x8079833
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079830] = '\xeb'
mem[0x08079831] = '\x01'
cpu.EIP = 0x8079830
cpu.execute()
self.assertEqual(mem[0x8079830], '\xeb')
self.assertEqual(mem[0x8079831], '\x01')
self.assertEqual(cpu.EIP, 134715443)
def test_JMP_17(self):
''' Instruction JMP_17
Groups: jump
0xf7fe74a5: jmp 0xf7fe7350
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe74a8] = '\xff'
mem[0xf7fe74a9] = '\xff'
mem[0xf7fe74a5] = '\xe9'
mem[0xf7fe74a6] = '\xa6'
mem[0xf7fe74a7] = '\xfe'
cpu.EIP = 0xf7fe74a5
cpu.execute()
self.assertEqual(mem[0xf7fe74a8], '\xff')
self.assertEqual(mem[0xf7fe74a9], '\xff')
self.assertEqual(mem[0xf7fe74a5], '\xe9')
self.assertEqual(mem[0xf7fe74a6], '\xa6')
self.assertEqual(mem[0xf7fe74a7], '\xfe')
self.assertEqual(cpu.EIP, 4160648016)
def test_JMP_18(self):
''' Instruction JMP_18
Groups: jump
0xf7fe555e: jmp 0xf7fe4fa0
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe5560] = '\xfa'
mem[0xf7fe5561] = '\xff'
mem[0xf7fe5562] = '\xff'
mem[0xf7fe555e] = '\xe9'
mem[0xf7fe555f] = '='
cpu.EIP = 0xf7fe555e
cpu.execute()
self.assertEqual(mem[0xf7fe5560], '\xfa')
self.assertEqual(mem[0xf7fe5561], '\xff')
self.assertEqual(mem[0xf7fe5562], '\xff')
self.assertEqual(mem[0xf7fe555e], '\xe9')
self.assertEqual(mem[0xf7fe555f], '=')
self.assertEqual(cpu.EIP, 4160638880)
def test_JMP_19(self):
''' Instruction JMP_19
Groups: jump
0xf7fe7445: jmp 0xf7fe7350
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7448] = '\xff'
mem[0xf7fe7449] = '\xff'
mem[0xf7fe7445] = '\xe9'
mem[0xf7fe7446] = '\x06'
mem[0xf7fe7447] = '\xff'
cpu.EIP = 0xf7fe7445
cpu.execute()
self.assertEqual(mem[0xf7fe7448], '\xff')
self.assertEqual(mem[0xf7fe7449], '\xff')
self.assertEqual(mem[0xf7fe7445], '\xe9')
self.assertEqual(mem[0xf7fe7446], '\x06')
self.assertEqual(mem[0xf7fe7447], '\xff')
self.assertEqual(cpu.EIP, 4160648016)
def test_JMP_2(self):
''' Instruction JMP_2
Groups: jump
0x8079912: jmp 0x8079915
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079912] = '\xeb'
mem[0x08079913] = '\x01'
cpu.EIP = 0x8079912
cpu.execute()
self.assertEqual(mem[0x8079912], '\xeb')
self.assertEqual(mem[0x8079913], '\x01')
self.assertEqual(cpu.EIP, 134715669)
def test_JMP_20(self):
''' Instruction JMP_20
Groups: jump
0xf7fe571c: jmp 0xf7fe5731
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe571c] = '\xeb'
mem[0xf7fe571d] = '\x13'
cpu.EIP = 0xf7fe571c
cpu.execute()
self.assertEqual(mem[0xf7fe571c], '\xeb')
self.assertEqual(mem[0xf7fe571d], '\x13')
self.assertEqual(cpu.EIP, 4160640817)
def test_JMP_21(self):
''' Instruction JMP_21
Groups: jump
0x807af15: jmp 0x807af18
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807af15] = '\xeb'
mem[0x0807af16] = '\x01'
cpu.EIP = 0x807af15
cpu.execute()
self.assertEqual(mem[0x807af15], '\xeb')
self.assertEqual(mem[0x807af16], '\x01')
self.assertEqual(cpu.EIP, 134721304)
def test_JMP_3(self):
''' Instruction JMP_3
Groups: not64bitmode, jump
0xf7fe733e: jmp eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe733e] = '\xff'
mem[0xf7fe733f] = '\xe0'
cpu.EIP = 0xf7fe733e
cpu.EAX = 0xf7fe7440
cpu.execute()
self.assertEqual(mem[0xf7fe733e], '\xff')
self.assertEqual(mem[0xf7fe733f], '\xe0')
self.assertEqual(cpu.EIP, 4160648256)
self.assertEqual(cpu.EAX, 4160648256)
def test_JMP_4(self):
''' Instruction JMP_4
Groups: jump
0x8079dc3: jmp 0x8079dc6
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079dc3] = '\xeb'
mem[0x08079dc4] = '\x01'
cpu.EIP = 0x8079dc3
cpu.execute()
self.assertEqual(mem[0x8079dc3], '\xeb')
self.assertEqual(mem[0x8079dc4], '\x01')
self.assertEqual(cpu.EIP, 134716870)
def test_JMP_5(self):
''' Instruction JMP_5
Groups: jump
0x807a0b0: jmp 0x807a0b3
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a0b0] = '\xeb'
mem[0x0807a0b1] = '\x01'
cpu.EIP = 0x807a0b0
cpu.execute()
self.assertEqual(mem[0x807a0b0], '\xeb')
self.assertEqual(mem[0x807a0b1], '\x01')
self.assertEqual(cpu.EIP, 134717619)
def test_JMP_6(self):
''' Instruction JMP_6
Groups: jump
0x807ab97: jmp 0x807ab9a
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807ab98] = '\x01'
mem[0x0807ab97] = '\xeb'
cpu.EIP = 0x807ab97
cpu.execute()
self.assertEqual(mem[0x807ab98], '\x01')
self.assertEqual(mem[0x807ab97], '\xeb')
self.assertEqual(cpu.EIP, 134720410)
def test_JMP_7(self):
''' Instruction JMP_7
Groups: not64bitmode, jump
0xf7fe733e: jmp eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe733e] = '\xff'
mem[0xf7fe733f] = '\xe0'
cpu.EIP = 0xf7fe733e
cpu.EAX = 0xf7fe7440
cpu.execute()
self.assertEqual(mem[0xf7fe733e], '\xff')
self.assertEqual(mem[0xf7fe733f], '\xe0')
self.assertEqual(cpu.EIP, 4160648256)
self.assertEqual(cpu.EAX, 4160648256)
def test_JMP_8(self):
''' Instruction JMP_8
Groups: not64bitmode, jump
0xf7fe733e: jmp eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe733e] = '\xff'
mem[0xf7fe733f] = '\xe0'
cpu.EIP = 0xf7fe733e
cpu.EAX = 0xf7fe74a0
cpu.execute()
self.assertEqual(mem[0xf7fe733e], '\xff')
self.assertEqual(mem[0xf7fe733f], '\xe0')
self.assertEqual(cpu.EIP, 4160648352)
self.assertEqual(cpu.EAX, 4160648352)
def test_JMP_9(self):
''' Instruction JMP_9
Groups: jump
0xf7fe7445: jmp 0xf7fe7350
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7448] = '\xff'
mem[0xf7fe7449] = '\xff'
mem[0xf7fe7445] = '\xe9'
mem[0xf7fe7446] = '\x06'
mem[0xf7fe7447] = '\xff'
cpu.EIP = 0xf7fe7445
cpu.execute()
self.assertEqual(mem[0xf7fe7448], '\xff')
self.assertEqual(mem[0xf7fe7449], '\xff')
self.assertEqual(mem[0xf7fe7445], '\xe9')
self.assertEqual(mem[0xf7fe7446], '\x06')
self.assertEqual(mem[0xf7fe7447], '\xff')
self.assertEqual(cpu.EIP, 4160648016)
def test_JNE_1(self):
''' Instruction JNE_1
Groups: jump
0xf7fe71b0: jne 0xf7fe7eb4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71b0] = '\x0f'
mem[0xf7fe71b1] = '\x85'
mem[0xf7fe71b2] = '\xfe'
mem[0xf7fe71b3] = '\x0c'
mem[0xf7fe71b4] = '\x00'
mem[0xf7fe71b5] = '\x00'
cpu.EIP = 0xf7fe71b0
cpu.ZF = True
cpu.execute()
self.assertEqual(mem[0xf7fe71b0], '\x0f')
self.assertEqual(mem[0xf7fe71b1], '\x85')
self.assertEqual(mem[0xf7fe71b2], '\xfe')
self.assertEqual(mem[0xf7fe71b3], '\x0c')
self.assertEqual(mem[0xf7fe71b4], '\x00')
self.assertEqual(mem[0xf7fe71b5], '\x00')
self.assertEqual(cpu.EIP, 4160647606)
def test_JNE_10(self):
''' Instruction JNE_10
Groups: jump
0xf7ff4222: jne 0xf7ff4457
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4222] = '\x0f'
mem[0xf7ff4223] = '\x85'
mem[0xf7ff4224] = '/'
mem[0xf7ff4225] = '\x02'
mem[0xf7ff4226] = '\x00'
mem[0xf7ff4227] = '\x00'
cpu.EIP = 0xf7ff4222
cpu.ZF = True
cpu.execute()
self.assertEqual(mem[0xf7ff4222], '\x0f')
self.assertEqual(mem[0xf7ff4223], '\x85')
self.assertEqual(mem[0xf7ff4224], '/')
self.assertEqual(mem[0xf7ff4225], '\x02')
self.assertEqual(mem[0xf7ff4226], '\x00')
self.assertEqual(mem[0xf7ff4227], '\x00')
self.assertEqual(cpu.EIP, 4160700968)
def test_JNE_11(self):
''' Instruction JNE_11
Groups: jump
0xf7fe54f6: jne 0xf7fe555a
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54f6] = 'u'
mem[0xf7fe54f7] = 'b'
cpu.EIP = 0xf7fe54f6
cpu.ZF = False
cpu.execute()
self.assertEqual(mem[0xf7fe54f6], 'u')
self.assertEqual(mem[0xf7fe54f7], 'b')
self.assertEqual(cpu.EIP, 4160640346)
def test_JNE_12(self):
''' Instruction JNE_12
Groups: jump
0xf7ff3e72: jne 0xf7ff3e68
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e72] = 'u'
mem[0xf7ff3e73] = '\xf4'
cpu.EIP = 0xf7ff3e72
cpu.ZF = False
cpu.execute()
self.assertEqual(mem[0xf7ff3e72], 'u')
self.assertEqual(mem[0xf7ff3e73], '\xf4')
self.assertEqual(cpu.EIP, 4160700008)
def test_JNE_13(self):
''' Instruction JNE_13
Groups: jump
0xf7fe71b0: jne 0xf7fe7eb4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71b0] = '\x0f'
mem[0xf7fe71b1] = '\x85'
mem[0xf7fe71b2] = '\xfe'
mem[0xf7fe71b3] = '\x0c'
mem[0xf7fe71b4] = '\x00'
mem[0xf7fe71b5] = '\x00'
cpu.EIP = 0xf7fe71b0
cpu.ZF = True
cpu.execute()
self.assertEqual(mem[0xf7fe71b0], '\x0f')
self.assertEqual(mem[0xf7fe71b1], '\x85')
self.assertEqual(mem[0xf7fe71b2], '\xfe')
self.assertEqual(mem[0xf7fe71b3], '\x0c')
self.assertEqual(mem[0xf7fe71b4], '\x00')
self.assertEqual(mem[0xf7fe71b5], '\x00')
self.assertEqual(cpu.EIP, 4160647606)
def test_JNE_14(self):
''' Instruction JNE_14
Groups: jump
0xf7fe71b0: jne 0xf7fe7eb4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71b0] = '\x0f'
mem[0xf7fe71b1] = '\x85'
mem[0xf7fe71b2] = '\xfe'
mem[0xf7fe71b3] = '\x0c'
mem[0xf7fe71b4] = '\x00'
mem[0xf7fe71b5] = '\x00'
cpu.EIP = 0xf7fe71b0
cpu.ZF = True
cpu.execute()
self.assertEqual(mem[0xf7fe71b0], '\x0f')
self.assertEqual(mem[0xf7fe71b1], '\x85')
self.assertEqual(mem[0xf7fe71b2], '\xfe')
self.assertEqual(mem[0xf7fe71b3], '\x0c')
self.assertEqual(mem[0xf7fe71b4], '\x00')
self.assertEqual(mem[0xf7fe71b5], '\x00')
self.assertEqual(cpu.EIP, 4160647606)
def test_JNE_15(self):
''' Instruction JNE_15
Groups: jump
0xf7ff3e6c: jne 0xf7ff3e77
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6c] = 'u'
mem[0xf7ff3e6d] = '\t'
cpu.EIP = 0xf7ff3e6c
cpu.ZF = True
cpu.execute()
self.assertEqual(mem[0xf7ff3e6c], 'u')
self.assertEqual(mem[0xf7ff3e6d], '\t')
self.assertEqual(cpu.EIP, 4160700014)
def test_JNE_16(self):
''' Instruction JNE_16
Groups: jump
0xf7fe71b0: jne 0xf7fe7eb4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71b0] = '\x0f'
mem[0xf7fe71b1] = '\x85'
mem[0xf7fe71b2] = '\xfe'
mem[0xf7fe71b3] = '\x0c'
mem[0xf7fe71b4] = '\x00'
mem[0xf7fe71b5] = '\x00'
cpu.EIP = 0xf7fe71b0
cpu.ZF = True
cpu.execute()
self.assertEqual(mem[0xf7fe71b0], '\x0f')
self.assertEqual(mem[0xf7fe71b1], '\x85')
self.assertEqual(mem[0xf7fe71b2], '\xfe')
self.assertEqual(mem[0xf7fe71b3], '\x0c')
self.assertEqual(mem[0xf7fe71b4], '\x00')
self.assertEqual(mem[0xf7fe71b5], '\x00')
self.assertEqual(cpu.EIP, 4160647606)
def test_JNE_17(self):
''' Instruction JNE_17
Groups: jump
0xf7fe56b1: jne 0xf7fe56a0
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56b1] = 'u'
mem[0xf7fe56b2] = '\xed'
cpu.EIP = 0xf7fe56b1
cpu.ZF = True
cpu.execute()
self.assertEqual(mem[0xf7fe56b1], 'u')
self.assertEqual(mem[0xf7fe56b2], '\xed')
self.assertEqual(cpu.EIP, 4160640691)
def test_JNE_18(self):
''' Instruction JNE_18
Groups: jump
0xf7ff3e6c: jne 0xf7ff3e77
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6c] = 'u'
mem[0xf7ff3e6d] = '\t'
cpu.EIP = 0xf7ff3e6c
cpu.ZF = True
cpu.execute()
self.assertEqual(mem[0xf7ff3e6c], 'u')
self.assertEqual(mem[0xf7ff3e6d], '\t')
self.assertEqual(cpu.EIP, 4160700014)
def test_JNE_19(self):
''' Instruction JNE_19
Groups: jump
0xf7ff0b7e: jne 0xf7ff0a90
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff0b80] = '\x0c'
mem[0xf7ff0b81] = '\xff'
mem[0xf7ff0b82] = '\xff'
mem[0xf7ff0b83] = '\xff'
mem[0xf7ff0b7e] = '\x0f'
mem[0xf7ff0b7f] = '\x85'
cpu.EIP = 0xf7ff0b7e
cpu.ZF = True
cpu.execute()
self.assertEqual(mem[0xf7ff0b80], '\x0c')
self.assertEqual(mem[0xf7ff0b81], '\xff')
self.assertEqual(mem[0xf7ff0b82], '\xff')
self.assertEqual(mem[0xf7ff0b83], '\xff')
self.assertEqual(mem[0xf7ff0b7e], '\x0f')
self.assertEqual(mem[0xf7ff0b7f], '\x85')
self.assertEqual(cpu.EIP, 4160686980)
def test_JNE_2(self):
''' Instruction JNE_2
Groups: jump
0xf7ff3e72: jne 0xf7ff3e68
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e72] = 'u'
mem[0xf7ff3e73] = '\xf4'
cpu.EIP = 0xf7ff3e72
cpu.ZF = False
cpu.execute()
self.assertEqual(mem[0xf7ff3e72], 'u')
self.assertEqual(mem[0xf7ff3e73], '\xf4')
self.assertEqual(cpu.EIP, 4160700008)
def test_JNE_20(self):
''' Instruction JNE_20
Groups: jump
0xf7fe4f3f: jne 0xf7fe5483
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f40] = '\x85'
mem[0xf7fe4f41] = '>'
mem[0xf7fe4f42] = '\x05'
mem[0xf7fe4f43] = '\x00'
mem[0xf7fe4f44] = '\x00'
mem[0xf7fe4f3f] = '\x0f'
cpu.EIP = 0xf7fe4f3f
cpu.ZF = True
cpu.execute()
self.assertEqual(mem[0xf7fe4f40], '\x85')
self.assertEqual(mem[0xf7fe4f41], '>')
self.assertEqual(mem[0xf7fe4f42], '\x05')
self.assertEqual(mem[0xf7fe4f43], '\x00')
self.assertEqual(mem[0xf7fe4f44], '\x00')
self.assertEqual(mem[0xf7fe4f3f], '\x0f')
self.assertEqual(cpu.EIP, 4160638789)
def test_JNE_21(self):
''' Instruction JNE_21
Groups: jump
0xf7ff3e6c: jne 0xf7ff3e77
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6c] = 'u'
mem[0xf7ff3e6d] = '\t'
cpu.EIP = 0xf7ff3e6c
cpu.ZF = True
cpu.execute()
self.assertEqual(mem[0xf7ff3e6c], 'u')
self.assertEqual(mem[0xf7ff3e6d], '\t')
self.assertEqual(cpu.EIP, 4160700014)
def test_JNE_3(self):
''' Instruction JNE_3
Groups: jump
0xf7fe8ab3: jne 0xf7fe9164
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe8000, 0x1000, 'rwx')
mem[0xf7fe8ab3] = '\x0f'
mem[0xf7fe8ab4] = '\x85'
mem[0xf7fe8ab5] = '\xab'
mem[0xf7fe8ab6] = '\x06'
mem[0xf7fe8ab7] = '\x00'
mem[0xf7fe8ab8] = '\x00'
cpu.EIP = 0xf7fe8ab3
cpu.ZF = False
cpu.execute()
self.assertEqual(mem[0xf7fe8ab3], '\x0f')
self.assertEqual(mem[0xf7fe8ab4], '\x85')
self.assertEqual(mem[0xf7fe8ab5], '\xab')
self.assertEqual(mem[0xf7fe8ab6], '\x06')
self.assertEqual(mem[0xf7fe8ab7], '\x00')
self.assertEqual(mem[0xf7fe8ab8], '\x00')
self.assertEqual(cpu.EIP, 4160655716)
def test_JNE_4(self):
''' Instruction JNE_4
Groups: jump
0xf7ff3e6c: jne 0xf7ff3e77
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6c] = 'u'
mem[0xf7ff3e6d] = '\t'
cpu.EIP = 0xf7ff3e6c
cpu.ZF = True
cpu.execute()
self.assertEqual(mem[0xf7ff3e6c], 'u')
self.assertEqual(mem[0xf7ff3e6d], '\t')
self.assertEqual(cpu.EIP, 4160700014)
def test_JNE_5(self):
''' Instruction JNE_5
Groups: jump
0xf7fe1e7c: jne 0xf7fe2a9e
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe1000, 0x1000, 'rwx')
mem[0xf7fe1e80] = '\x00'
mem[0xf7fe1e81] = '\x00'
mem[0xf7fe1e7c] = '\x0f'
mem[0xf7fe1e7d] = '\x85'
mem[0xf7fe1e7e] = '\x1c'
mem[0xf7fe1e7f] = '\x0c'
cpu.EIP = 0xf7fe1e7c
cpu.ZF = True
cpu.execute()
self.assertEqual(mem[0xf7fe1e80], '\x00')
self.assertEqual(mem[0xf7fe1e81], '\x00')
self.assertEqual(mem[0xf7fe1e7c], '\x0f')
self.assertEqual(mem[0xf7fe1e7d], '\x85')
self.assertEqual(mem[0xf7fe1e7e], '\x1c')
self.assertEqual(mem[0xf7fe1e7f], '\x0c')
self.assertEqual(cpu.EIP, 4160626306)
def test_JNE_6(self):
''' Instruction JNE_6
Groups: jump
0xf7fe7275: jne 0xf7fe7288
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7275] = 'u'
mem[0xf7fe7276] = '\x11'
cpu.EIP = 0xf7fe7275
cpu.ZF = True
cpu.execute()
self.assertEqual(mem[0xf7fe7275], 'u')
self.assertEqual(mem[0xf7fe7276], '\x11')
self.assertEqual(cpu.EIP, 4160647799)
def test_JNE_7(self):
''' Instruction JNE_7
Groups: jump
0xf7fec1e0: jne 0xf7fec168
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec1e0] = 'u'
mem[0xf7fec1e1] = '\x86'
cpu.EIP = 0xf7fec1e0
cpu.ZF = True
cpu.execute()
self.assertEqual(mem[0xf7fec1e0], 'u')
self.assertEqual(mem[0xf7fec1e1], '\x86')
self.assertEqual(cpu.EIP, 4160668130)
def test_JNE_8(self):
''' Instruction JNE_8
Groups: jump
0xf7fe71b0: jne 0xf7fe7eb4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71b0] = '\x0f'
mem[0xf7fe71b1] = '\x85'
mem[0xf7fe71b2] = '\xfe'
mem[0xf7fe71b3] = '\x0c'
mem[0xf7fe71b4] = '\x00'
mem[0xf7fe71b5] = '\x00'
cpu.EIP = 0xf7fe71b0
cpu.ZF = True
cpu.execute()
self.assertEqual(mem[0xf7fe71b0], '\x0f')
self.assertEqual(mem[0xf7fe71b1], '\x85')
self.assertEqual(mem[0xf7fe71b2], '\xfe')
self.assertEqual(mem[0xf7fe71b3], '\x0c')
self.assertEqual(mem[0xf7fe71b4], '\x00')
self.assertEqual(mem[0xf7fe71b5], '\x00')
self.assertEqual(cpu.EIP, 4160647606)
def test_JNE_9(self):
''' Instruction JNE_9
Groups: jump
0xf7ff092d: jne 0xf7ff099c
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff092d] = 'u'
mem[0xf7ff092e] = 'm'
cpu.EIP = 0xf7ff092d
cpu.ZF = True
cpu.execute()
self.assertEqual(mem[0xf7ff092d], 'u')
self.assertEqual(mem[0xf7ff092e], 'm')
self.assertEqual(cpu.EIP, 4160686383)
def test_JNO_1(self):
''' Instruction JNO_1
Groups: jump
0x807bb6f: jno 0x807bb74
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807bb70] = '\x03'
mem[0x0807bb6f] = 'q'
cpu.EIP = 0x807bb6f
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807bb70], '\x03')
self.assertEqual(mem[0x807bb6f], 'q')
self.assertEqual(cpu.EIP, 134724468)
def test_JNO_10(self):
''' Instruction JNO_10
Groups: jump
0x807baa9: jno 0x807baae
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807baa9] = 'q'
mem[0x0807baaa] = '\x03'
cpu.EIP = 0x807baa9
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807baa9], 'q')
self.assertEqual(mem[0x807baaa], '\x03')
self.assertEqual(cpu.EIP, 134724270)
def test_JNO_11(self):
''' Instruction JNO_11
Groups: jump
0x807bb9c: jno 0x807bba1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807bb9c] = 'q'
mem[0x0807bb9d] = '\x03'
cpu.EIP = 0x807bb9c
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807bb9c], 'q')
self.assertEqual(mem[0x807bb9d], '\x03')
self.assertEqual(cpu.EIP, 134724513)
def test_JNO_12(self):
''' Instruction JNO_12
Groups: jump
0x807bb8a: jno 0x807bb8f
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807bb8a] = 'q'
mem[0x0807bb8b] = '\x03'
cpu.EIP = 0x807bb8a
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807bb8a], 'q')
self.assertEqual(mem[0x807bb8b], '\x03')
self.assertEqual(cpu.EIP, 134724495)
def test_JNO_13(self):
''' Instruction JNO_13
Groups: jump
0x807bb5d: jno 0x807bb62
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807bb5d] = 'q'
mem[0x0807bb5e] = '\x03'
cpu.EIP = 0x807bb5d
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807bb5d], 'q')
self.assertEqual(mem[0x807bb5e], '\x03')
self.assertEqual(cpu.EIP, 134724450)
def test_JNO_14(self):
''' Instruction JNO_14
Groups: jump
0x807baa0: jno 0x807baa5
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807baa0] = 'q'
mem[0x0807baa1] = '\x03'
cpu.EIP = 0x807baa0
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807baa0], 'q')
self.assertEqual(mem[0x807baa1], '\x03')
self.assertEqual(cpu.EIP, 134724261)
def test_JNO_15(self):
''' Instruction JNO_15
Groups: jump
0x807bb78: jno 0x807bb7d
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807bb78] = 'q'
mem[0x0807bb79] = '\x03'
cpu.EIP = 0x807bb78
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807bb78], 'q')
self.assertEqual(mem[0x807bb79], '\x03')
self.assertEqual(cpu.EIP, 134724477)
def test_JNO_16(self):
''' Instruction JNO_16
Groups: jump
0x807bb15: jno 0x807bb1a
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807bb15] = 'q'
mem[0x0807bb16] = '\x03'
cpu.EIP = 0x807bb15
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807bb15], 'q')
self.assertEqual(mem[0x807bb16], '\x03')
self.assertEqual(cpu.EIP, 134724378)
def test_JNO_17(self):
''' Instruction JNO_17
Groups: jump
0x807bb66: jno 0x807bb6b
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807bb66] = 'q'
mem[0x0807bb67] = '\x03'
cpu.EIP = 0x807bb66
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807bb66], 'q')
self.assertEqual(mem[0x807bb67], '\x03')
self.assertEqual(cpu.EIP, 134724459)
def test_JNO_18(self):
''' Instruction JNO_18
Groups: jump
0x807bb54: jno 0x807bb59
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807bb54] = 'q'
mem[0x0807bb55] = '\x03'
cpu.EIP = 0x807bb54
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807bb54], 'q')
self.assertEqual(mem[0x807bb55], '\x03')
self.assertEqual(cpu.EIP, 134724441)
def test_JNO_19(self):
''' Instruction JNO_19
Groups: jump
0x807bb03: jno 0x807bb08
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807bb03] = 'q'
mem[0x0807bb04] = '\x03'
cpu.EIP = 0x807bb03
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807bb03], 'q')
self.assertEqual(mem[0x807bb04], '\x03')
self.assertEqual(cpu.EIP, 134724360)
def test_JNO_2(self):
''' Instruction JNO_2
Groups: jump
0x807ba85: jno 0x807ba8a
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807ba85] = 'q'
mem[0x0807ba86] = '\x03'
cpu.EIP = 0x807ba85
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807ba85], 'q')
self.assertEqual(mem[0x807ba86], '\x03')
self.assertEqual(cpu.EIP, 134724234)
def test_JNO_20(self):
''' Instruction JNO_20
Groups: jump
0x807bacd: jno 0x807bad2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807bacd] = 'q'
mem[0x0807bace] = '\x03'
cpu.EIP = 0x807bacd
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807bacd], 'q')
self.assertEqual(mem[0x807bace], '\x03')
self.assertEqual(cpu.EIP, 134724306)
def test_JNO_21(self):
''' Instruction JNO_21
Groups: jump
0x807bb0c: jno 0x807bb11
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807bb0c] = 'q'
mem[0x0807bb0d] = '\x03'
cpu.EIP = 0x807bb0c
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807bb0c], 'q')
self.assertEqual(mem[0x807bb0d], '\x03')
self.assertEqual(cpu.EIP, 134724369)
def test_JNO_3(self):
''' Instruction JNO_3
Groups: jump
0x807bb39: jno 0x807bb3e
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807bb39] = 'q'
mem[0x0807bb3a] = '\x03'
cpu.EIP = 0x807bb39
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807bb39], 'q')
self.assertEqual(mem[0x807bb3a], '\x03')
self.assertEqual(cpu.EIP, 134724414)
def test_JNO_4(self):
''' Instruction JNO_4
Groups: jump
0x807bb30: jno 0x807bb35
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807bb30] = 'q'
mem[0x0807bb31] = '\x03'
cpu.EIP = 0x807bb30
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807bb30], 'q')
self.assertEqual(mem[0x807bb31], '\x03')
self.assertEqual(cpu.EIP, 134724405)
def test_JNO_5(self):
''' Instruction JNO_5
Groups: jump
0x807bb4b: jno 0x807bb50
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807bb4b] = 'q'
mem[0x0807bb4c] = '\x03'
cpu.EIP = 0x807bb4b
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807bb4b], 'q')
self.assertEqual(mem[0x807bb4c], '\x03')
self.assertEqual(cpu.EIP, 134724432)
def test_JNO_6(self):
''' Instruction JNO_6
Groups: jump
0x807badf: jno 0x807bae4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807bae0] = '\x03'
mem[0x0807badf] = 'q'
cpu.EIP = 0x807badf
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807bae0], '\x03')
self.assertEqual(mem[0x807badf], 'q')
self.assertEqual(cpu.EIP, 134724324)
def test_JNO_7(self):
''' Instruction JNO_7
Groups: jump
0x807babb: jno 0x807bac0
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807babb] = 'q'
mem[0x0807babc] = '\x03'
cpu.EIP = 0x807babb
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807babb], 'q')
self.assertEqual(mem[0x807babc], '\x03')
self.assertEqual(cpu.EIP, 134724288)
def test_JNO_8(self):
''' Instruction JNO_8
Groups: jump
0x807bb81: jno 0x807bb86
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807bb81] = 'q'
mem[0x0807bb82] = '\x03'
cpu.EIP = 0x807bb81
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807bb81], 'q')
self.assertEqual(mem[0x807bb82], '\x03')
self.assertEqual(cpu.EIP, 134724486)
def test_JNO_9(self):
''' Instruction JNO_9
Groups: jump
0x807bb1e: jno 0x807bb23
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807bb1e] = 'q'
mem[0x0807bb1f] = '\x03'
cpu.EIP = 0x807bb1e
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x807bb1e], 'q')
self.assertEqual(mem[0x807bb1f], '\x03')
self.assertEqual(cpu.EIP, 134724387)
def test_JNP_1(self):
''' Instruction JNP_1
Groups: jump
0x807b006: jnp 0x807b00b
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b006] = '{'
mem[0x0807b007] = '\x03'
cpu.EIP = 0x807b006
cpu.PF = True
cpu.execute()
self.assertEqual(mem[0x807b006], '{')
self.assertEqual(mem[0x807b007], '\x03')
self.assertEqual(cpu.EIP, 134721544)
def test_JNP_10(self):
''' Instruction JNP_10
Groups: jump
0x807aea5: jnp 0x807aeaa
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807aea5] = '{'
mem[0x0807aea6] = '\x03'
cpu.EIP = 0x807aea5
cpu.PF = True
cpu.execute()
self.assertEqual(mem[0x807aea5], '{')
self.assertEqual(mem[0x807aea6], '\x03')
self.assertEqual(cpu.EIP, 134721191)
def test_JNP_11(self):
''' Instruction JNP_11
Groups: jump
0x807b09f: jnp 0x807b0a4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b0a0] = '\x03'
mem[0x0807b09f] = '{'
cpu.EIP = 0x807b09f
cpu.PF = False
cpu.execute()
self.assertEqual(mem[0x807b0a0], '\x03')
self.assertEqual(mem[0x807b09f], '{')
self.assertEqual(cpu.EIP, 134721700)
def test_JNP_12(self):
''' Instruction JNP_12
Groups: jump
0x807aff4: jnp 0x807aff9
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807aff4] = '{'
mem[0x0807aff5] = '\x03'
cpu.EIP = 0x807aff4
cpu.PF = False
cpu.execute()
self.assertEqual(mem[0x807aff4], '{')
self.assertEqual(mem[0x807aff5], '\x03')
self.assertEqual(cpu.EIP, 134721529)
def test_JNP_13(self):
''' Instruction JNP_13
Groups: jump
0x807ae39: jnp 0x807ae3e
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807ae39] = '{'
mem[0x0807ae3a] = '\x03'
cpu.EIP = 0x807ae39
cpu.PF = True
cpu.execute()
self.assertEqual(mem[0x807ae39], '{')
self.assertEqual(mem[0x807ae3a], '\x03')
self.assertEqual(cpu.EIP, 134721083)
def test_JNP_14(self):
''' Instruction JNP_14
Groups: jump
0x807ae27: jnp 0x807ae2c
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807ae28] = '\x03'
mem[0x0807ae27] = '{'
cpu.EIP = 0x807ae27
cpu.PF = False
cpu.execute()
self.assertEqual(mem[0x807ae28], '\x03')
self.assertEqual(mem[0x807ae27], '{')
self.assertEqual(cpu.EIP, 134721068)
def test_JNP_15(self):
''' Instruction JNP_15
Groups: jump
0x807b072: jnp 0x807b077
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b072] = '{'
mem[0x0807b073] = '\x03'
cpu.EIP = 0x807b072
cpu.PF = True
cpu.execute()
self.assertEqual(mem[0x807b072], '{')
self.assertEqual(mem[0x807b073], '\x03')
self.assertEqual(cpu.EIP, 134721652)
def test_JNP_16(self):
''' Instruction JNP_16
Groups: jump
0x807b057: jnp 0x807b05c
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b058] = '\x03'
mem[0x0807b057] = '{'
cpu.EIP = 0x807b057
cpu.PF = False
cpu.execute()
self.assertEqual(mem[0x807b058], '\x03')
self.assertEqual(mem[0x807b057], '{')
self.assertEqual(cpu.EIP, 134721628)
def test_JNP_17(self):
''' Instruction JNP_17
Groups: jump
0x807ae15: jnp 0x807ae1a
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807ae15] = '{'
mem[0x0807ae16] = '\x03'
cpu.EIP = 0x807ae15
cpu.PF = True
cpu.execute()
self.assertEqual(mem[0x807ae15], '{')
self.assertEqual(mem[0x807ae16], '\x03')
self.assertEqual(cpu.EIP, 134721047)
def test_JNP_18(self):
''' Instruction JNP_18
Groups: jump
0x807b021: jnp 0x807b026
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b021] = '{'
mem[0x0807b022] = '\x03'
cpu.EIP = 0x807b021
cpu.PF = True
cpu.execute()
self.assertEqual(mem[0x807b021], '{')
self.assertEqual(mem[0x807b022], '\x03')
self.assertEqual(cpu.EIP, 134721571)
def test_JNP_19(self):
''' Instruction JNP_19
Groups: jump
0x807ae9c: jnp 0x807aea1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807ae9c] = '{'
mem[0x0807ae9d] = '\x03'
cpu.EIP = 0x807ae9c
cpu.PF = False
cpu.execute()
self.assertEqual(mem[0x807ae9c], '{')
self.assertEqual(mem[0x807ae9d], '\x03')
self.assertEqual(cpu.EIP, 134721185)
def test_JNP_2(self):
''' Instruction JNP_2
Groups: jump
0x807b0de: jnp 0x807b0e3
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b0de] = '{'
mem[0x0807b0df] = '\x03'
cpu.EIP = 0x807b0de
cpu.PF = True
cpu.execute()
self.assertEqual(mem[0x807b0de], '{')
self.assertEqual(mem[0x807b0df], '\x03')
self.assertEqual(cpu.EIP, 134721760)
def test_JNP_20(self):
''' Instruction JNP_20
Groups: jump
0x807ad97: jnp 0x807ad9c
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807ad98] = '\x03'
mem[0x0807ad97] = '{'
cpu.EIP = 0x807ad97
cpu.PF = False
cpu.execute()
self.assertEqual(mem[0x807ad98], '\x03')
self.assertEqual(mem[0x807ad97], '{')
self.assertEqual(cpu.EIP, 134720924)
def test_JNP_21(self):
''' Instruction JNP_21
Groups: jump
0x807add6: jnp 0x807addb
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807add6] = '{'
mem[0x0807add7] = '\x03'
cpu.EIP = 0x807add6
cpu.PF = True
cpu.execute()
self.assertEqual(mem[0x807add6], '{')
self.assertEqual(mem[0x807add7], '\x03')
self.assertEqual(cpu.EIP, 134720984)
def test_JNP_3(self):
''' Instruction JNP_3
Groups: jump
0x807b102: jnp 0x807b107
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b102] = '{'
mem[0x0807b103] = '\x03'
cpu.EIP = 0x807b102
cpu.PF = True
cpu.execute()
self.assertEqual(mem[0x807b102], '{')
self.assertEqual(mem[0x807b103], '\x03')
self.assertEqual(cpu.EIP, 134721796)
def test_JNP_4(self):
''' Instruction JNP_4
Groups: jump
0x807addf: jnp 0x807ade4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807ade0] = '\x03'
mem[0x0807addf] = '{'
cpu.EIP = 0x807addf
cpu.PF = False
cpu.execute()
self.assertEqual(mem[0x807ade0], '\x03')
self.assertEqual(mem[0x807addf], '{')
self.assertEqual(cpu.EIP, 134720996)
def test_JNP_5(self):
''' Instruction JNP_5
Groups: jump
0x807b096: jnp 0x807b09b
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b096] = '{'
mem[0x0807b097] = '\x03'
cpu.EIP = 0x807b096
cpu.PF = True
cpu.execute()
self.assertEqual(mem[0x807b096], '{')
self.assertEqual(mem[0x807b097], '\x03')
self.assertEqual(cpu.EIP, 134721688)
def test_JNP_6(self):
''' Instruction JNP_6
Groups: jump
0x807ae81: jnp 0x807ae86
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807ae81] = '{'
mem[0x0807ae82] = '\x03'
cpu.EIP = 0x807ae81
cpu.PF = True
cpu.execute()
self.assertEqual(mem[0x807ae81], '{')
self.assertEqual(mem[0x807ae82], '\x03')
self.assertEqual(cpu.EIP, 134721155)
def test_JNP_7(self):
''' Instruction JNP_7
Groups: jump
0x807b0cc: jnp 0x807b0d1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b0cc] = '{'
mem[0x0807b0cd] = '\x03'
cpu.EIP = 0x807b0cc
cpu.PF = False
cpu.execute()
self.assertEqual(mem[0x807b0cc], '{')
self.assertEqual(mem[0x807b0cd], '\x03')
self.assertEqual(cpu.EIP, 134721745)
def test_JNP_8(self):
''' Instruction JNP_8
Groups: jump
0x807b08d: jnp 0x807b092
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b08d] = '{'
mem[0x0807b08e] = '\x03'
cpu.EIP = 0x807b08d
cpu.PF = True
cpu.execute()
self.assertEqual(mem[0x807b08d], '{')
self.assertEqual(mem[0x807b08e], '\x03')
self.assertEqual(cpu.EIP, 134721679)
def test_JNP_9(self):
''' Instruction JNP_9
Groups: jump
0x807ae93: jnp 0x807ae98
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807ae93] = '{'
mem[0x0807ae94] = '\x03'
cpu.EIP = 0x807ae93
cpu.PF = False
cpu.execute()
self.assertEqual(mem[0x807ae93], '{')
self.assertEqual(mem[0x807ae94], '\x03')
self.assertEqual(cpu.EIP, 134721176)
def test_JNS_1(self):
''' Instruction JNS_1
Groups: jump
0x807aceb: jns 0x807acf0
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807aceb] = 'y'
mem[0x0807acec] = '\x03'
cpu.EIP = 0x807aceb
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x807aceb], 'y')
self.assertEqual(mem[0x807acec], '\x03')
self.assertEqual(cpu.EIP, 134720752)
def test_JNS_10(self):
''' Instruction JNS_10
Groups: jump
0x807ad7b: jns 0x807ad80
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807ad7b] = 'y'
mem[0x0807ad7c] = '\x03'
cpu.EIP = 0x807ad7b
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0x807ad7b], 'y')
self.assertEqual(mem[0x807ad7c], '\x03')
self.assertEqual(cpu.EIP, 134720893)
def test_JNS_11(self):
''' Instruction JNS_11
Groups: jump
0x807ad4e: jns 0x807ad53
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807ad4e] = 'y'
mem[0x0807ad4f] = '\x03'
cpu.EIP = 0x807ad4e
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0x807ad4e], 'y')
self.assertEqual(mem[0x807ad4f], '\x03')
self.assertEqual(cpu.EIP, 134720848)
def test_JNS_12(self):
''' Instruction JNS_12
Groups: jump
0x807acd0: jns 0x807acd5
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807acd0] = 'y'
mem[0x0807acd1] = '\x03'
cpu.EIP = 0x807acd0
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x807acd0], 'y')
self.assertEqual(mem[0x807acd1], '\x03')
self.assertEqual(cpu.EIP, 134720725)
def test_JNS_13(self):
''' Instruction JNS_13
Groups: jump
0xf7ff0826: jns 0xf7ff07e8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff0826] = 'y'
mem[0xf7ff0827] = '\xc0'
cpu.EIP = 0xf7ff0826
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7ff0826], 'y')
self.assertEqual(mem[0xf7ff0827], '\xc0')
self.assertEqual(cpu.EIP, 4160686056)
def test_JNS_14(self):
''' Instruction JNS_14
Groups: jump
0x807ad33: jns 0x807ad38
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807ad33] = 'y'
mem[0x0807ad34] = '\x03'
cpu.EIP = 0x807ad33
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0x807ad33], 'y')
self.assertEqual(mem[0x807ad34], '\x03')
self.assertEqual(cpu.EIP, 134720821)
def test_JNS_15(self):
''' Instruction JNS_15
Groups: jump
0x807ac88: jns 0x807ac8d
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807ac88] = 'y'
mem[0x0807ac89] = '\x03'
cpu.EIP = 0x807ac88
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x807ac88], 'y')
self.assertEqual(mem[0x807ac89], '\x03')
self.assertEqual(cpu.EIP, 134720653)
def test_JNS_16(self):
''' Instruction JNS_16
Groups: jump
0x807ad3c: jns 0x807ad41
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807ad3c] = 'y'
mem[0x0807ad3d] = '\x03'
cpu.EIP = 0x807ad3c
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0x807ad3c], 'y')
self.assertEqual(mem[0x807ad3d], '\x03')
self.assertEqual(cpu.EIP, 134720830)
def test_JNS_17(self):
''' Instruction JNS_17
Groups: jump
0x807acfd: jns 0x807ad02
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807acfd] = 'y'
mem[0x0807acfe] = '\x03'
cpu.EIP = 0x807acfd
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0x807acfd], 'y')
self.assertEqual(mem[0x807acfe], '\x03')
self.assertEqual(cpu.EIP, 134720767)
def test_JNS_18(self):
''' Instruction JNS_18
Groups: jump
0xf7ff0826: jns 0xf7ff07e8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff0826] = 'y'
mem[0xf7ff0827] = '\xc0'
cpu.EIP = 0xf7ff0826
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7ff0826], 'y')
self.assertEqual(mem[0xf7ff0827], '\xc0')
self.assertEqual(cpu.EIP, 4160686120)
def test_JNS_19(self):
''' Instruction JNS_19
Groups: jump
0x807ac9a: jns 0x807ac9f
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807ac9a] = 'y'
mem[0x0807ac9b] = '\x03'
cpu.EIP = 0x807ac9a
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x807ac9a], 'y')
self.assertEqual(mem[0x807ac9b], '\x03')
self.assertEqual(cpu.EIP, 134720671)
def test_JNS_2(self):
''' Instruction JNS_2
Groups: jump
0x807ac91: jns 0x807ac96
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807ac91] = 'y'
mem[0x0807ac92] = '\x03'
cpu.EIP = 0x807ac91
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x807ac91], 'y')
self.assertEqual(mem[0x807ac92], '\x03')
self.assertEqual(cpu.EIP, 134720662)
def test_JNS_20(self):
''' Instruction JNS_20
Groups: jump
0x807ad72: jns 0x807ad77
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807ad72] = 'y'
mem[0x0807ad73] = '\x03'
cpu.EIP = 0x807ad72
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0x807ad72], 'y')
self.assertEqual(mem[0x807ad73], '\x03')
self.assertEqual(cpu.EIP, 134720884)
def test_JNS_21(self):
''' Instruction JNS_21
Groups: jump
0x807ad2a: jns 0x807ad2f
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807ad2a] = 'y'
mem[0x0807ad2b] = '\x03'
cpu.EIP = 0x807ad2a
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0x807ad2a], 'y')
self.assertEqual(mem[0x807ad2b], '\x03')
self.assertEqual(cpu.EIP, 134720812)
def test_JNS_3(self):
''' Instruction JNS_3
Groups: jump
0x807ad0f: jns 0x807ad14
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807ad10] = '\x03'
mem[0x0807ad0f] = 'y'
cpu.EIP = 0x807ad0f
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0x807ad10], '\x03')
self.assertEqual(mem[0x807ad0f], 'y')
self.assertEqual(cpu.EIP, 134720785)
def test_JNS_4(self):
''' Instruction JNS_4
Groups: jump
0x807aca3: jns 0x807aca8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807aca3] = 'y'
mem[0x0807aca4] = '\x03'
cpu.EIP = 0x807aca3
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x807aca3], 'y')
self.assertEqual(mem[0x807aca4], '\x03')
self.assertEqual(cpu.EIP, 134720680)
def test_JNS_5(self):
''' Instruction JNS_5
Groups: jump
0x807ace2: jns 0x807ace7
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807ace2] = 'y'
mem[0x0807ace3] = '\x03'
cpu.EIP = 0x807ace2
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x807ace2], 'y')
self.assertEqual(mem[0x807ace3], '\x03')
self.assertEqual(cpu.EIP, 134720743)
def test_JNS_6(self):
''' Instruction JNS_6
Groups: jump
0x807ad84: jns 0x807ad89
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807ad84] = 'y'
mem[0x0807ad85] = '\x03'
cpu.EIP = 0x807ad84
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0x807ad84], 'y')
self.assertEqual(mem[0x807ad85], '\x03')
self.assertEqual(cpu.EIP, 134720902)
def test_JNS_7(self):
''' Instruction JNS_7
Groups: jump
0xf7ff0826: jns 0xf7ff07e8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff0826] = 'y'
mem[0xf7ff0827] = '\xc0'
cpu.EIP = 0xf7ff0826
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7ff0826], 'y')
self.assertEqual(mem[0xf7ff0827], '\xc0')
self.assertEqual(cpu.EIP, 4160686120)
def test_JNS_8(self):
''' Instruction JNS_8
Groups: jump
0x807ac6d: jns 0x807ac72
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807ac6d] = 'y'
mem[0x0807ac6e] = '\x03'
cpu.EIP = 0x807ac6d
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x807ac6d], 'y')
self.assertEqual(mem[0x807ac6e], '\x03')
self.assertEqual(cpu.EIP, 134720626)
def test_JNS_9(self):
''' Instruction JNS_9
Groups: jump
0x807ad69: jns 0x807ad6e
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807ad69] = 'y'
mem[0x0807ad6a] = '\x03'
cpu.EIP = 0x807ad69
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0x807ad69], 'y')
self.assertEqual(mem[0x807ad6a], '\x03')
self.assertEqual(cpu.EIP, 134720875)
def test_JO_1(self):
''' Instruction JO_1
Groups: jump
0x8079c60: jo 0x8079c65
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079c60] = 'p'
mem[0x08079c61] = '\x03'
cpu.EIP = 0x8079c60
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079c60], 'p')
self.assertEqual(mem[0x8079c61], '\x03')
self.assertEqual(cpu.EIP, 134716514)
def test_JO_10(self):
''' Instruction JO_10
Groups: jump
0x8079c7b: jo 0x8079c80
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079c7b] = 'p'
mem[0x08079c7c] = '\x03'
cpu.EIP = 0x8079c7b
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079c7b], 'p')
self.assertEqual(mem[0x8079c7c], '\x03')
self.assertEqual(cpu.EIP, 134716541)
def test_JO_11(self):
''' Instruction JO_11
Groups: jump
0x8079cd5: jo 0x8079cda
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079cd5] = 'p'
mem[0x08079cd6] = '\x03'
cpu.EIP = 0x8079cd5
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079cd5], 'p')
self.assertEqual(mem[0x8079cd6], '\x03')
self.assertEqual(cpu.EIP, 134716631)
def test_JO_12(self):
''' Instruction JO_12
Groups: jump
0x8079cba: jo 0x8079cbf
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079cba] = 'p'
mem[0x08079cbb] = '\x03'
cpu.EIP = 0x8079cba
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079cba], 'p')
self.assertEqual(mem[0x8079cbb], '\x03')
self.assertEqual(cpu.EIP, 134716604)
def test_JO_13(self):
''' Instruction JO_13
Groups: jump
0x8079cc3: jo 0x8079cc8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079cc3] = 'p'
mem[0x08079cc4] = '\x03'
cpu.EIP = 0x8079cc3
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079cc3], 'p')
self.assertEqual(mem[0x8079cc4], '\x03')
self.assertEqual(cpu.EIP, 134716613)
def test_JO_14(self):
''' Instruction JO_14
Groups: jump
0x8079ce7: jo 0x8079cec
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079ce8] = '\x03'
mem[0x08079ce7] = 'p'
cpu.EIP = 0x8079ce7
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079ce8], '\x03')
self.assertEqual(mem[0x8079ce7], 'p')
self.assertEqual(cpu.EIP, 134716649)
def test_JO_15(self):
''' Instruction JO_15
Groups: jump
0x8079c4e: jo 0x8079c53
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079c4e] = 'p'
mem[0x08079c4f] = '\x03'
cpu.EIP = 0x8079c4e
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079c4e], 'p')
self.assertEqual(mem[0x8079c4f], '\x03')
self.assertEqual(cpu.EIP, 134716496)
def test_JO_16(self):
''' Instruction JO_16
Groups: jump
0x8079c33: jo 0x8079c38
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079c33] = 'p'
mem[0x08079c34] = '\x03'
cpu.EIP = 0x8079c33
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079c33], 'p')
self.assertEqual(mem[0x8079c34], '\x03')
self.assertEqual(cpu.EIP, 134716469)
def test_JO_17(self):
''' Instruction JO_17
Groups: jump
0x8079c69: jo 0x8079c6e
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079c69] = 'p'
mem[0x08079c6a] = '\x03'
cpu.EIP = 0x8079c69
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079c69], 'p')
self.assertEqual(mem[0x8079c6a], '\x03')
self.assertEqual(cpu.EIP, 134716523)
def test_JO_18(self):
''' Instruction JO_18
Groups: jump
0x8079d0b: jo 0x8079d10
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079d0b] = 'p'
mem[0x08079d0c] = '\x03'
cpu.EIP = 0x8079d0b
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079d0b], 'p')
self.assertEqual(mem[0x8079d0c], '\x03')
self.assertEqual(cpu.EIP, 134716685)
def test_JO_19(self):
''' Instruction JO_19
Groups: jump
0x8079c96: jo 0x8079c9b
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079c96] = 'p'
mem[0x08079c97] = '\x03'
cpu.EIP = 0x8079c96
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079c96], 'p')
self.assertEqual(mem[0x8079c97], '\x03')
self.assertEqual(cpu.EIP, 134716568)
def test_JO_2(self):
''' Instruction JO_2
Groups: jump
0x8079c9f: jo 0x8079ca4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079ca0] = '\x03'
mem[0x08079c9f] = 'p'
cpu.EIP = 0x8079c9f
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079ca0], '\x03')
self.assertEqual(mem[0x8079c9f], 'p')
self.assertEqual(cpu.EIP, 134716577)
def test_JO_20(self):
''' Instruction JO_20
Groups: jump
0x8079d02: jo 0x8079d07
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079d02] = 'p'
mem[0x08079d03] = '\x03'
cpu.EIP = 0x8079d02
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079d02], 'p')
self.assertEqual(mem[0x8079d03], '\x03')
self.assertEqual(cpu.EIP, 134716676)
def test_JO_21(self):
''' Instruction JO_21
Groups: jump
0x8079c72: jo 0x8079c77
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079c72] = 'p'
mem[0x08079c73] = '\x03'
cpu.EIP = 0x8079c72
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079c72], 'p')
self.assertEqual(mem[0x8079c73], '\x03')
self.assertEqual(cpu.EIP, 134716532)
def test_JO_3(self):
''' Instruction JO_3
Groups: jump
0x8079d1d: jo 0x8079d22
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079d1d] = 'p'
mem[0x08079d1e] = '\x03'
cpu.EIP = 0x8079d1d
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079d1d], 'p')
self.assertEqual(mem[0x8079d1e], '\x03')
self.assertEqual(cpu.EIP, 134716703)
def test_JO_4(self):
''' Instruction JO_4
Groups: jump
0x8079c45: jo 0x8079c4a
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079c45] = 'p'
mem[0x08079c46] = '\x03'
cpu.EIP = 0x8079c45
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079c45], 'p')
self.assertEqual(mem[0x8079c46], '\x03')
self.assertEqual(cpu.EIP, 134716487)
def test_JO_5(self):
''' Instruction JO_5
Groups: jump
0x8079cde: jo 0x8079ce3
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079cde] = 'p'
mem[0x08079cdf] = '\x03'
cpu.EIP = 0x8079cde
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079cde], 'p')
self.assertEqual(mem[0x8079cdf], '\x03')
self.assertEqual(cpu.EIP, 134716640)
def test_JO_6(self):
''' Instruction JO_6
Groups: jump
0x8079ca8: jo 0x8079cad
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079ca8] = 'p'
mem[0x08079ca9] = '\x03'
cpu.EIP = 0x8079ca8
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079ca8], 'p')
self.assertEqual(mem[0x8079ca9], '\x03')
self.assertEqual(cpu.EIP, 134716586)
def test_JO_7(self):
''' Instruction JO_7
Groups: jump
0x8079c3c: jo 0x8079c41
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079c3c] = 'p'
mem[0x08079c3d] = '\x03'
cpu.EIP = 0x8079c3c
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079c3c], 'p')
self.assertEqual(mem[0x8079c3d], '\x03')
self.assertEqual(cpu.EIP, 134716478)
def test_JO_8(self):
''' Instruction JO_8
Groups: jump
0x8079c84: jo 0x8079c89
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079c84] = 'p'
mem[0x08079c85] = '\x03'
cpu.EIP = 0x8079c84
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079c84], 'p')
self.assertEqual(mem[0x8079c85], '\x03')
self.assertEqual(cpu.EIP, 134716550)
def test_JO_9(self):
''' Instruction JO_9
Groups: jump
0x8079d26: jo 0x8079d2b
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079d26] = 'p'
mem[0x08079d27] = '\x03'
cpu.EIP = 0x8079d26
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8079d26], 'p')
self.assertEqual(mem[0x8079d27], '\x03')
self.assertEqual(cpu.EIP, 134716712)
def test_JP_1(self):
''' Instruction JP_1
Groups: jump
0x807b2ab: jp 0x807b2b0
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b2ab] = 'z'
mem[0x0807b2ac] = '\x03'
cpu.EIP = 0x807b2ab
cpu.PF = False
cpu.execute()
self.assertEqual(mem[0x807b2ab], 'z')
self.assertEqual(mem[0x807b2ac], '\x03')
self.assertEqual(cpu.EIP, 134722221)
def test_JP_10(self):
''' Instruction JP_10
Groups: jump
0xf7ff3cc2: jp 0xf7ff3ced
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3cc2] = 'z'
mem[0xf7ff3cc3] = ')'
cpu.EIP = 0xf7ff3cc2
cpu.PF = False
cpu.execute()
self.assertEqual(mem[0xf7ff3cc2], 'z')
self.assertEqual(mem[0xf7ff3cc3], ')')
self.assertEqual(cpu.EIP, 4160699588)
def test_JP_11(self):
''' Instruction JP_11
Groups: jump
0x8079887: jp 0x807988c
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079888] = '\x03'
mem[0x08079887] = 'z'
cpu.EIP = 0x8079887
cpu.PF = True
cpu.execute()
self.assertEqual(mem[0x8079888], '\x03')
self.assertEqual(mem[0x8079887], 'z')
self.assertEqual(cpu.EIP, 134715532)
def test_JP_12(self):
''' Instruction JP_12
Groups: jump
0x80797d3: jp 0x80797d8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x080797d3] = 'z'
mem[0x080797d4] = '\x03'
cpu.EIP = 0x80797d3
cpu.PF = True
cpu.execute()
self.assertEqual(mem[0x80797d3], 'z')
self.assertEqual(mem[0x80797d4], '\x03')
self.assertEqual(cpu.EIP, 134715352)
def test_JP_13(self):
''' Instruction JP_13
Groups: jump
0x807b299: jp 0x807b29e
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b299] = 'z'
mem[0x0807b29a] = '\x03'
cpu.EIP = 0x807b299
cpu.PF = True
cpu.execute()
self.assertEqual(mem[0x807b299], 'z')
self.assertEqual(mem[0x807b29a], '\x03')
self.assertEqual(cpu.EIP, 134722206)
def test_JP_14(self):
''' Instruction JP_14
Groups: jump
0xf7ff3cc2: jp 0xf7ff3ced
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3cc2] = 'z'
mem[0xf7ff3cc3] = ')'
cpu.EIP = 0xf7ff3cc2
cpu.PF = False
cpu.execute()
self.assertEqual(mem[0xf7ff3cc2], 'z')
self.assertEqual(mem[0xf7ff3cc3], ')')
self.assertEqual(cpu.EIP, 4160699588)
def test_JP_15(self):
''' Instruction JP_15
Groups: jump
0x80797ca: jp 0x80797cf
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x080797ca] = 'z'
mem[0x080797cb] = '\x03'
cpu.EIP = 0x80797ca
cpu.PF = False
cpu.execute()
self.assertEqual(mem[0x80797ca], 'z')
self.assertEqual(mem[0x80797cb], '\x03')
self.assertEqual(cpu.EIP, 134715340)
def test_JP_16(self):
''' Instruction JP_16
Groups: jump
0x80797dc: jp 0x80797e1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x080797dc] = 'z'
mem[0x080797dd] = '\x03'
cpu.EIP = 0x80797dc
cpu.PF = True
cpu.execute()
self.assertEqual(mem[0x80797dc], 'z')
self.assertEqual(mem[0x80797dd], '\x03')
self.assertEqual(cpu.EIP, 134715361)
def test_JP_17(self):
''' Instruction JP_17
Groups: jump
0x807b275: jp 0x807b27a
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b275] = 'z'
mem[0x0807b276] = '\x03'
cpu.EIP = 0x807b275
cpu.PF = True
cpu.execute()
self.assertEqual(mem[0x807b275], 'z')
self.assertEqual(mem[0x807b276], '\x03')
self.assertEqual(cpu.EIP, 134722170)
def test_JP_18(self):
''' Instruction JP_18
Groups: jump
0x807b2cf: jp 0x807b2d4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b2d0] = '\x03'
mem[0x0807b2cf] = 'z'
cpu.EIP = 0x807b2cf
cpu.PF = False
cpu.execute()
self.assertEqual(mem[0x807b2d0], '\x03')
self.assertEqual(mem[0x807b2cf], 'z')
self.assertEqual(cpu.EIP, 134722257)
def test_JP_19(self):
''' Instruction JP_19
Groups: jump
0x8079809: jp 0x807980e
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079809] = 'z'
mem[0x0807980a] = '\x03'
cpu.EIP = 0x8079809
cpu.PF = False
cpu.execute()
self.assertEqual(mem[0x8079809], 'z')
self.assertEqual(mem[0x807980a], '\x03')
self.assertEqual(cpu.EIP, 134715403)
def test_JP_2(self):
''' Instruction JP_2
Groups: jump
0x8079782: jp 0x8079787
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079782] = 'z'
mem[0x08079783] = '\x03'
cpu.EIP = 0x8079782
cpu.PF = False
cpu.execute()
self.assertEqual(mem[0x8079782], 'z')
self.assertEqual(mem[0x8079783], '\x03')
self.assertEqual(cpu.EIP, 134715268)
def test_JP_20(self):
''' Instruction JP_20
Groups: jump
0x80797e5: jp 0x80797ea
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x080797e5] = 'z'
mem[0x080797e6] = '\x03'
cpu.EIP = 0x80797e5
cpu.PF = False
cpu.execute()
self.assertEqual(mem[0x80797e5], 'z')
self.assertEqual(mem[0x80797e6], '\x03')
self.assertEqual(cpu.EIP, 134715367)
def test_JP_21(self):
''' Instruction JP_21
Groups: jump
0x80797a6: jp 0x80797ab
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x080797a6] = 'z'
mem[0x080797a7] = '\x03'
cpu.EIP = 0x80797a6
cpu.PF = False
cpu.execute()
self.assertEqual(mem[0x80797a6], 'z')
self.assertEqual(mem[0x80797a7], '\x03')
self.assertEqual(cpu.EIP, 134715304)
def test_JP_3(self):
''' Instruction JP_3
Groups: jump
0x807b332: jp 0x807b337
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b332] = 'z'
mem[0x0807b333] = '\x03'
cpu.EIP = 0x807b332
cpu.PF = True
cpu.execute()
self.assertEqual(mem[0x807b332], 'z')
self.assertEqual(mem[0x807b333], '\x03')
self.assertEqual(cpu.EIP, 134722359)
def test_JP_4(self):
''' Instruction JP_4
Groups: jump
0x807b2d8: jp 0x807b2dd
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b2d8] = 'z'
mem[0x0807b2d9] = '\x03'
cpu.EIP = 0x807b2d8
cpu.PF = False
cpu.execute()
self.assertEqual(mem[0x807b2d8], 'z')
self.assertEqual(mem[0x807b2d9], '\x03')
self.assertEqual(cpu.EIP, 134722266)
def test_JP_5(self):
''' Instruction JP_5
Groups: jump
0x8079875: jp 0x807987a
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079875] = 'z'
mem[0x08079876] = '\x03'
cpu.EIP = 0x8079875
cpu.PF = False
cpu.execute()
self.assertEqual(mem[0x8079875], 'z')
self.assertEqual(mem[0x8079876], '\x03')
self.assertEqual(cpu.EIP, 134715511)
def test_JP_6(self):
''' Instruction JP_6
Groups: jump
0x807b248: jp 0x807b24d
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b248] = 'z'
mem[0x0807b249] = '\x03'
cpu.EIP = 0x807b248
cpu.PF = False
cpu.execute()
self.assertEqual(mem[0x807b248], 'z')
self.assertEqual(mem[0x807b249], '\x03')
self.assertEqual(cpu.EIP, 134722122)
def test_JP_7(self):
''' Instruction JP_7
Groups: jump
0x807b2fc: jp 0x807b301
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b2fc] = 'z'
mem[0x0807b2fd] = '\x03'
cpu.EIP = 0x807b2fc
cpu.PF = False
cpu.execute()
self.assertEqual(mem[0x807b2fc], 'z')
self.assertEqual(mem[0x807b2fd], '\x03')
self.assertEqual(cpu.EIP, 134722302)
def test_JP_8(self):
''' Instruction JP_8
Groups: jump
0x807b25a: jp 0x807b25f
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b25a] = 'z'
mem[0x0807b25b] = '\x03'
cpu.EIP = 0x807b25a
cpu.PF = True
cpu.execute()
self.assertEqual(mem[0x807b25a], 'z')
self.assertEqual(mem[0x807b25b], '\x03')
self.assertEqual(cpu.EIP, 134722143)
def test_JP_9(self):
''' Instruction JP_9
Groups: jump
0x807b320: jp 0x807b325
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b320] = 'z'
mem[0x0807b321] = '\x03'
cpu.EIP = 0x807b320
cpu.PF = False
cpu.execute()
self.assertEqual(mem[0x807b320], 'z')
self.assertEqual(mem[0x807b321], '\x03')
self.assertEqual(cpu.EIP, 134722338)
def test_JS_1(self):
''' Instruction JS_1
Groups: jump
0x8079945: js 0x807994a
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079945] = 'x'
mem[0x08079946] = '\x03'
cpu.EIP = 0x8079945
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0x8079945], 'x')
self.assertEqual(mem[0x8079946], '\x03')
self.assertEqual(cpu.EIP, 134715722)
def test_JS_10(self):
''' Instruction JS_10
Groups: jump
0x8079921: js 0x8079926
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079921] = 'x'
mem[0x08079922] = '\x03'
cpu.EIP = 0x8079921
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x8079921], 'x')
self.assertEqual(mem[0x8079922], '\x03')
self.assertEqual(cpu.EIP, 134715683)
def test_JS_11(self):
''' Instruction JS_11
Groups: jump
0xf7febaad: js 0xf7febaf0
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7feb000, 0x1000, 'rwx')
mem[0xf7febaad] = 'x'
mem[0xf7febaae] = 'A'
cpu.EIP = 0xf7febaad
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7febaad], 'x')
self.assertEqual(mem[0xf7febaae], 'A')
self.assertEqual(cpu.EIP, 4160666287)
def test_JS_12(self):
''' Instruction JS_12
Groups: jump
0x80798ac: js 0x80798b1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x080798ac] = 'x'
mem[0x080798ad] = '\x03'
cpu.EIP = 0x80798ac
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x80798ac], 'x')
self.assertEqual(mem[0x80798ad], '\x03')
self.assertEqual(cpu.EIP, 134715566)
def test_JS_13(self):
''' Instruction JS_13
Groups: jump
0x80798c7: js 0x80798cc
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x080798c8] = '\x03'
mem[0x080798c7] = 'x'
cpu.EIP = 0x80798c7
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x80798c8], '\x03')
self.assertEqual(mem[0x80798c7], 'x')
self.assertEqual(cpu.EIP, 134715593)
def test_JS_14(self):
''' Instruction JS_14
Groups: jump
0xf7febac9: js 0xf7febad5
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7feb000, 0x1000, 'rwx')
mem[0xf7febac9] = 'x'
mem[0xf7febaca] = '\n'
cpu.EIP = 0xf7febac9
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7febac9], 'x')
self.assertEqual(mem[0xf7febaca], '\n')
self.assertEqual(cpu.EIP, 4160666315)
def test_JS_15(self):
''' Instruction JS_15
Groups: jump
0xf7ff07ca: js 0xf7ff0838
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff07ca] = 'x'
mem[0xf7ff07cb] = 'l'
cpu.EIP = 0xf7ff07ca
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7ff07ca], 'x')
self.assertEqual(mem[0xf7ff07cb], 'l')
self.assertEqual(cpu.EIP, 4160686028)
def test_JS_16(self):
''' Instruction JS_16
Groups: jump
0xf7fe3ff8: js 0xf7fe4a54
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe3000, 0x1000, 'rwx')
mem[0xf7fe3ff8] = '\x0f'
mem[0xf7fe3ff9] = '\x88'
mem[0xf7fe3ffa] = 'V'
mem[0xf7fe3ffb] = '\n'
mem[0xf7fe3ffc] = '\x00'
mem[0xf7fe3ffd] = '\x00'
cpu.EIP = 0xf7fe3ff8
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe3ff8], '\x0f')
self.assertEqual(mem[0xf7fe3ff9], '\x88')
self.assertEqual(mem[0xf7fe3ffa], 'V')
self.assertEqual(mem[0xf7fe3ffb], '\n')
self.assertEqual(mem[0xf7fe3ffc], '\x00')
self.assertEqual(mem[0xf7fe3ffd], '\x00')
self.assertEqual(cpu.EIP, 4160634878)
def test_JS_17(self):
''' Instruction JS_17
Groups: jump
0x80799b1: js 0x80799b6
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x080799b1] = 'x'
mem[0x080799b2] = '\x03'
cpu.EIP = 0x80799b1
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0x80799b1], 'x')
self.assertEqual(mem[0x80799b2], '\x03')
self.assertEqual(cpu.EIP, 134715830)
def test_JS_18(self):
''' Instruction JS_18
Groups: jump
0xf7fde25f: js 0xf7fe0077
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fde000, 0x1000, 'rwx')
mem[0xf7fde260] = '\x88'
mem[0xf7fde261] = '\x12'
mem[0xf7fde262] = '\x1e'
mem[0xf7fde263] = '\x00'
mem[0xf7fde264] = '\x00'
mem[0xf7fde25f] = '\x0f'
cpu.EIP = 0xf7fde25f
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fde260], '\x88')
self.assertEqual(mem[0xf7fde261], '\x12')
self.assertEqual(mem[0xf7fde262], '\x1e')
self.assertEqual(mem[0xf7fde263], '\x00')
self.assertEqual(mem[0xf7fde264], '\x00')
self.assertEqual(mem[0xf7fde25f], '\x0f')
self.assertEqual(cpu.EIP, 4160610917)
def test_JS_19(self):
''' Instruction JS_19
Groups: jump
0x8079906: js 0x807990b
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079906] = 'x'
mem[0x08079907] = '\x03'
cpu.EIP = 0x8079906
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x8079906], 'x')
self.assertEqual(mem[0x8079907], '\x03')
self.assertEqual(cpu.EIP, 134715656)
def test_JS_2(self):
''' Instruction JS_2
Groups: jump
0xf7fe1dae: js 0xf7fe2be9
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe1000, 0x1000, 'rwx')
mem[0xf7fe1dae] = '\x0f'
mem[0xf7fe1daf] = '\x88'
mem[0xf7fe1db0] = '5'
mem[0xf7fe1db1] = '\x0e'
mem[0xf7fe1db2] = '\x00'
mem[0xf7fe1db3] = '\x00'
cpu.EIP = 0xf7fe1dae
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe1dae], '\x0f')
self.assertEqual(mem[0xf7fe1daf], '\x88')
self.assertEqual(mem[0xf7fe1db0], '5')
self.assertEqual(mem[0xf7fe1db1], '\x0e')
self.assertEqual(mem[0xf7fe1db2], '\x00')
self.assertEqual(mem[0xf7fe1db3], '\x00')
self.assertEqual(cpu.EIP, 4160626100)
def test_JS_20(self):
''' Instruction JS_20
Groups: jump
0x80799ba: js 0x80799bf
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x080799ba] = 'x'
mem[0x080799bb] = '\x03'
cpu.EIP = 0x80799ba
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0x80799ba], 'x')
self.assertEqual(mem[0x80799bb], '\x03')
self.assertEqual(cpu.EIP, 134715839)
def test_JS_21(self):
''' Instruction JS_21
Groups: jump
0x807992a: js 0x807992f
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x0807992a] = 'x'
mem[0x0807992b] = '\x03'
cpu.EIP = 0x807992a
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x807992a], 'x')
self.assertEqual(mem[0x807992b], '\x03')
self.assertEqual(cpu.EIP, 134715692)
def test_JS_3(self):
''' Instruction JS_3
Groups: jump
0x8079972: js 0x8079977
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079972] = 'x'
mem[0x08079973] = '\x03'
cpu.EIP = 0x8079972
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0x8079972], 'x')
self.assertEqual(mem[0x8079973], '\x03')
self.assertEqual(cpu.EIP, 134715767)
def test_JS_4(self):
''' Instruction JS_4
Groups: jump
0x807990f: js 0x8079914
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079910] = '\x03'
mem[0x0807990f] = 'x'
cpu.EIP = 0x807990f
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x8079910], '\x03')
self.assertEqual(mem[0x807990f], 'x')
self.assertEqual(cpu.EIP, 134715665)
def test_JS_5(self):
''' Instruction JS_5
Groups: jump
0x807993c: js 0x8079941
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x0807993c] = 'x'
mem[0x0807993d] = '\x03'
cpu.EIP = 0x807993c
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0x807993c], 'x')
self.assertEqual(mem[0x807993d], '\x03')
self.assertEqual(cpu.EIP, 134715713)
def test_JS_6(self):
''' Instruction JS_6
Groups: jump
0x8079984: js 0x8079989
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079984] = 'x'
mem[0x08079985] = '\x03'
cpu.EIP = 0x8079984
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0x8079984], 'x')
self.assertEqual(mem[0x8079985], '\x03')
self.assertEqual(cpu.EIP, 134715785)
def test_JS_7(self):
''' Instruction JS_7
Groups: jump
0xf7eaa01c: js 0xf7eaa0f5
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa020] = '\x00'
mem[0xf7eaa021] = '\x00'
mem[0xf7eaa01c] = '\x0f'
mem[0xf7eaa01d] = '\x88'
mem[0xf7eaa01e] = '\xd3'
mem[0xf7eaa01f] = '\x00'
cpu.EIP = 0xf7eaa01c
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7eaa020], '\x00')
self.assertEqual(mem[0xf7eaa021], '\x00')
self.assertEqual(mem[0xf7eaa01c], '\x0f')
self.assertEqual(mem[0xf7eaa01d], '\x88')
self.assertEqual(mem[0xf7eaa01e], '\xd3')
self.assertEqual(mem[0xf7eaa01f], '\x00')
self.assertEqual(cpu.EIP, 4159348770)
def test_JS_8(self):
''' Instruction JS_8
Groups: jump
0x8079957: js 0x807995c
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079958] = '\x03'
mem[0x08079957] = 'x'
cpu.EIP = 0x8079957
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0x8079958], '\x03')
self.assertEqual(mem[0x8079957], 'x')
self.assertEqual(cpu.EIP, 134715740)
def test_JS_9(self):
''' Instruction JS_9
Groups: jump
0x80798e2: js 0x80798e7
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x080798e2] = 'x'
mem[0x080798e3] = '\x03'
cpu.EIP = 0x80798e2
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x80798e2], 'x')
self.assertEqual(mem[0x80798e3], '\x03')
self.assertEqual(cpu.EIP, 134715620)
def test_LAHF_1(self):
''' Instruction LAHF_1
Groups:
0x804d64c: lahf
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x0804d64c] = '\x9f'
cpu.EIP = 0x804d64c
cpu.AF = False
cpu.AH = 0xb6
cpu.ZF = True
cpu.CF = False
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x804d64c], '\x9f')
self.assertEqual(cpu.EIP, 134534733)
self.assertEqual(cpu.AH, 70)
def test_LEAVE_1(self):
''' Instruction LEAVE_1
Groups: not64bitmode
0x805668e: leave
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08056000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x2000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffc602] = '\x00'
mem[0xffffc603] = '\x00'
mem[0xffffc604] = '\x00'
mem[0xffffc605] = '\x00'
mem[0xffffc606] = '\x00'
mem[0xffffc607] = '\x00'
mem[0xffffc608] = '\x00'
mem[0xffffc609] = '\x00'
mem[0xffffc60a] = '\x00'
mem[0xffffb602] = '\x00'
mem[0x0805668e] = '\xc9'
mem[0xffffb603] = '\x00'
mem[0xffffb604] = '\x00'
mem[0xffffb5fc] = '\x00'
mem[0xffffb5fd] = '\x00'
mem[0xffffb5fe] = '\x00'
mem[0xffffb5ff] = '\x00'
cpu.EIP = 0x805668e
cpu.EBP = 0xffffb600
cpu.ESP = 0xffffc606
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffc602], '\x00')
self.assertEqual(mem[0xffffc603], '\x00')
self.assertEqual(mem[0xffffc604], '\x00')
self.assertEqual(mem[0xffffc605], '\x00')
self.assertEqual(mem[0xffffc606], '\x00')
self.assertEqual(mem[0xffffc607], '\x00')
self.assertEqual(mem[0xffffc608], '\x00')
self.assertEqual(mem[0xffffc609], '\x00')
self.assertEqual(mem[0xffffc60a], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0x805668e], '\xc9')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb5fc], '\x00')
self.assertEqual(mem[0xffffb5fd], '\x00')
self.assertEqual(mem[0xffffb5fe], '\x00')
self.assertEqual(mem[0xffffb5ff], '\x00')
self.assertEqual(cpu.EIP, 134571663)
self.assertEqual(cpu.EBP, 0)
self.assertEqual(cpu.ESP, 4294948356)
def test_LEA_1(self):
''' Instruction LEA_1
Groups: not64bitmode
0xf7e2ea34: lea edx, dword ptr [ebx + 0x40]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e2e000, 0x1000, 'rwx')
mem.mmap(0xf7fc0000, 0x1000, 'rwx')
mem[0xf7fc0040] = '\x00'
mem[0xf7fc0041] = '\x00'
mem[0xf7fc0042] = '\x00'
mem[0xf7fc0043] = '\x00'
mem[0xf7e2ea34] = '\x8d'
mem[0xf7e2ea35] = '\x93'
mem[0xf7e2ea36] = '@'
mem[0xf7e2ea37] = '\x00'
mem[0xf7e2ea38] = '\x00'
mem[0xf7e2ea39] = '\x00'
cpu.EIP = 0xf7e2ea34
cpu.EDX = 0x0
cpu.EBX = 0xf7fc0000
cpu.execute()
self.assertEqual(mem[0xf7fc0040], '\x00')
self.assertEqual(mem[0xf7fc0041], '\x00')
self.assertEqual(mem[0xf7fc0042], '\x00')
self.assertEqual(mem[0xf7fc0043], '\x00')
self.assertEqual(mem[0xf7e2ea34], '\x8d')
self.assertEqual(mem[0xf7e2ea35], '\x93')
self.assertEqual(mem[0xf7e2ea36], '@')
self.assertEqual(mem[0xf7e2ea37], '\x00')
self.assertEqual(mem[0xf7e2ea38], '\x00')
self.assertEqual(mem[0xf7e2ea39], '\x00')
self.assertEqual(cpu.EIP, 4158843450)
self.assertEqual(cpu.EDX, 4160487488)
self.assertEqual(cpu.EBX, 4160487424)
def test_LEA_10(self):
''' Instruction LEA_10
Groups: not64bitmode
0xf7fe54ab: lea eax, dword ptr [esp + 0x48]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd33b] = '\x00'
mem[0xffffd338] = '\x00'
mem[0xffffd339] = '\x00'
mem[0xffffd33a] = '\x00'
mem[0xf7fe54ab] = '\x8d'
mem[0xf7fe54ac] = 'D'
mem[0xf7fe54ad] = '$'
mem[0xf7fe54ae] = 'H'
cpu.EIP = 0xf7fe54ab
cpu.EAX = 0x741
cpu.ESP = 0xffffd2f0
cpu.execute()
self.assertEqual(mem[0xffffd33b], '\x00')
self.assertEqual(mem[0xffffd338], '\x00')
self.assertEqual(mem[0xffffd339], '\x00')
self.assertEqual(mem[0xffffd33a], '\x00')
self.assertEqual(mem[0xf7fe54ab], '\x8d')
self.assertEqual(mem[0xf7fe54ac], 'D')
self.assertEqual(mem[0xf7fe54ad], '$')
self.assertEqual(mem[0xf7fe54ae], 'H')
self.assertEqual(cpu.EIP, 4160640175)
self.assertEqual(cpu.ESP, 4294955760)
self.assertEqual(cpu.EAX, 4294955832)
def test_LEA_11(self):
''' Instruction LEA_11
Groups: not64bitmode
0xf7fe54a8: lea esi, dword ptr [edx + eax*4]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e17000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54a8] = '\x8d'
mem[0xf7fe54a9] = '4'
mem[0xf7fe54aa] = '\x82'
mem[0xf7e17598] = '2'
mem[0xf7e17599] = '&'
mem[0xf7e1759a] = '\x9e'
mem[0xf7e1759b] = '|'
cpu.EIP = 0xf7fe54a8
cpu.EDX = 0xf7e1696c
cpu.ESI = 0xf7fda858
cpu.EAX = 0x30b
cpu.execute()
self.assertEqual(mem[0xf7fe54a8], '\x8d')
self.assertEqual(mem[0xf7fe54a9], '4')
self.assertEqual(mem[0xf7fe54aa], '\x82')
self.assertEqual(mem[0xf7e17598], '2')
self.assertEqual(mem[0xf7e17599], '&')
self.assertEqual(mem[0xf7e1759a], '\x9e')
self.assertEqual(mem[0xf7e1759b], '|')
self.assertEqual(cpu.EIP, 4160640171)
self.assertEqual(cpu.EDX, 4158744940)
self.assertEqual(cpu.ESI, 4158748056)
self.assertEqual(cpu.EAX, 779)
def test_LEA_12(self):
''' Instruction LEA_12
Groups: not64bitmode
0xf7fe4e78: lea eax, dword ptr [ebx - 0x55d4]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xf7ff7000, 0x1000, 'rwx')
mem[0xf7fe4e7c] = '\xff'
mem[0xf7fe4e7d] = '\xff'
mem[0xf7fe4e78] = '\x8d'
mem[0xf7fe4e79] = '\x83'
mem[0xf7fe4e7a] = ','
mem[0xf7fe4e7b] = '\xaa'
mem[0xf7ff7a2c] = 's'
mem[0xf7ff7a2d] = 'y'
mem[0xf7ff7a2e] = 'm'
mem[0xf7ff7a2f] = 'b'
cpu.EIP = 0xf7fe4e78
cpu.EBX = 0xf7ffd000
cpu.EAX = 0x4802c4e
cpu.execute()
self.assertEqual(mem[0xf7fe4e7c], '\xff')
self.assertEqual(mem[0xf7fe4e7d], '\xff')
self.assertEqual(mem[0xf7fe4e78], '\x8d')
self.assertEqual(mem[0xf7fe4e79], '\x83')
self.assertEqual(mem[0xf7fe4e7a], ',')
self.assertEqual(mem[0xf7fe4e7b], '\xaa')
self.assertEqual(mem[0xf7ff7a2c], 's')
self.assertEqual(mem[0xf7ff7a2d], 'y')
self.assertEqual(mem[0xf7ff7a2e], 'm')
self.assertEqual(mem[0xf7ff7a2f], 'b')
self.assertEqual(cpu.EIP, 4160638590)
self.assertEqual(cpu.EBX, 4160737280)
self.assertEqual(cpu.EAX, 4160715308)
def test_LEA_13(self):
''' Instruction LEA_13
Groups: not64bitmode
0xf7fe5705: lea ecx, dword ptr [ebp - 0x48]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe5705] = '\x8d'
mem[0xf7fe5706] = 'M'
mem[0xf7fe5707] = '\xb8'
mem[0xffffd3f0] = '\x00'
mem[0xffffd3f1] = '\x00'
mem[0xffffd3f2] = '\x00'
mem[0xffffd3f3] = '\x00'
cpu.EIP = 0xf7fe5705
cpu.EBP = 0xffffd438
cpu.ECX = 0xf7fdaba8
cpu.execute()
self.assertEqual(mem[0xf7fe5705], '\x8d')
self.assertEqual(mem[0xf7fe5706], 'M')
self.assertEqual(mem[0xf7fe5707], '\xb8')
self.assertEqual(mem[0xffffd3f0], '\x00')
self.assertEqual(mem[0xffffd3f1], '\x00')
self.assertEqual(mem[0xffffd3f2], '\x00')
self.assertEqual(mem[0xffffd3f3], '\x00')
self.assertEqual(cpu.EIP, 4160640776)
self.assertEqual(cpu.EBP, 4294956088)
self.assertEqual(cpu.ECX, 4294956016)
def test_LEA_14(self):
''' Instruction LEA_14
Groups: not64bitmode
0xf7fe894c: lea edi, dword ptr [esp + 0x1f]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe8000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd440] = '8'
mem[0xffffd441] = '\x18'
mem[0xffffd442] = '\x00'
mem[0xffffd43f] = '\x00'
mem[0xf7fe894c] = '\x8d'
mem[0xf7fe894d] = '|'
mem[0xf7fe894e] = '$'
mem[0xf7fe894f] = '\x1f'
cpu.EIP = 0xf7fe894c
cpu.EDI = 0x0
cpu.ESP = 0xffffd420
cpu.execute()
self.assertEqual(mem[0xffffd440], '8')
self.assertEqual(mem[0xffffd441], '\x18')
self.assertEqual(mem[0xffffd442], '\x00')
self.assertEqual(mem[0xffffd43f], '\x00')
self.assertEqual(mem[0xf7fe894c], '\x8d')
self.assertEqual(mem[0xf7fe894d], '|')
self.assertEqual(mem[0xf7fe894e], '$')
self.assertEqual(mem[0xf7fe894f], '\x1f')
self.assertEqual(cpu.EIP, 4160653648)
self.assertEqual(cpu.EDI, 4294956095)
self.assertEqual(cpu.ESP, 4294956064)
def test_LEA_15(self):
''' Instruction LEA_15
Groups: not64bitmode
0xf7fe54a8: lea esi, dword ptr [edx + eax*4]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e18000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54a8] = '\x8d'
mem[0xf7fe54a9] = '4'
mem[0xf7fe54aa] = '\x82'
mem[0xf7e182ac] = 'X'
mem[0xf7e182ad] = '\x05'
mem[0xf7e182ae] = '&'
mem[0xf7e182af] = '\x87'
cpu.EIP = 0xf7fe54a8
cpu.EDX = 0xf7e1696c
cpu.ESI = 0xf7fda858
cpu.EAX = 0x650
cpu.execute()
self.assertEqual(mem[0xf7fe54a8], '\x8d')
self.assertEqual(mem[0xf7fe54a9], '4')
self.assertEqual(mem[0xf7fe54aa], '\x82')
self.assertEqual(mem[0xf7e182ac], 'X')
self.assertEqual(mem[0xf7e182ad], '\x05')
self.assertEqual(mem[0xf7e182ae], '&')
self.assertEqual(mem[0xf7e182af], '\x87')
self.assertEqual(cpu.EIP, 4160640171)
self.assertEqual(cpu.EDX, 4158744940)
self.assertEqual(cpu.ESI, 4158751404)
self.assertEqual(cpu.EAX, 1616)
def test_LEA_16(self):
''' Instruction LEA_16
Groups: not64bitmode
0xf7fe0b41: lea edx, dword ptr [edi + ebx]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe0000, 0x1000, 'rwx')
mem[0xf7fe0b41] = '\x8d'
mem[0xf7fe0b42] = '\x14'
mem[0xf7fe0b43] = '\x1f'
mem[0xf7fe0b98] = '\x8b'
mem[0xf7fe0b99] = 'u'
mem[0xf7fe0b9a] = '\xd0'
mem[0xf7fe0b9b] = '\x89'
cpu.EIP = 0xf7fe0b41
cpu.EDX = 0x2
cpu.EDI = 0xfffe3b98
cpu.EBX = 0xf7ffd000
cpu.execute()
self.assertEqual(mem[0xf7fe0b41], '\x8d')
self.assertEqual(mem[0xf7fe0b42], '\x14')
self.assertEqual(mem[0xf7fe0b43], '\x1f')
self.assertEqual(mem[0xf7fe0b98], '\x8b')
self.assertEqual(mem[0xf7fe0b99], 'u')
self.assertEqual(mem[0xf7fe0b9a], '\xd0')
self.assertEqual(mem[0xf7fe0b9b], '\x89')
self.assertEqual(cpu.EIP, 4160621380)
self.assertEqual(cpu.EDX, 4160621464)
self.assertEqual(cpu.EDI, 4294851480)
self.assertEqual(cpu.EBX, 4160737280)
def test_LEA_17(self):
''' Instruction LEA_17
Groups: not64bitmode
0xf7eaa0d0: lea ecx, dword ptr [edi + eax*8]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem.mmap(0xf7f71000, 0x1000, 'rwx')
mem[0xf7f714c8] = '\x08'
mem[0xf7f714c9] = '\x04'
mem[0xf7f714ca] = ' '
mem[0xf7f714cb] = '\x00'
mem[0xf7eaa0d0] = '\x8d'
mem[0xf7eaa0d1] = '\x0c'
mem[0xf7eaa0d2] = '\xc7'
cpu.EIP = 0xf7eaa0d0
cpu.EDI = 0xf7f714c0
cpu.ECX = 0xf7f714d0
cpu.EAX = 0x1
cpu.execute()
self.assertEqual(mem[0xf7f714c8], '\x08')
self.assertEqual(mem[0xf7f714c9], '\x04')
self.assertEqual(mem[0xf7f714ca], ' ')
self.assertEqual(mem[0xf7f714cb], '\x00')
self.assertEqual(mem[0xf7eaa0d0], '\x8d')
self.assertEqual(mem[0xf7eaa0d1], '\x0c')
self.assertEqual(mem[0xf7eaa0d2], '\xc7')
self.assertEqual(cpu.EIP, 4159348947)
self.assertEqual(cpu.EAX, 1)
self.assertEqual(cpu.EDI, 4160165056)
self.assertEqual(cpu.ECX, 4160165064)
def test_LEA_18(self):
''' Instruction LEA_18
Groups: not64bitmode
0xf7fe57e8: lea esp, dword ptr [ebp - 0xc]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe57e8] = '\x8d'
mem[0xf7fe57e9] = 'e'
mem[0xf7fe57ea] = '\xf4'
mem[0xffffd42c] = '\x00'
mem[0xffffd42d] = '\xd0'
mem[0xffffd42e] = '\xff'
mem[0xffffd42f] = '\xf7'
cpu.EIP = 0xf7fe57e8
cpu.EBP = 0xffffd438
cpu.ESP = 0xffffd380
cpu.execute()
self.assertEqual(mem[0xf7fe57e8], '\x8d')
self.assertEqual(mem[0xf7fe57e9], 'e')
self.assertEqual(mem[0xf7fe57ea], '\xf4')
self.assertEqual(mem[0xffffd42c], '\x00')
self.assertEqual(mem[0xffffd42d], '\xd0')
self.assertEqual(mem[0xffffd42e], '\xff')
self.assertEqual(mem[0xffffd42f], '\xf7')
self.assertEqual(cpu.EIP, 4160641003)
self.assertEqual(cpu.EBP, 4294956088)
self.assertEqual(cpu.ESP, 4294956076)
def test_LEA_19(self):
''' Instruction LEA_19
Groups: not64bitmode
0xf7fe8aea: lea eax, dword ptr [ebp - 0x34]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe8000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd4c4] = '\x00'
mem[0xffffd4c5] = '\x00'
mem[0xffffd4c6] = '\x00'
mem[0xffffd4c7] = '\x00'
mem[0xf7fe8aea] = '\x8d'
mem[0xf7fe8aeb] = 'E'
mem[0xf7fe8aec] = '\xcc'
cpu.EIP = 0xf7fe8aea
cpu.EBP = 0xffffd4f8
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xffffd4c4], '\x00')
self.assertEqual(mem[0xffffd4c5], '\x00')
self.assertEqual(mem[0xffffd4c6], '\x00')
self.assertEqual(mem[0xffffd4c7], '\x00')
self.assertEqual(mem[0xf7fe8aea], '\x8d')
self.assertEqual(mem[0xf7fe8aeb], 'E')
self.assertEqual(mem[0xf7fe8aec], '\xcc')
self.assertEqual(cpu.EIP, 4160654061)
self.assertEqual(cpu.EBP, 4294956280)
self.assertEqual(cpu.EAX, 4294956228)
def test_LEA_2(self):
''' Instruction LEA_2
Groups: not64bitmode
0xf7fe5705: lea ecx, dword ptr [ebp - 0x48]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe5705] = '\x8d'
mem[0xf7fe5706] = 'M'
mem[0xf7fe5707] = '\xb8'
mem[0xffffd3f0] = '\x00'
mem[0xffffd3f1] = '\x00'
mem[0xffffd3f2] = '\x00'
mem[0xffffd3f3] = '\x00'
cpu.EIP = 0xf7fe5705
cpu.EBP = 0xffffd438
cpu.ECX = 0xf7fdaba8
cpu.execute()
self.assertEqual(mem[0xf7fe5705], '\x8d')
self.assertEqual(mem[0xf7fe5706], 'M')
self.assertEqual(mem[0xf7fe5707], '\xb8')
self.assertEqual(mem[0xffffd3f0], '\x00')
self.assertEqual(mem[0xffffd3f1], '\x00')
self.assertEqual(mem[0xffffd3f2], '\x00')
self.assertEqual(mem[0xffffd3f3], '\x00')
self.assertEqual(cpu.EIP, 4160640776)
self.assertEqual(cpu.EBP, 4294956088)
self.assertEqual(cpu.ECX, 4294956016)
def test_LEA_20(self):
''' Instruction LEA_20
Groups: not64bitmode
0xf7fe5705: lea ecx, dword ptr [ebp - 0x48]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe5705] = '\x8d'
mem[0xf7fe5706] = 'M'
mem[0xf7fe5707] = '\xb8'
mem[0xffffd3f0] = '\x00'
mem[0xffffd3f1] = '\x00'
mem[0xffffd3f2] = '\x00'
mem[0xffffd3f3] = '\x00'
cpu.EIP = 0xf7fe5705
cpu.EBP = 0xffffd438
cpu.ECX = 0xf7fdaba8
cpu.execute()
self.assertEqual(mem[0xf7fe5705], '\x8d')
self.assertEqual(mem[0xf7fe5706], 'M')
self.assertEqual(mem[0xf7fe5707], '\xb8')
self.assertEqual(mem[0xffffd3f0], '\x00')
self.assertEqual(mem[0xffffd3f1], '\x00')
self.assertEqual(mem[0xffffd3f2], '\x00')
self.assertEqual(mem[0xffffd3f3], '\x00')
self.assertEqual(cpu.EIP, 4160640776)
self.assertEqual(cpu.EBP, 4294956088)
self.assertEqual(cpu.ECX, 4294956016)
def test_LEA_21(self):
''' Instruction LEA_21
Groups: not64bitmode
0xf7fe570b: lea ecx, dword ptr [ebp - 0x50]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe570b] = '\x8d'
mem[0xffffd3e8] = '\xff'
mem[0xffffd3e9] = '\xff'
mem[0xffffd3ea] = '\xff'
mem[0xffffd3eb] = '\xff'
mem[0xf7fe570c] = 'M'
mem[0xf7fe570d] = '\xb0'
cpu.EIP = 0xf7fe570b
cpu.EBP = 0xffffd438
cpu.ECX = 0xffffd3f0
cpu.execute()
self.assertEqual(mem[0xffffd3eb], '\xff')
self.assertEqual(mem[0xffffd3e8], '\xff')
self.assertEqual(mem[0xffffd3e9], '\xff')
self.assertEqual(mem[0xffffd3ea], '\xff')
self.assertEqual(mem[0xf7fe570b], '\x8d')
self.assertEqual(mem[0xf7fe570c], 'M')
self.assertEqual(mem[0xf7fe570d], '\xb0')
self.assertEqual(cpu.EIP, 4160640782)
self.assertEqual(cpu.EBP, 4294956088)
self.assertEqual(cpu.ECX, 4294956008)
def test_LEA_3(self):
''' Instruction LEA_3
Groups: not64bitmode
0xf7fe54a8: lea esi, dword ptr [edx + eax*4]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e18000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54a8] = '\x8d'
mem[0xf7fe54a9] = '4'
mem[0xf7fe54aa] = '\x82'
mem[0xf7e18c0b] = '\xa2'
mem[0xf7e18c08] = '\xc0'
mem[0xf7e18c09] = '\xf0'
mem[0xf7e18c0a] = '/'
cpu.EIP = 0xf7fe54a8
cpu.EDX = 0xf7e1696c
cpu.ESI = 0xf7fda858
cpu.EAX = 0x8a7
cpu.execute()
self.assertEqual(mem[0xf7e18c08], '\xc0')
self.assertEqual(mem[0xf7e18c09], '\xf0')
self.assertEqual(mem[0xf7fe54aa], '\x82')
self.assertEqual(mem[0xf7e18c0b], '\xa2')
self.assertEqual(mem[0xf7fe54a8], '\x8d')
self.assertEqual(mem[0xf7fe54a9], '4')
self.assertEqual(mem[0xf7e18c0a], '/')
self.assertEqual(cpu.EIP, 4160640171)
self.assertEqual(cpu.EDX, 4158744940)
self.assertEqual(cpu.ESI, 4158753800)
self.assertEqual(cpu.EAX, 2215)
def test_LEA_4(self):
''' Instruction LEA_4
Groups: not64bitmode
0xf7fe72c4: lea eax, dword ptr [ebp - 0x44]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe72c4] = '\x8d'
mem[0xf7fe72c5] = 'E'
mem[0xf7fe72c6] = '\xbc'
mem[0xffffd4b4] = '\x94'
mem[0xffffd4b5] = '\x9c'
mem[0xffffd4b6] = '\xe1'
mem[0xffffd4b7] = '\xf7'
cpu.EIP = 0xf7fe72c4
cpu.EBP = 0xffffd4f8
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe72c4], '\x8d')
self.assertEqual(mem[0xf7fe72c5], 'E')
self.assertEqual(mem[0xf7fe72c6], '\xbc')
self.assertEqual(mem[0xffffd4b4], '\x94')
self.assertEqual(mem[0xffffd4b5], '\x9c')
self.assertEqual(mem[0xffffd4b6], '\xe1')
self.assertEqual(mem[0xffffd4b7], '\xf7')
self.assertEqual(cpu.EIP, 4160647879)
self.assertEqual(cpu.EBP, 4294956280)
self.assertEqual(cpu.EAX, 4294956212)
def test_LEA_5(self):
''' Instruction LEA_5
Groups: not64bitmode
0xf7fe5705: lea ecx, dword ptr [ebp - 0x48]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe5705] = '\x8d'
mem[0xf7fe5706] = 'M'
mem[0xf7fe5707] = '\xb8'
mem[0xffffd3f0] = '\x00'
mem[0xffffd3f1] = '\x00'
mem[0xffffd3f2] = '\x00'
mem[0xffffd3f3] = '\x00'
cpu.EIP = 0xf7fe5705
cpu.EBP = 0xffffd438
cpu.ECX = 0xf7fdaba8
cpu.execute()
self.assertEqual(mem[0xf7fe5705], '\x8d')
self.assertEqual(mem[0xf7fe5706], 'M')
self.assertEqual(mem[0xf7fe5707], '\xb8')
self.assertEqual(mem[0xffffd3f0], '\x00')
self.assertEqual(mem[0xffffd3f1], '\x00')
self.assertEqual(mem[0xffffd3f2], '\x00')
self.assertEqual(mem[0xffffd3f3], '\x00')
self.assertEqual(cpu.EIP, 4160640776)
self.assertEqual(cpu.EBP, 4294956088)
self.assertEqual(cpu.ECX, 4294956016)
def test_LEA_6(self):
''' Instruction LEA_6
Groups: not64bitmode
0xf7fdd6c8: lea eax, dword ptr [ebx + eax - 0x8880]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fdd000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4780] = '/'
mem[0xf7ff4781] = 'v'
mem[0xf7ff4782] = 'a'
mem[0xf7ff4783] = 'r'
mem[0xf7fdd6c8] = '\x8d'
mem[0xf7fdd6c9] = '\x84'
mem[0xf7fdd6ca] = '\x03'
mem[0xf7fdd6cb] = '\x80'
mem[0xf7fdd6cc] = 'w'
mem[0xf7fdd6cd] = '\xff'
mem[0xf7fdd6ce] = '\xff'
cpu.EIP = 0xf7fdd6c8
cpu.EBX = 0xf7ffd000
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7ff4780], '/')
self.assertEqual(mem[0xf7ff4781], 'v')
self.assertEqual(mem[0xf7ff4782], 'a')
self.assertEqual(mem[0xf7ff4783], 'r')
self.assertEqual(mem[0xf7fdd6c8], '\x8d')
self.assertEqual(mem[0xf7fdd6c9], '\x84')
self.assertEqual(mem[0xf7fdd6ca], '\x03')
self.assertEqual(mem[0xf7fdd6cb], '\x80')
self.assertEqual(mem[0xf7fdd6cc], 'w')
self.assertEqual(mem[0xf7fdd6cd], '\xff')
self.assertEqual(mem[0xf7fdd6ce], '\xff')
self.assertEqual(cpu.EIP, 4160607951)
self.assertEqual(cpu.EBX, 4160737280)
self.assertEqual(cpu.EAX, 4160702336)
def test_LEA_7(self):
''' Instruction LEA_7
Groups: not64bitmode
0xf7fe4e78: lea eax, dword ptr [ebx - 0x55d4]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xf7ff7000, 0x1000, 'rwx')
mem[0xf7fe4e7c] = '\xff'
mem[0xf7fe4e7d] = '\xff'
mem[0xf7fe4e78] = '\x8d'
mem[0xf7fe4e79] = '\x83'
mem[0xf7fe4e7a] = ','
mem[0xf7fe4e7b] = '\xaa'
mem[0xf7ff7a2c] = 's'
mem[0xf7ff7a2d] = 'y'
mem[0xf7ff7a2e] = 'm'
mem[0xf7ff7a2f] = 'b'
cpu.EIP = 0xf7fe4e78
cpu.EBX = 0xf7ffd000
cpu.EAX = 0x830aab
cpu.execute()
self.assertEqual(mem[0xf7fe4e7c], '\xff')
self.assertEqual(mem[0xf7fe4e7d], '\xff')
self.assertEqual(mem[0xf7fe4e78], '\x8d')
self.assertEqual(mem[0xf7fe4e79], '\x83')
self.assertEqual(mem[0xf7fe4e7a], ',')
self.assertEqual(mem[0xf7fe4e7b], '\xaa')
self.assertEqual(mem[0xf7ff7a2c], 's')
self.assertEqual(mem[0xf7ff7a2d], 'y')
self.assertEqual(mem[0xf7ff7a2e], 'm')
self.assertEqual(mem[0xf7ff7a2f], 'b')
self.assertEqual(cpu.EIP, 4160638590)
self.assertEqual(cpu.EBX, 4160737280)
self.assertEqual(cpu.EAX, 4160715308)
def test_LEA_8(self):
''' Instruction LEA_8
Groups: not64bitmode
0xf7ff0e47: lea edx, dword ptr [ecx + ebx]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff0e47] = '\x8d'
mem[0xf7ff0e48] = '\x14'
mem[0xf7ff0e49] = '\x19'
mem[0xf7ff0e58] = '\x83'
mem[0xf7ff0e59] = '\xc0'
mem[0xf7ff0e5a] = '\x08'
mem[0xf7ff0e5b] = '\x8b'
cpu.EIP = 0xf7ff0e47
cpu.EDX = 0x1c
cpu.EBX = 0xf7ffd000
cpu.ECX = 0xffff3e58
cpu.execute()
self.assertEqual(mem[0xf7ff0e47], '\x8d')
self.assertEqual(mem[0xf7ff0e48], '\x14')
self.assertEqual(mem[0xf7ff0e49], '\x19')
self.assertEqual(mem[0xf7ff0e58], '\x83')
self.assertEqual(mem[0xf7ff0e59], '\xc0')
self.assertEqual(mem[0xf7ff0e5a], '\x08')
self.assertEqual(mem[0xf7ff0e5b], '\x8b')
self.assertEqual(cpu.EIP, 4160687690)
self.assertEqual(cpu.EDX, 4160687704)
self.assertEqual(cpu.EBX, 4160737280)
self.assertEqual(cpu.ECX, 4294917720)
def test_LEA_9(self):
''' Instruction LEA_9
Groups: not64bitmode
0xf7fe57e8: lea esp, dword ptr [ebp - 0xc]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe57e8] = '\x8d'
mem[0xf7fe57e9] = 'e'
mem[0xf7fe57ea] = '\xf4'
mem[0xffffd42c] = '\x00'
mem[0xffffd42d] = '\xd0'
mem[0xffffd42e] = '\xff'
mem[0xffffd42f] = '\xf7'
cpu.EIP = 0xf7fe57e8
cpu.EBP = 0xffffd438
cpu.ESP = 0xffffd380
cpu.execute()
self.assertEqual(mem[0xf7fe57e8], '\x8d')
self.assertEqual(mem[0xf7fe57e9], 'e')
self.assertEqual(mem[0xf7fe57ea], '\xf4')
self.assertEqual(mem[0xffffd42c], '\x00')
self.assertEqual(mem[0xffffd42d], '\xd0')
self.assertEqual(mem[0xffffd42e], '\xff')
self.assertEqual(mem[0xffffd42f], '\xf7')
self.assertEqual(cpu.EIP, 4160641003)
self.assertEqual(cpu.EBP, 4294956088)
self.assertEqual(cpu.ESP, 4294956076)
def test_LODSB_1(self):
''' Instruction LODSB_1
Groups:
0x8070436: lodsb al, byte ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0x0807e000, 0x1000, 'rwx')
mem[0x0807e042] = '\x1e'
mem[0x08070436] = '\xac'
cpu.DF = False
cpu.EIP = 0x8070436
cpu.AL = 0x0
cpu.ESI = 0x807e042
cpu.execute()
self.assertEqual(mem[0x807e042], '\x1e')
self.assertEqual(mem[0x8070436], '\xac')
self.assertEqual(cpu.EIP, 134677559)
self.assertEqual(cpu.AL, 30)
self.assertEqual(cpu.ESI, 134733891)
def test_LODSD_1(self):
''' Instruction LODSD_1
Groups:
0x8070439: lodsd eax, dword ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0x0807e000, 0x1000, 'rwx')
mem[0x0807e048] = '\xe5'
mem[0x08070439] = '\xad'
mem[0x0807e045] = 'Q'
mem[0x0807e046] = '\x1e'
mem[0x0807e047] = '\xe5'
cpu.DF = False
cpu.EIP = 0x8070439
cpu.ESI = 0x807e045
cpu.EAX = 0xe5e5
cpu.execute()
self.assertEqual(mem[0x807e048], '\xe5')
self.assertEqual(mem[0x8070439], '\xad')
self.assertEqual(mem[0x807e045], 'Q')
self.assertEqual(mem[0x807e046], '\x1e')
self.assertEqual(mem[0x807e047], '\xe5')
self.assertEqual(cpu.EIP, 134677562)
self.assertEqual(cpu.ESI, 134733897)
self.assertEqual(cpu.EAX, 3856997969)
def test_LODSW_1(self):
''' Instruction LODSW_1
Groups:
0x8070437: lodsw ax, word ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0x0807e000, 0x1000, 'rwx')
mem[0x08070438] = '\xad'
mem[0x0807e043] = '\xe5'
mem[0x0807e044] = '\xe5'
mem[0x08070437] = 'f'
cpu.DF = False
cpu.EIP = 0x8070437
cpu.ESI = 0x807e043
cpu.AX = 0x1e
cpu.execute()
self.assertEqual(mem[0x8070438], '\xad')
self.assertEqual(mem[0x807e043], '\xe5')
self.assertEqual(mem[0x807e044], '\xe5')
self.assertEqual(mem[0x8070437], 'f')
self.assertEqual(cpu.EIP, 134677561)
self.assertEqual(cpu.ESI, 134733893)
self.assertEqual(cpu.AX, 58853)
def test_LSL_1(self):
''' Instruction LSL_1
Groups:
0x8059a3e: lsl ecx, dword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x08059a40] = 'M'
mem[0x08059a41] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x1e'
mem[0xffffb600] = '>'
mem[0xffffb601] = '0'
mem[0x08059a3e] = '\x0f'
mem[0x08059a3f] = '\x03'
cpu.EIP = 0x8059a3e
cpu.ZF = False
cpu.EBP = 0xffffb600
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0x8059a40], 'M')
self.assertEqual(mem[0x8059a41], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x1e')
self.assertEqual(mem[0xffffb600], '>')
self.assertEqual(mem[0xffffb601], '0')
self.assertEqual(mem[0x8059a3e], '\x0f')
self.assertEqual(mem[0x8059a3f], '\x03')
self.assertEqual(cpu.EIP, 134584898)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.ECX, 0)
def test_LSL_2(self):
''' Instruction LSL_2
Groups:
0x8059a36: lsl cx, word ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '>'
mem[0xffffb601] = '0'
mem[0x08059a36] = 'f'
mem[0x08059a37] = '\x0f'
mem[0x08059a38] = '\x03'
mem[0x08059a39] = 'M'
mem[0x08059a3a] = '\x00'
cpu.EIP = 0x8059a36
cpu.ZF = False
cpu.CX = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '>')
self.assertEqual(mem[0xffffb601], '0')
self.assertEqual(mem[0x8059a36], 'f')
self.assertEqual(mem[0x8059a37], '\x0f')
self.assertEqual(mem[0x8059a38], '\x03')
self.assertEqual(mem[0x8059a39], 'M')
self.assertEqual(mem[0x8059a3a], '\x00')
self.assertEqual(cpu.EIP, 134584891)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CX, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_LSL_3(self):
''' Instruction LSL_3
Groups:
0x8059a3b: lsl ecx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x08059a3b] = '\x0f'
mem[0x08059a3c] = '\x03'
mem[0x08059a3d] = '\xca'
cpu.EIP = 0x8059a3b
cpu.ZF = False
cpu.EDX = 0xc8f8
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0x8059a3b], '\x0f')
self.assertEqual(mem[0x8059a3c], '\x03')
self.assertEqual(mem[0x8059a3d], '\xca')
self.assertEqual(cpu.EIP, 134584894)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.EDX, 51448)
self.assertEqual(cpu.ECX, 0)
def test_LSL_4(self):
''' Instruction LSL_4
Groups:
0x8059a32: lsl cx, dx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x08059a32] = 'f'
mem[0x08059a33] = '\x0f'
mem[0x08059a34] = '\x03'
mem[0x08059a35] = '\xca'
cpu.EIP = 0x8059a32
cpu.ZF = False
cpu.CX = 0x0
cpu.DX = 0xc8f8
cpu.execute()
self.assertEqual(mem[0x8059a32], 'f')
self.assertEqual(mem[0x8059a33], '\x0f')
self.assertEqual(mem[0x8059a34], '\x03')
self.assertEqual(mem[0x8059a35], '\xca')
self.assertEqual(cpu.EIP, 134584886)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CX, 0)
self.assertEqual(cpu.DX, 51448)
def test_MOVAPS_1(self):
''' Instruction MOVAPS_1
Groups: sse1
0x8048413: movaps xmm0, xmmword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\xeb'
mem[0xffffb601] = '\xb6'
mem[0xffffb602] = 'n'
mem[0xffffb603] = '\xeb'
mem[0xffffb604] = '\xeb'
mem[0xffffb605] = '\xb6'
mem[0xffffb606] = 'n'
mem[0xffffb607] = '\xeb'
mem[0xffffb608] = '\xeb'
mem[0xffffb609] = '\xb6'
mem[0xffffb60a] = 'n'
mem[0xffffb60b] = '\xeb'
mem[0xffffb60c] = '\xeb'
mem[0xffffb60d] = '\xb6'
mem[0xffffb60e] = 'n'
mem[0xffffb60f] = '\xeb'
mem[0x08048413] = '\x0f'
mem[0x08048414] = '('
mem[0x08048415] = 'E'
mem[0x08048416] = '\x00'
cpu.EIP = 0x8048413
cpu.XMM0 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\xeb')
self.assertEqual(mem[0xffffb601], '\xb6')
self.assertEqual(mem[0xffffb602], 'n')
self.assertEqual(mem[0xffffb603], '\xeb')
self.assertEqual(mem[0xffffb604], '\xeb')
self.assertEqual(mem[0xffffb605], '\xb6')
self.assertEqual(mem[0xffffb606], 'n')
self.assertEqual(mem[0xffffb607], '\xeb')
self.assertEqual(mem[0xffffb608], '\xeb')
self.assertEqual(mem[0xffffb609], '\xb6')
self.assertEqual(mem[0xffffb60a], 'n')
self.assertEqual(mem[0xffffb60b], '\xeb')
self.assertEqual(mem[0xffffb60c], '\xeb')
self.assertEqual(mem[0xffffb60d], '\xb6')
self.assertEqual(mem[0xffffb60e], 'n')
self.assertEqual(mem[0xffffb60f], '\xeb')
self.assertEqual(mem[0x8048413], '\x0f')
self.assertEqual(mem[0x8048414], '(')
self.assertEqual(mem[0x8048415], 'E')
self.assertEqual(mem[0x8048416], '\x00')
self.assertEqual(cpu.EIP, 134513687)
self.assertEqual(cpu.XMM0, 312943441753922939598492644572107028203)
self.assertEqual(cpu.EBP, 4294948352)
def test_MOVAPS_2(self):
''' Instruction MOVAPS_2
Groups: sse1
0x8048417: movaps xmmword ptr [ebp], xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\xeb'
mem[0xffffb601] = '\xb6'
mem[0xffffb602] = 'n'
mem[0xffffb603] = '\xeb'
mem[0xffffb604] = '\xeb'
mem[0xffffb605] = '\xb6'
mem[0xffffb606] = 'n'
mem[0xffffb607] = '\xeb'
mem[0xffffb608] = '\xeb'
mem[0xffffb609] = '\xb6'
mem[0xffffb60a] = 'n'
mem[0xffffb60b] = '\xeb'
mem[0xffffb60c] = '\xeb'
mem[0xffffb60d] = '\xb6'
mem[0xffffb60e] = 'n'
mem[0xffffb60f] = '\xeb'
mem[0x08048417] = '\x0f'
mem[0x08048418] = ')'
mem[0x08048419] = 'M'
mem[0x0804841a] = '\x00'
cpu.EIP = 0x8048417
cpu.XMM1 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\x00')
self.assertEqual(mem[0xffffb606], '\x00')
self.assertEqual(mem[0xffffb607], '\x00')
self.assertEqual(mem[0xffffb608], '\x00')
self.assertEqual(mem[0xffffb609], '\x00')
self.assertEqual(mem[0xffffb60a], '\x00')
self.assertEqual(mem[0xffffb60b], '\x00')
self.assertEqual(mem[0xffffb60c], '\x00')
self.assertEqual(mem[0xffffb60d], '\x00')
self.assertEqual(mem[0xffffb60e], '\x00')
self.assertEqual(mem[0xffffb60f], '\x00')
self.assertEqual(mem[0x8048417], '\x0f')
self.assertEqual(mem[0x8048418], ')')
self.assertEqual(mem[0x8048419], 'M')
self.assertEqual(mem[0x804841a], '\x00')
self.assertEqual(cpu.EIP, 134513691)
self.assertEqual(cpu.XMM1, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_MOVAPS_3(self):
''' Instruction MOVAPS_3
Groups: sse1
0x8048410: movaps xmm0, xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem[0x08048410] = '\x0f'
mem[0x08048411] = '('
mem[0x08048412] = '\xc1'
cpu.EIP = 0x8048410
cpu.XMM0 = 0x0
cpu.XMM1 = 0x0
cpu.execute()
self.assertEqual(mem[0x8048410], '\x0f')
self.assertEqual(mem[0x8048411], '(')
self.assertEqual(mem[0x8048412], '\xc1')
self.assertEqual(cpu.EIP, 134513683)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.XMM1, 0)
def test_MOVDQA_1(self):
''' Instruction MOVDQA_1
Groups: sse2
0x8079433: movdqa xmm0, xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079433] = 'f'
mem[0x08079434] = '\x0f'
mem[0x08079435] = 'o'
mem[0x08079436] = '\xc1'
cpu.EIP = 0x8079433
cpu.XMM0 = 0x8000f100fc0000000000000100000101
cpu.XMM1 = 0x0
cpu.execute()
self.assertEqual(mem[0x8079433], 'f')
self.assertEqual(mem[0x8079434], '\x0f')
self.assertEqual(mem[0x8079435], 'o')
self.assertEqual(mem[0x8079436], '\xc1')
self.assertEqual(cpu.EIP, 134714423)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.XMM1, 0)
def test_MOVDQA_2(self):
''' Instruction MOVDQA_2
Groups: sse2
0x807943c: movdqa xmmword ptr [ebp], xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x08079440] = '\x00'
mem[0xffffb600] = '\xfe'
mem[0xffffb602] = '\xff'
mem[0xffffb603] = '\xff'
mem[0xffffb604] = '\x00'
mem[0xffffb605] = '\xfc'
mem[0xffffb606] = '\xf1'
mem[0xffffb601] = '\x80'
mem[0xffffb608] = '\x00'
mem[0xffffb609] = '\x00'
mem[0xffffb60a] = '\x00'
mem[0xffffb607] = '\x80'
mem[0xffffb60c] = '\x00'
mem[0xffffb60d] = '\x00'
mem[0xffffb60b] = '\x00'
mem[0xffffb60f] = '\x00'
mem[0xffffb60e] = '\x00'
mem[0x0807943c] = 'f'
mem[0x0807943d] = '\x0f'
mem[0x0807943e] = '\x7f'
mem[0x0807943f] = 'M'
cpu.EIP = 0x807943c
cpu.XMM1 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0x8079440], '\x00')
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\x00')
self.assertEqual(mem[0xffffb606], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb608], '\x00')
self.assertEqual(mem[0xffffb609], '\x00')
self.assertEqual(mem[0xffffb60a], '\x00')
self.assertEqual(mem[0xffffb60b], '\x00')
self.assertEqual(mem[0xffffb60c], '\x00')
self.assertEqual(mem[0xffffb60d], '\x00')
self.assertEqual(mem[0xffffb60e], '\x00')
self.assertEqual(mem[0xffffb60f], '\x00')
self.assertEqual(mem[0xffffb607], '\x00')
self.assertEqual(mem[0x807943c], 'f')
self.assertEqual(mem[0x807943d], '\x0f')
self.assertEqual(mem[0x807943e], '\x7f')
self.assertEqual(mem[0x807943f], 'M')
self.assertEqual(cpu.EIP, 134714433)
self.assertEqual(cpu.XMM1, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_MOVDQA_3(self):
''' Instruction MOVDQA_3
Groups: sse2
0x8079437: movdqa xmm0, xmmword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\xfe'
mem[0xffffb601] = '\x80'
mem[0xffffb602] = '\xff'
mem[0xffffb603] = '\xff'
mem[0xffffb604] = '\x00'
mem[0xffffb605] = '\xfc'
mem[0xffffb606] = '\xf1'
mem[0xffffb607] = '\x80'
mem[0xffffb608] = '\x00'
mem[0xffffb609] = '\x00'
mem[0xffffb60a] = '\x00'
mem[0xffffb60b] = '\x00'
mem[0xffffb60c] = '\x00'
mem[0xffffb60d] = '\x00'
mem[0xffffb60e] = '\x00'
mem[0xffffb60f] = '\x00'
mem[0x08079437] = 'f'
mem[0x08079438] = '\x0f'
mem[0x08079439] = 'o'
mem[0x0807943a] = 'E'
mem[0x0807943b] = '\x00'
cpu.EIP = 0x8079437
cpu.XMM0 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\xfe')
self.assertEqual(mem[0xffffb601], '\x80')
self.assertEqual(mem[0xffffb602], '\xff')
self.assertEqual(mem[0xffffb603], '\xff')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\xfc')
self.assertEqual(mem[0xffffb606], '\xf1')
self.assertEqual(mem[0xffffb607], '\x80')
self.assertEqual(mem[0xffffb608], '\x00')
self.assertEqual(mem[0xffffb609], '\x00')
self.assertEqual(mem[0xffffb60a], '\x00')
self.assertEqual(mem[0xffffb60b], '\x00')
self.assertEqual(mem[0xffffb60c], '\x00')
self.assertEqual(mem[0xffffb60d], '\x00')
self.assertEqual(mem[0xffffb60e], '\x00')
self.assertEqual(mem[0xffffb60f], '\x00')
self.assertEqual(mem[0x8079437], 'f')
self.assertEqual(mem[0x8079438], '\x0f')
self.assertEqual(mem[0x8079439], 'o')
self.assertEqual(mem[0x807943a], 'E')
self.assertEqual(mem[0x807943b], '\x00')
self.assertEqual(cpu.EIP, 134714428)
self.assertEqual(cpu.XMM0, 9291484587467178238)
self.assertEqual(cpu.EBP, 4294948352)
def test_MOVDQU_1(self):
''' Instruction MOVDQU_1
Groups: sse2
0x805bb8c: movdqu xmm0, xmmword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0xffffb604] = '\x00'
mem[0xffffb605] = '\x00'
mem[0xffffb606] = '\x00'
mem[0xffffb607] = '\x00'
mem[0xffffb608] = '\x00'
mem[0xffffb609] = '\x00'
mem[0xffffb60a] = '\x00'
mem[0xffffb60b] = '\x00'
mem[0x0805bb8c] = '\xf3'
mem[0x0805bb8d] = '\x0f'
mem[0x0805bb8e] = 'o'
mem[0x0805bb8f] = 'E'
mem[0x0805bb90] = '\x00'
mem[0xffffb60e] = '\x00'
mem[0xffffb60f] = '\x00'
mem[0xffffb60d] = '\x00'
mem[0xffffb60c] = '\x00'
cpu.EIP = 0x805bb8c
cpu.XMM0 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\x00')
self.assertEqual(mem[0xffffb606], '\x00')
self.assertEqual(mem[0xffffb607], '\x00')
self.assertEqual(mem[0xffffb608], '\x00')
self.assertEqual(mem[0xffffb609], '\x00')
self.assertEqual(mem[0xffffb60a], '\x00')
self.assertEqual(mem[0xffffb60b], '\x00')
self.assertEqual(mem[0x805bb8c], '\xf3')
self.assertEqual(mem[0x805bb8d], '\x0f')
self.assertEqual(mem[0x805bb8e], 'o')
self.assertEqual(mem[0x805bb8f], 'E')
self.assertEqual(mem[0x805bb90], '\x00')
self.assertEqual(mem[0xffffb60e], '\x00')
self.assertEqual(mem[0xffffb60f], '\x00')
self.assertEqual(mem[0xffffb60d], '\x00')
self.assertEqual(mem[0xffffb60c], '\x00')
self.assertEqual(cpu.EIP, 134593425)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_MOVDQU_2(self):
''' Instruction MOVDQU_2
Groups: sse2
0x805bb91: movdqu xmmword ptr [ebp], xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0xffffb604] = '\x00'
mem[0xffffb605] = '\x00'
mem[0xffffb606] = '\x00'
mem[0xffffb607] = '\x00'
mem[0xffffb608] = '\x00'
mem[0xffffb609] = '\x00'
mem[0xffffb60a] = '\x00'
mem[0xffffb60b] = '\x00'
mem[0xffffb60c] = '\x00'
mem[0xffffb60d] = '\x00'
mem[0xffffb60e] = '\x00'
mem[0xffffb60f] = '\x00'
mem[0x0805bb91] = '\xf3'
mem[0x0805bb92] = '\x0f'
mem[0x0805bb93] = '\x7f'
mem[0x0805bb94] = 'M'
mem[0x0805bb95] = '\x00'
cpu.EIP = 0x805bb91
cpu.XMM1 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\x00')
self.assertEqual(mem[0xffffb606], '\x00')
self.assertEqual(mem[0xffffb607], '\x00')
self.assertEqual(mem[0xffffb608], '\x00')
self.assertEqual(mem[0xffffb609], '\x00')
self.assertEqual(mem[0xffffb60a], '\x00')
self.assertEqual(mem[0xffffb60b], '\x00')
self.assertEqual(mem[0xffffb60c], '\x00')
self.assertEqual(mem[0xffffb60d], '\x00')
self.assertEqual(mem[0xffffb60e], '\x00')
self.assertEqual(mem[0xffffb60f], '\x00')
self.assertEqual(mem[0x805bb91], '\xf3')
self.assertEqual(mem[0x805bb92], '\x0f')
self.assertEqual(mem[0x805bb93], '\x7f')
self.assertEqual(mem[0x805bb94], 'M')
self.assertEqual(mem[0x805bb95], '\x00')
self.assertEqual(cpu.EIP, 134593430)
self.assertEqual(cpu.XMM1, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_MOVDQU_3(self):
''' Instruction MOVDQU_3
Groups: sse2
0x805bb88: movdqu xmm0, xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x0805bb88] = '\xf3'
mem[0x0805bb89] = '\x0f'
mem[0x0805bb8a] = 'o'
mem[0x0805bb8b] = '\xc1'
cpu.EIP = 0x805bb88
cpu.XMM0 = 0x0
cpu.XMM1 = 0x0
cpu.execute()
self.assertEqual(mem[0x805bb88], '\xf3')
self.assertEqual(mem[0x805bb89], '\x0f')
self.assertEqual(mem[0x805bb8a], 'o')
self.assertEqual(mem[0x805bb8b], '\xc1')
self.assertEqual(cpu.EIP, 134593420)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.XMM1, 0)
def test_MOVD_1(self):
''' Instruction MOVD_1
Groups: sse2
0x804841b: movd ecx, xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem[0x0804841b] = 'f'
mem[0x0804841c] = '\x0f'
mem[0x0804841d] = '~'
mem[0x0804841e] = '\xc9'
cpu.EIP = 0x804841b
cpu.XMM1 = 0x0
cpu.ECX = 0xecfecf0f
cpu.execute()
self.assertEqual(mem[0x804841b], 'f')
self.assertEqual(mem[0x804841c], '\x0f')
self.assertEqual(mem[0x804841d], '~')
self.assertEqual(mem[0x804841e], '\xc9')
self.assertEqual(cpu.EIP, 134513695)
self.assertEqual(cpu.XMM1, 0)
self.assertEqual(cpu.ECX, 0)
def test_MOVD_2(self):
''' Instruction MOVD_2
Groups: sse2
0x804841f: movd xmm0, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem[0x08048420] = '\x0f'
mem[0x08048421] = 'n'
mem[0x08048422] = '\xc2'
mem[0x0804841f] = 'f'
cpu.EIP = 0x804841f
cpu.XMM0 = 0xeb6eb6ebeb6eb6ebeb6eb6ebeb6eb6eb
cpu.EDX = 0xe6fe6ff0
cpu.execute()
self.assertEqual(mem[0x8048420], '\x0f')
self.assertEqual(mem[0x8048421], 'n')
self.assertEqual(mem[0x8048422], '\xc2')
self.assertEqual(mem[0x804841f], 'f')
self.assertEqual(cpu.EIP, 134513699)
self.assertEqual(cpu.XMM0, 3875434480)
self.assertEqual(cpu.EDX, 3875434480)
def test_MOVD_3(self):
''' Instruction MOVD_3
Groups: sse2
0x8048423: movd xmm0, dword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0x08048423] = 'f'
mem[0x08048424] = '\x0f'
mem[0x08048425] = 'n'
mem[0x08048426] = 'E'
mem[0x08048427] = '\x00'
mem[0xffffb603] = '\x00'
cpu.EIP = 0x8048423
cpu.XMM0 = 0xe6fe6ff0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0x8048423], 'f')
self.assertEqual(mem[0x8048424], '\x0f')
self.assertEqual(mem[0x8048425], 'n')
self.assertEqual(mem[0x8048426], 'E')
self.assertEqual(mem[0x8048427], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(cpu.EIP, 134513704)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_MOVD_4(self):
''' Instruction MOVD_4
Groups: sse2
0x8048428: movd dword ptr [ebp], xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x08048428] = 'f'
mem[0x08048429] = '\x0f'
mem[0x0804842a] = '~'
mem[0x0804842b] = 'M'
mem[0x0804842c] = '\x00'
cpu.EIP = 0x8048428
cpu.XMM1 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x8048428], 'f')
self.assertEqual(mem[0x8048429], '\x0f')
self.assertEqual(mem[0x804842a], '~')
self.assertEqual(mem[0x804842b], 'M')
self.assertEqual(mem[0x804842c], '\x00')
self.assertEqual(cpu.EIP, 134513709)
self.assertEqual(cpu.XMM1, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_MOVHPD_1(self):
''' Instruction MOVHPD_1
Groups: sse2
0x804d613: movhpd xmm0, qword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0xffffb604] = '\x00'
mem[0xffffb605] = '\x00'
mem[0xffffb606] = '\x00'
mem[0xffffb607] = '\x00'
mem[0x0804d613] = 'f'
mem[0x0804d614] = '\x0f'
mem[0x0804d615] = '\x16'
mem[0x0804d616] = 'E'
mem[0x0804d617] = '\x00'
cpu.EIP = 0x804d613
cpu.XMM0 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\x00')
self.assertEqual(mem[0xffffb606], '\x00')
self.assertEqual(mem[0xffffb607], '\x00')
self.assertEqual(mem[0x804d613], 'f')
self.assertEqual(mem[0x804d614], '\x0f')
self.assertEqual(mem[0x804d615], '\x16')
self.assertEqual(mem[0x804d616], 'E')
self.assertEqual(mem[0x804d617], '\x00')
self.assertEqual(cpu.EIP, 134534680)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_MOVHPD_2(self):
''' Instruction MOVHPD_2
Groups: sse2
0x804d618: movhpd qword ptr [ebp], xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0xffffb604] = '\x00'
mem[0xffffb605] = '\x00'
mem[0xffffb606] = '\x00'
mem[0xffffb607] = '\x00'
mem[0x0804d618] = 'f'
mem[0x0804d619] = '\x0f'
mem[0x0804d61a] = '\x17'
mem[0x0804d61b] = 'M'
mem[0x0804d61c] = '\x00'
cpu.EIP = 0x804d618
cpu.XMM1 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\x00')
self.assertEqual(mem[0xffffb606], '\x00')
self.assertEqual(mem[0xffffb607], '\x00')
self.assertEqual(mem[0x804d618], 'f')
self.assertEqual(mem[0x804d619], '\x0f')
self.assertEqual(mem[0x804d61a], '\x17')
self.assertEqual(mem[0x804d61b], 'M')
self.assertEqual(mem[0x804d61c], '\x00')
self.assertEqual(cpu.EIP, 134534685)
self.assertEqual(cpu.XMM1, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_MOVLPD_1(self):
''' Instruction MOVLPD_1
Groups: sse2
0x804d553: movlpd qword ptr [ebp], xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0xffffb604] = '\x00'
mem[0xffffb605] = '\x00'
mem[0xffffb606] = '\x00'
mem[0xffffb607] = '\x00'
mem[0x0804d553] = 'f'
mem[0x0804d554] = '\x0f'
mem[0x0804d555] = '\x13'
mem[0x0804d556] = 'M'
mem[0x0804d557] = '\x00'
cpu.EIP = 0x804d553
cpu.XMM1 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\x00')
self.assertEqual(mem[0xffffb606], '\x00')
self.assertEqual(mem[0xffffb607], '\x00')
self.assertEqual(mem[0x804d553], 'f')
self.assertEqual(mem[0x804d554], '\x0f')
self.assertEqual(mem[0x804d555], '\x13')
self.assertEqual(mem[0x804d556], 'M')
self.assertEqual(mem[0x804d557], '\x00')
self.assertEqual(cpu.EIP, 134534488)
self.assertEqual(cpu.XMM1, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_MOVLPD_2(self):
''' Instruction MOVLPD_2
Groups: sse2
0x804d54e: movlpd xmm0, qword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0xffffb604] = '\x00'
mem[0xffffb605] = '\x00'
mem[0xffffb606] = '\x00'
mem[0xffffb607] = '\x00'
mem[0x0804d54e] = 'f'
mem[0x0804d54f] = '\x0f'
mem[0x0804d550] = '\x12'
mem[0x0804d551] = 'E'
mem[0x0804d552] = '\x00'
cpu.EIP = 0x804d54e
cpu.XMM0 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\x00')
self.assertEqual(mem[0xffffb606], '\x00')
self.assertEqual(mem[0xffffb607], '\x00')
self.assertEqual(mem[0x804d54e], 'f')
self.assertEqual(mem[0x804d54f], '\x0f')
self.assertEqual(mem[0x804d550], '\x12')
self.assertEqual(mem[0x804d551], 'E')
self.assertEqual(mem[0x804d552], '\x00')
self.assertEqual(cpu.EIP, 134534483)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_MOVQ_1(self):
''' Instruction MOVQ_1
Groups: sse2
0x804d55c: movq xmm0, xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x0804d55c] = '\xf3'
mem[0x0804d55d] = '\x0f'
mem[0x0804d55e] = '~'
mem[0x0804d55f] = '\xc1'
cpu.EIP = 0x804d55c
cpu.XMM0 = 0x0
cpu.XMM1 = 0x0
cpu.execute()
self.assertEqual(mem[0x804d55c], '\xf3')
self.assertEqual(mem[0x804d55d], '\x0f')
self.assertEqual(mem[0x804d55e], '~')
self.assertEqual(mem[0x804d55f], '\xc1')
self.assertEqual(cpu.EIP, 134534496)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.XMM1, 0)
def test_MOVQ_2(self):
''' Instruction MOVQ_2
Groups: sse2
0x804d560: movq xmm0, qword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0xffffb604] = '\x00'
mem[0xffffb605] = '\x00'
mem[0xffffb606] = '\x00'
mem[0xffffb607] = '\x00'
mem[0x0804d560] = '\xf3'
mem[0x0804d561] = '\x0f'
mem[0x0804d562] = '~'
mem[0x0804d563] = 'E'
mem[0x0804d564] = '\x00'
cpu.EIP = 0x804d560
cpu.XMM0 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\x00')
self.assertEqual(mem[0xffffb606], '\x00')
self.assertEqual(mem[0xffffb607], '\x00')
self.assertEqual(mem[0x804d560], '\xf3')
self.assertEqual(mem[0x804d561], '\x0f')
self.assertEqual(mem[0x804d562], '~')
self.assertEqual(mem[0x804d563], 'E')
self.assertEqual(mem[0x804d564], '\x00')
self.assertEqual(cpu.EIP, 134534501)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_MOVQ_3(self):
''' Instruction MOVQ_3
Groups: sse2
0x804d565: movq qword ptr [ebp], xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0xffffb604] = '\x00'
mem[0xffffb605] = '\x00'
mem[0xffffb606] = '\x00'
mem[0xffffb607] = '\x00'
mem[0x0804d565] = 'f'
mem[0x0804d566] = '\x0f'
mem[0x0804d567] = '\xd6'
mem[0x0804d568] = 'M'
mem[0x0804d569] = '\x00'
cpu.EIP = 0x804d565
cpu.XMM1 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\x00')
self.assertEqual(mem[0xffffb606], '\x00')
self.assertEqual(mem[0xffffb607], '\x00')
self.assertEqual(mem[0x804d565], 'f')
self.assertEqual(mem[0x804d566], '\x0f')
self.assertEqual(mem[0x804d567], '\xd6')
self.assertEqual(mem[0x804d568], 'M')
self.assertEqual(mem[0x804d569], '\x00')
self.assertEqual(cpu.EIP, 134534506)
self.assertEqual(cpu.XMM1, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_MOVSB_1(self):
''' Instruction MOVSB_1
Groups:
0xf7ff463a: rep movsb byte ptr es:[edi], byte ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff463b] = '\xa4'
mem[0xf7fdab04] = '\x00'
mem[0xf7fdab05] = '\x00'
mem[0xf7fdab06] = '\x00'
mem[0xf7fdab07] = '\x00'
mem[0xf7fdaaf8] = '\x00'
mem[0xf7fdaaf9] = '\x00'
mem[0xf7ff463a] = '\xf3'
mem[0xf7fdaafb] = '\x00'
mem[0xf7fdaafa] = '\x00'
cpu.EIP = 0xf7ff463a
cpu.EDI = 0xf7fdab04
cpu.ESI = 0xf7fdaaf8
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fdaafb], '\x00')
self.assertEqual(mem[0xf7fdab04], '\x00')
self.assertEqual(mem[0xf7fdab05], '\x00')
self.assertEqual(mem[0xf7fdab06], '\x00')
self.assertEqual(mem[0xf7fdab07], '\x00')
self.assertEqual(mem[0xf7fdaaf8], '\x00')
self.assertEqual(mem[0xf7fdaaf9], '\x00')
self.assertEqual(mem[0xf7ff463a], '\xf3')
self.assertEqual(mem[0xf7ff463b], '\xa4')
self.assertEqual(mem[0xf7fdaafa], '\x00')
self.assertEqual(cpu.EIP, 4160702012)
self.assertEqual(cpu.EDI, 4160596740)
self.assertEqual(cpu.ESI, 4160596728)
self.assertEqual(cpu.ECX, 0)
def test_MOVSB_10(self):
''' Instruction MOVSB_10
Groups:
0xf7ff4545: movsb byte ptr es:[edi], byte ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x2000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
mem[0xf7ff5e9a] = 't'
mem[0xf7ffdf3b] = '\x00'
mem[0xf7ff4545] = '\xa4'
cpu.DF = False
cpu.EIP = 0xf7ff4545
cpu.EDI = 0xf7ffdf3b
cpu.ESI = 0xf7ff5e9a
cpu.execute()
self.assertEqual(mem[0xf7ff5e9a], 't')
self.assertEqual(mem[0xf7ffdf3b], 't')
self.assertEqual(mem[0xf7ff4545], '\xa4')
self.assertEqual(cpu.EIP, 4160701766)
self.assertEqual(cpu.EDI, 4160741180)
self.assertEqual(cpu.ESI, 4160708251)
def test_MOVSB_11(self):
''' Instruction MOVSB_11
Groups:
0xf7ff464a: movsb byte ptr es:[edi], byte ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x2000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
mem[0xf7ffdc24] = '\x00'
mem[0xf7ff464a] = '\xa4'
mem[0xf7ff5844] = '\x00'
cpu.DF = False
cpu.EIP = 0xf7ff464a
cpu.EDI = 0xf7ffdc24
cpu.ESI = 0xf7ff5844
cpu.execute()
self.assertEqual(mem[0xf7ff5844], '\x00')
self.assertEqual(mem[0xf7ff464a], '\xa4')
self.assertEqual(mem[0xf7ffdc24], '\x00')
self.assertEqual(cpu.EIP, 4160702027)
self.assertEqual(cpu.EDI, 4160740389)
self.assertEqual(cpu.ESI, 4160706629)
def test_MOVSB_2(self):
''' Instruction MOVSB_2
Groups:
0xf7ff4545: movsb byte ptr es:[edi], byte ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x2000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
mem[0xf7ff5e9a] = 't'
mem[0xf7ff4545] = '\xa4'
mem[0xf7ffdf57] = '\x00'
cpu.DF = False
cpu.EIP = 0xf7ff4545
cpu.EDI = 0xf7ffdf57
cpu.ESI = 0xf7ff5e9a
cpu.execute()
self.assertEqual(mem[0xf7ff5e9a], 't')
self.assertEqual(mem[0xf7ff4545], '\xa4')
self.assertEqual(mem[0xf7ffdf57], 't')
self.assertEqual(cpu.EIP, 4160701766)
self.assertEqual(cpu.EDI, 4160741208)
self.assertEqual(cpu.ESI, 4160708251)
def test_MOVSB_3(self):
''' Instruction MOVSB_3
Groups:
0xf7ff463a: rep movsb byte ptr es:[edi], byte ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7fdab16] = '\x00'
mem[0xf7ff463b] = '\xa4'
mem[0xf7fdab24] = '\x00'
mem[0xf7fdab25] = '\x00'
mem[0xf7fdab26] = '\x00'
mem[0xf7fdab27] = '\x00'
mem[0xf7fdab14] = '\x00'
mem[0xf7ff463a] = '\xf3'
mem[0xf7fdab17] = '\x00'
mem[0xf7fdab15] = '\x00'
cpu.EIP = 0xf7ff463a
cpu.EDI = 0xf7fdab14
cpu.ESI = 0xf7fdab24
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fdab16], '\x00')
self.assertEqual(mem[0xf7ff463b], '\xa4')
self.assertEqual(mem[0xf7fdab24], '\x00')
self.assertEqual(mem[0xf7fdab25], '\x00')
self.assertEqual(mem[0xf7fdab26], '\x00')
self.assertEqual(mem[0xf7fdab27], '\x00')
self.assertEqual(mem[0xf7fdab14], '\x00')
self.assertEqual(mem[0xf7ff463a], '\xf3')
self.assertEqual(mem[0xf7fdab17], '\x00')
self.assertEqual(mem[0xf7fdab15], '\x00')
self.assertEqual(cpu.EIP, 4160702012)
self.assertEqual(cpu.EDI, 4160596756)
self.assertEqual(cpu.ESI, 4160596772)
self.assertEqual(cpu.ECX, 0)
def test_MOVSB_4(self):
''' Instruction MOVSB_4
Groups:
0x804d558: movsb byte ptr es:[edi], byte ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0x0807e000, 0x2000, 'rwx')
mem[0x0804d558] = '\xa4'
mem[0x0807f030] = '0'
mem[0x0807e030] = '0'
cpu.DF = False
cpu.EIP = 0x804d558
cpu.EDI = 0x807f030
cpu.ESI = 0x807e030
cpu.execute()
self.assertEqual(mem[0x804d558], '\xa4')
self.assertEqual(mem[0x807f030], '0')
self.assertEqual(mem[0x807e030], '0')
self.assertEqual(cpu.EIP, 134534489)
self.assertEqual(cpu.EDI, 134737969)
self.assertEqual(cpu.ESI, 134733873)
def test_MOVSB_5(self):
''' Instruction MOVSB_5
Groups:
0xf7ff4545: movsb byte ptr es:[edi], byte ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x2000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
mem[0xf7ffdf28] = '\x00'
mem[0xf7ff5e9a] = 't'
mem[0xf7ff4545] = '\xa4'
cpu.DF = False
cpu.EIP = 0xf7ff4545
cpu.EDI = 0xf7ffdf28
cpu.ESI = 0xf7ff5e9a
cpu.execute()
self.assertEqual(mem[0xf7ffdf28], 't')
self.assertEqual(mem[0xf7ff5e9a], 't')
self.assertEqual(mem[0xf7ff4545], '\xa4')
self.assertEqual(cpu.EIP, 4160701766)
self.assertEqual(cpu.EDI, 4160741161)
self.assertEqual(cpu.ESI, 4160708251)
def test_MOVSB_6(self):
''' Instruction MOVSB_6
Groups:
0xf7ff463a: rep movsb byte ptr es:[edi], byte ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fdb000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
mem[0xf7fdb178] = 'L'
mem[0xf7ff463b] = '\xa4'
mem[0xf7ffdeab] = '\x00'
mem[0xf7fdb179] = 'I'
mem[0xf7ffdea8] = '\x00'
mem[0xf7ffdea9] = '\x00'
mem[0xf7ffdeaa] = '\x00'
mem[0xf7fdb17b] = 'U'
mem[0xf7ff463a] = '\xf3'
mem[0xf7fdb17a] = 'N'
cpu.EIP = 0xf7ff463a
cpu.EDI = 0xf7ffdea8
cpu.ESI = 0xf7fdb178
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fdb178], 'L')
self.assertEqual(mem[0xf7ffdeab], '\x00')
self.assertEqual(mem[0xf7fdb17b], 'U')
self.assertEqual(mem[0xf7fdb179], 'I')
self.assertEqual(mem[0xf7ffdea8], '\x00')
self.assertEqual(mem[0xf7ffdea9], '\x00')
self.assertEqual(mem[0xf7ffdeaa], '\x00')
self.assertEqual(mem[0xf7ff463b], '\xa4')
self.assertEqual(mem[0xf7ff463a], '\xf3')
self.assertEqual(mem[0xf7fdb17a], 'N')
self.assertEqual(cpu.EIP, 4160702012)
self.assertEqual(cpu.EDI, 4160741032)
self.assertEqual(cpu.ESI, 4160598392)
self.assertEqual(cpu.ECX, 0)
def test_MOVSB_7(self):
''' Instruction MOVSB_7
Groups:
0xf7ff463a: rep movsb byte ptr es:[edi], byte ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7ff463b] = '\xa4'
mem[0xf7fdaaff] = '\x00'
mem[0xffffd388] = '\xef'
mem[0xffffd389] = '\xab'
mem[0xffffd38a] = '\xfe'
mem[0xffffd38b] = '\xf7'
mem[0xf7fdaafc] = '\x00'
mem[0xf7ff463a] = '\xf3'
mem[0xf7fdaafe] = '\x00'
mem[0xf7fdaafd] = '\x00'
cpu.EIP = 0xf7ff463a
cpu.EDI = 0xf7fdaafc
cpu.ESI = 0xffffd388
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7ff463b], '\xa4')
self.assertEqual(mem[0xf7fdaaff], '\x00')
self.assertEqual(mem[0xffffd388], '\xef')
self.assertEqual(mem[0xffffd389], '\xab')
self.assertEqual(mem[0xffffd38a], '\xfe')
self.assertEqual(mem[0xffffd38b], '\xf7')
self.assertEqual(mem[0xf7fdaafc], '\x00')
self.assertEqual(mem[0xf7ff463a], '\xf3')
self.assertEqual(mem[0xf7fdaafe], '\x00')
self.assertEqual(mem[0xf7fdaafd], '\x00')
self.assertEqual(cpu.EIP, 4160702012)
self.assertEqual(cpu.EDI, 4160596732)
self.assertEqual(cpu.ESI, 4294955912)
self.assertEqual(cpu.ECX, 0)
def test_MOVSB_8(self):
''' Instruction MOVSB_8
Groups:
0xf7ff464a: movsb byte ptr es:[edi], byte ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x2000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
mem[0xf7ffde94] = '\x00'
mem[0xf7ff464a] = '\xa4'
mem[0xf7ff5844] = '\x00'
cpu.DF = False
cpu.EIP = 0xf7ff464a
cpu.EDI = 0xf7ffde94
cpu.ESI = 0xf7ff5844
cpu.execute()
self.assertEqual(mem[0xf7ff5844], '\x00')
self.assertEqual(mem[0xf7ff464a], '\xa4')
self.assertEqual(mem[0xf7ffde94], '\x00')
self.assertEqual(cpu.EIP, 4160702027)
self.assertEqual(cpu.EDI, 4160741013)
self.assertEqual(cpu.ESI, 4160706629)
def test_MOVSB_9(self):
''' Instruction MOVSB_9
Groups:
0xf7ff4545: movsb byte ptr es:[edi], byte ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x2000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
mem[0xf7ffdf49] = '\x00'
mem[0xf7ff5e9a] = 't'
mem[0xf7ff4545] = '\xa4'
cpu.DF = False
cpu.EIP = 0xf7ff4545
cpu.EDI = 0xf7ffdf49
cpu.ESI = 0xf7ff5e9a
cpu.execute()
self.assertEqual(mem[0xf7ffdf49], 't')
self.assertEqual(mem[0xf7ff5e9a], 't')
self.assertEqual(mem[0xf7ff4545], '\xa4')
self.assertEqual(cpu.EIP, 4160701766)
self.assertEqual(cpu.EDI, 4160741194)
self.assertEqual(cpu.ESI, 4160708251)
def test_MOVSD_1(self):
''' Instruction MOVSD_1
Groups:
0xf7ff4636: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fdb000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
mem[0xf7fdb176] = '1'
mem[0xf7ffdea4] = '\x00'
mem[0xf7ffdea5] = '\x00'
mem[0xf7ffdea6] = '\x00'
mem[0xf7ffdea7] = '\x00'
mem[0xf7fdb174] = 'o'
mem[0xf7ff4637] = '\xa5'
mem[0xf7fdb177] = '\x00'
mem[0xf7ff4636] = '\xf3'
mem[0xf7fdb175] = '.'
cpu.EIP = 0xf7ff4636
cpu.EDI = 0xf7ffdea4
cpu.ESI = 0xf7fdb174
cpu.ECX = 0x1
cpu.execute()
self.assertEqual(mem[0xf7fdb177], '\x00')
self.assertEqual(mem[0xf7ffdea4], 'o')
self.assertEqual(mem[0xf7ffdea5], '.')
self.assertEqual(mem[0xf7ffdea6], '1')
self.assertEqual(mem[0xf7ffdea7], '\x00')
self.assertEqual(mem[0xf7fdb174], 'o')
self.assertEqual(mem[0xf7fdb176], '1')
self.assertEqual(mem[0xf7ff4637], '\xa5')
self.assertEqual(mem[0xf7ff4636], '\xf3')
self.assertEqual(mem[0xf7fdb175], '.')
self.assertEqual(cpu.EIP, 4160702008)
self.assertEqual(cpu.EDI, 4160741032)
self.assertEqual(cpu.ESI, 4160598392)
self.assertEqual(cpu.ECX, 0)
def test_MOVSD_10(self):
''' Instruction MOVSD_10
Groups:
0x805ba6d: movsd dword ptr es:[edi], dword ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0x0807e000, 0x2000, 'rwx')
mem[0x0807f040] = '\xed'
mem[0x0807f041] = '\xd1'
mem[0x0807e03e] = '\x1e'
mem[0x0807e041] = 'Q'
mem[0x0807e040] = '\xe5'
mem[0x0807f03f] = '\xed'
mem[0x0805ba6d] = '\xa5'
mem[0x0807f03e] = '\x1e'
mem[0x0807e03f] = '\xe5'
cpu.DF = False
cpu.EIP = 0x805ba6d
cpu.EDI = 0x807f03e
cpu.ESI = 0x807e03e
cpu.execute()
self.assertEqual(mem[0x807f040], '\xe5')
self.assertEqual(mem[0x807f041], 'Q')
self.assertEqual(mem[0x807f03e], '\x1e')
self.assertEqual(mem[0x807e041], 'Q')
self.assertEqual(mem[0x807e040], '\xe5')
self.assertEqual(mem[0x807e03f], '\xe5')
self.assertEqual(mem[0x805ba6d], '\xa5')
self.assertEqual(mem[0x807e03e], '\x1e')
self.assertEqual(mem[0x807f03f], '\xe5')
self.assertEqual(cpu.EIP, 134593134)
self.assertEqual(cpu.EDI, 134737986)
self.assertEqual(cpu.ESI, 134733890)
def test_MOVSD_11(self):
''' Instruction MOVSD_11
Groups:
0xf7ff454c: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd7dc] = '6'
mem[0xffffd7db] = 'i'
mem[0xffffd7de] = '6'
mem[0xf7ffdf2c] = '\x00'
mem[0xffffd7dd] = '8'
mem[0xf7ffdf2f] = '\x00'
mem[0xf7ff454c] = '\xf3'
mem[0xf7ffdf2d] = '\x00'
mem[0xf7ffdf2e] = '\x00'
mem[0xf7ff454d] = '\xa5'
cpu.EIP = 0xf7ff454c
cpu.EDI = 0xf7ffdf2c
cpu.ESI = 0xffffd7db
cpu.ECX = 0x1
cpu.execute()
self.assertEqual(mem[0xf7ffdf2f], '6')
self.assertEqual(mem[0xffffd7dc], '6')
self.assertEqual(mem[0xffffd7de], '6')
self.assertEqual(mem[0xf7ff454c], '\xf3')
self.assertEqual(mem[0xffffd7dd], '8')
self.assertEqual(mem[0xffffd7db], 'i')
self.assertEqual(mem[0xf7ffdf2c], 'i')
self.assertEqual(mem[0xf7ffdf2d], '6')
self.assertEqual(mem[0xf7ffdf2e], '8')
self.assertEqual(mem[0xf7ff454d], '\xa5')
self.assertEqual(cpu.EIP, 4160701774)
self.assertEqual(cpu.EDI, 4160741168)
self.assertEqual(cpu.ESI, 4294957023)
self.assertEqual(cpu.ECX, 0)
def test_MOVSD_12(self):
''' Instruction MOVSD_12
Groups:
0xf7ff4636: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7fdaaf0] = 'X'
mem[0xf7fdaaf1] = '\xa8'
mem[0xf7fdaaf2] = '\xfd'
mem[0xf7fdaaf3] = '\xf7'
mem[0xf7ff4636] = '\xf3'
mem[0xf7ff4637] = '\xa5'
mem[0xf7fdaafc] = '\x00'
mem[0xf7fdaafd] = '\x00'
mem[0xf7fdaafe] = '\x00'
mem[0xf7fdaaff] = '\x00'
cpu.EIP = 0xf7ff4636
cpu.EDI = 0xf7fdaafc
cpu.ESI = 0xf7fdaaf0
cpu.ECX = 0x2
cpu.execute()
self.assertEqual(mem[0xf7fdaaf0], 'X')
self.assertEqual(mem[0xf7fdaaf1], '\xa8')
self.assertEqual(mem[0xf7fdaaf2], '\xfd')
self.assertEqual(mem[0xf7fdaaf3], '\xf7')
self.assertEqual(mem[0xf7ff4636], '\xf3')
self.assertEqual(mem[0xf7ff4637], '\xa5')
self.assertEqual(mem[0xf7fdaafc], 'X')
self.assertEqual(mem[0xf7fdaafd], '\xa8')
self.assertEqual(mem[0xf7fdaafe], '\xfd')
self.assertEqual(mem[0xf7fdaaff], '\xf7')
self.assertEqual(cpu.EIP, 4160702006)
self.assertEqual(cpu.EDI, 4160596736)
self.assertEqual(cpu.ESI, 4160596724)
self.assertEqual(cpu.ECX, 1)
def test_MOVSD_13(self):
''' Instruction MOVSD_13
Groups:
0xf7ff454c: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7fda852] = 'o'
mem[0xf7fda853] = '.'
mem[0xf7fda854] = '6'
mem[0xf7fda855] = '\x00'
mem[0xf7fdaaec] = '\x00'
mem[0xf7fdaaea] = '\x00'
mem[0xf7fdaaeb] = '\x00'
mem[0xf7ff454c] = '\xf3'
mem[0xf7ff454d] = '\xa5'
mem[0xf7fdaaed] = '\x00'
cpu.EIP = 0xf7ff454c
cpu.EDI = 0xf7fdaaea
cpu.ESI = 0xf7fda852
cpu.ECX = 0x1
cpu.execute()
self.assertEqual(mem[0xf7fda852], 'o')
self.assertEqual(mem[0xf7fda853], '.')
self.assertEqual(mem[0xf7fda854], '6')
self.assertEqual(mem[0xf7fda855], '\x00')
self.assertEqual(mem[0xf7ff454c], '\xf3')
self.assertEqual(mem[0xf7fdaaea], 'o')
self.assertEqual(mem[0xf7fdaaeb], '.')
self.assertEqual(mem[0xf7fdaaec], '6')
self.assertEqual(mem[0xf7ff454d], '\xa5')
self.assertEqual(mem[0xf7fdaaed], '\x00')
self.assertEqual(cpu.EIP, 4160701774)
self.assertEqual(cpu.EDI, 4160596718)
self.assertEqual(cpu.ESI, 4160596054)
self.assertEqual(cpu.ECX, 0)
def test_MOVSD_14(self):
''' Instruction MOVSD_14
Groups:
0xf7ff454c: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xf7ffc000, 0x2000, 'rwx')
mem[0xf7ffdf50] = '\x00'
mem[0xf7ffce44] = 's'
mem[0xf7ffce45] = 's'
mem[0xf7ffce46] = 'e'
mem[0xf7ffce47] = '2'
mem[0xf7ffdf4f] = '\x00'
mem[0xf7ff454c] = '\xf3'
mem[0xf7ffdf4d] = '\x00'
mem[0xf7ffdf4e] = '\x00'
mem[0xf7ff454d] = '\xa5'
cpu.EIP = 0xf7ff454c
cpu.EDI = 0xf7ffdf4d
cpu.ESI = 0xf7ffce44
cpu.ECX = 0x1
cpu.execute()
self.assertEqual(mem[0xf7ffdf50], '2')
self.assertEqual(mem[0xf7ffce44], 's')
self.assertEqual(mem[0xf7ffce45], 's')
self.assertEqual(mem[0xf7ffce46], 'e')
self.assertEqual(mem[0xf7ffce47], '2')
self.assertEqual(mem[0xf7ffdf4f], 'e')
self.assertEqual(mem[0xf7ff454c], '\xf3')
self.assertEqual(mem[0xf7ffdf4d], 's')
self.assertEqual(mem[0xf7ffdf4e], 's')
self.assertEqual(mem[0xf7ff454d], '\xa5')
self.assertEqual(cpu.EIP, 4160701774)
self.assertEqual(cpu.EDI, 4160741201)
self.assertEqual(cpu.ESI, 4160736840)
self.assertEqual(cpu.ECX, 0)
def test_MOVSD_15(self):
''' Instruction MOVSD_15
Groups:
0xf7ff454c: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7fda840] = '6'
mem[0xf7fda841] = '-'
mem[0xf7fdaad6] = '\x00'
mem[0xf7fdaad7] = '\x00'
mem[0xf7fdaad8] = '\x00'
mem[0xf7fdaad9] = '\x00'
mem[0xf7ff454c] = '\xf3'
mem[0xf7ff454d] = '\xa5'
mem[0xf7fda83e] = '3'
mem[0xf7fda83f] = '8'
cpu.EIP = 0xf7ff454c
cpu.EDI = 0xf7fdaad6
cpu.ESI = 0xf7fda83e
cpu.ECX = 0x6
cpu.execute()
self.assertEqual(mem[0xf7fda840], '6')
self.assertEqual(mem[0xf7fda841], '-')
self.assertEqual(mem[0xf7fdaad6], '3')
self.assertEqual(mem[0xf7fdaad7], '8')
self.assertEqual(mem[0xf7fdaad8], '6')
self.assertEqual(mem[0xf7fdaad9], '-')
self.assertEqual(mem[0xf7ff454c], '\xf3')
self.assertEqual(mem[0xf7ff454d], '\xa5')
self.assertEqual(mem[0xf7fda83e], '3')
self.assertEqual(mem[0xf7fda83f], '8')
self.assertEqual(cpu.EIP, 4160701772)
self.assertEqual(cpu.EDI, 4160596698)
self.assertEqual(cpu.ESI, 4160596034)
self.assertEqual(cpu.ECX, 5)
def test_MOVSD_16(self):
''' Instruction MOVSD_16
Groups:
0xf7ff454c: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7fda842] = 'l'
mem[0xf7fda843] = 'i'
mem[0xf7fda844] = 'n'
mem[0xf7fda845] = 'u'
mem[0xf7fdaadc] = '\x00'
mem[0xf7fdaada] = '\x00'
mem[0xf7fdaadb] = '\x00'
mem[0xf7ff454c] = '\xf3'
mem[0xf7ff454d] = '\xa5'
mem[0xf7fdaadd] = '\x00'
cpu.EIP = 0xf7ff454c
cpu.EDI = 0xf7fdaada
cpu.ESI = 0xf7fda842
cpu.ECX = 0x5
cpu.execute()
self.assertEqual(mem[0xf7fda842], 'l')
self.assertEqual(mem[0xf7fda843], 'i')
self.assertEqual(mem[0xf7fda844], 'n')
self.assertEqual(mem[0xf7fda845], 'u')
self.assertEqual(mem[0xf7fdaadc], 'n')
self.assertEqual(mem[0xf7fdaada], 'l')
self.assertEqual(mem[0xf7fdaadb], 'i')
self.assertEqual(mem[0xf7ff454c], '\xf3')
self.assertEqual(mem[0xf7ff454d], '\xa5')
self.assertEqual(mem[0xf7fdaadd], 'u')
self.assertEqual(cpu.EIP, 4160701772)
self.assertEqual(cpu.EDI, 4160596702)
self.assertEqual(cpu.ESI, 4160596038)
self.assertEqual(cpu.ECX, 4)
def test_MOVSD_17(self):
''' Instruction MOVSD_17
Groups: sse2
0x805ba6e: movsd qword ptr [ebp], xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x01'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0xffffb604] = '\x00'
mem[0xffffb605] = '\x00'
mem[0xffffb606] = '\x00'
mem[0xffffb607] = '\x00'
mem[0x0805ba6e] = '\xf2'
mem[0x0805ba6f] = '\x0f'
mem[0x0805ba70] = '\x11'
mem[0x0805ba71] = 'M'
mem[0x0805ba72] = '\x00'
cpu.DF = False
cpu.EIP = 0x805ba6e
cpu.XMM1 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\x00')
self.assertEqual(mem[0xffffb606], '\x00')
self.assertEqual(mem[0xffffb607], '\x00')
self.assertEqual(mem[0x805ba6e], '\xf2')
self.assertEqual(mem[0x805ba6f], '\x0f')
self.assertEqual(mem[0x805ba70], '\x11')
self.assertEqual(mem[0x805ba71], 'M')
self.assertEqual(mem[0x805ba72], '\x00')
self.assertEqual(cpu.EIP, 134593139)
self.assertEqual(cpu.XMM1, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_MOVSD_18(self):
''' Instruction MOVSD_18
Groups:
0xf7ff4636: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7fdab00] = '\x00'
mem[0xf7fdab01] = '\x00'
mem[0xf7fdab02] = '\x00'
mem[0xf7fdab03] = '\x00'
mem[0xf7fdaaf4] = '\\'
mem[0xf7fdaaf5] = '\xd5'
mem[0xf7fdaaf6] = '\xff'
mem[0xf7fdaaf7] = '\xf7'
mem[0xf7ff4637] = '\xa5'
mem[0xf7ff4636] = '\xf3'
cpu.EIP = 0xf7ff4636
cpu.EDI = 0xf7fdab00
cpu.ESI = 0xf7fdaaf4
cpu.ECX = 0x1
cpu.execute()
self.assertEqual(mem[0xf7fdab00], '\\')
self.assertEqual(mem[0xf7fdab01], '\xd5')
self.assertEqual(mem[0xf7fdab02], '\xff')
self.assertEqual(mem[0xf7fdab03], '\xf7')
self.assertEqual(mem[0xf7fdaaf4], '\\')
self.assertEqual(mem[0xf7fdaaf5], '\xd5')
self.assertEqual(mem[0xf7ff4636], '\xf3')
self.assertEqual(mem[0xf7ff4637], '\xa5')
self.assertEqual(mem[0xf7fdaaf7], '\xf7')
self.assertEqual(mem[0xf7fdaaf6], '\xff')
self.assertEqual(cpu.EIP, 4160702008)
self.assertEqual(cpu.EDI, 4160596740)
self.assertEqual(cpu.ESI, 4160596728)
self.assertEqual(cpu.ECX, 0)
def test_MOVSD_19(self):
''' Instruction MOVSD_19
Groups:
0xf7ff4636: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fdaaf9] = '\x00'
mem[0xf7fdaafb] = '\x00'
mem[0xffffd384] = '\x00'
mem[0xffffd385] = '\x00'
mem[0xffffd386] = '\x00'
mem[0xffffd387] = '\x00'
mem[0xf7fdaaf8] = '\x00'
mem[0xf7ff4637] = '\xa5'
mem[0xf7fdaafa] = '\x00'
mem[0xf7ff4636] = '\xf3'
cpu.EIP = 0xf7ff4636
cpu.EDI = 0xf7fdaaf8
cpu.ESI = 0xffffd384
cpu.ECX = 0x1
cpu.execute()
self.assertEqual(mem[0xf7fdaaf9], '\x00')
self.assertEqual(mem[0xf7fdaafb], '\x00')
self.assertEqual(mem[0xffffd384], '\x00')
self.assertEqual(mem[0xffffd385], '\x00')
self.assertEqual(mem[0xffffd386], '\x00')
self.assertEqual(mem[0xffffd387], '\x00')
self.assertEqual(mem[0xf7fdaaf8], '\x00')
self.assertEqual(mem[0xf7ff4637], '\xa5')
self.assertEqual(mem[0xf7fdaafa], '\x00')
self.assertEqual(mem[0xf7ff4636], '\xf3')
self.assertEqual(cpu.EIP, 4160702008)
self.assertEqual(cpu.EDI, 4160596732)
self.assertEqual(cpu.ESI, 4294955912)
self.assertEqual(cpu.ECX, 0)
def test_MOVSD_2(self):
''' Instruction MOVSD_2
Groups:
0xf7ff454c: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xf7ffc000, 0x2000, 'rwx')
mem[0xf7ffdf44] = '\x00'
mem[0xf7ffdf45] = '\x00'
mem[0xf7ffdf46] = '\x00'
mem[0xf7ffdf47] = '\x00'
mem[0xf7ff454c] = '\xf3'
mem[0xf7ffcdef] = 'v'
mem[0xf7ffcdec] = 'c'
mem[0xf7ff454d] = '\xa5'
mem[0xf7ffcdee] = 'o'
mem[0xf7ffcded] = 'm'
cpu.EIP = 0xf7ff454c
cpu.EDI = 0xf7ffdf44
cpu.ESI = 0xf7ffcdec
cpu.ECX = 0x1
cpu.execute()
self.assertEqual(mem[0xf7ffdf44], 'c')
self.assertEqual(mem[0xf7ffdf45], 'm')
self.assertEqual(mem[0xf7ffdf46], 'o')
self.assertEqual(mem[0xf7ffdf47], 'v')
self.assertEqual(mem[0xf7ffcdec], 'c')
self.assertEqual(mem[0xf7ffcdef], 'v')
self.assertEqual(mem[0xf7ff454c], '\xf3')
self.assertEqual(mem[0xf7ff454d], '\xa5')
self.assertEqual(mem[0xf7ffcdee], 'o')
self.assertEqual(mem[0xf7ffcded], 'm')
self.assertEqual(cpu.EIP, 4160701774)
self.assertEqual(cpu.EDI, 4160741192)
self.assertEqual(cpu.ESI, 4160736752)
self.assertEqual(cpu.ECX, 0)
def test_MOVSD_20(self):
''' Instruction MOVSD_20
Groups:
0xf7ff454c: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xf7ffc000, 0x2000, 'rwx')
mem[0xf7ffdf52] = '\x00'
mem[0xf7ffdf53] = '\x00'
mem[0xf7ffdf54] = '\x00'
mem[0xf7ffdf55] = '\x00'
mem[0xf7ff454c] = '\xf3'
mem[0xf7ffcdef] = 'v'
mem[0xf7ffcdec] = 'c'
mem[0xf7ff454d] = '\xa5'
mem[0xf7ffcdee] = 'o'
mem[0xf7ffcded] = 'm'
cpu.EIP = 0xf7ff454c
cpu.EDI = 0xf7ffdf52
cpu.ESI = 0xf7ffcdec
cpu.ECX = 0x1
cpu.execute()
self.assertEqual(mem[0xf7ffdf52], 'c')
self.assertEqual(mem[0xf7ffdf53], 'm')
self.assertEqual(mem[0xf7ffdf54], 'o')
self.assertEqual(mem[0xf7ffdf55], 'v')
self.assertEqual(mem[0xf7ffcdec], 'c')
self.assertEqual(mem[0xf7ffcdef], 'v')
self.assertEqual(mem[0xf7ff454c], '\xf3')
self.assertEqual(mem[0xf7ff454d], '\xa5')
self.assertEqual(mem[0xf7ffcdee], 'o')
self.assertEqual(mem[0xf7ffcded], 'm')
self.assertEqual(cpu.EIP, 4160701774)
self.assertEqual(cpu.EDI, 4160741206)
self.assertEqual(cpu.ESI, 4160736752)
self.assertEqual(cpu.ECX, 0)
def test_MOVSD_21(self):
''' Instruction MOVSD_21
Groups:
0xf7ff454c: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x2000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
mem[0xf7ff5ea0] = '-'
mem[0xf7ff5e9f] = 'l'
mem[0xf7ffdf5d] = '\x00'
mem[0xf7ffdf5c] = '\x00'
mem[0xf7ffdf5a] = '\x00'
mem[0xf7ffdf5b] = '\x00'
mem[0xf7ff454c] = '\xf3'
mem[0xf7ff454d] = '\xa5'
mem[0xf7ff5e9e] = 'd'
mem[0xf7ff5e9d] = '\x00'
cpu.EIP = 0xf7ff454c
cpu.EDI = 0xf7ffdf5a
cpu.ESI = 0xf7ff5e9d
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7ff5ea0], '-')
self.assertEqual(mem[0xf7ff5e9f], 'l')
self.assertEqual(mem[0xf7ff5e9d], '\x00')
self.assertEqual(mem[0xf7ffdf5c], '\x00')
self.assertEqual(mem[0xf7ffdf5a], '\x00')
self.assertEqual(mem[0xf7ffdf5b], '\x00')
self.assertEqual(mem[0xf7ff454c], '\xf3')
self.assertEqual(mem[0xf7ff454d], '\xa5')
self.assertEqual(mem[0xf7ff5e9e], 'd')
self.assertEqual(mem[0xf7ffdf5d], '\x00')
self.assertEqual(cpu.EIP, 4160701774)
self.assertEqual(cpu.EDI, 4160741210)
self.assertEqual(cpu.ESI, 4160708253)
self.assertEqual(cpu.ECX, 0)
def test_MOVSD_3(self):
''' Instruction MOVSD_3
Groups:
0xf7ff4636: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7fdab18] = '8'
mem[0xf7fdab1b] = '\xf7'
mem[0xf7ff4636] = '\xf3'
mem[0xf7ff4637] = '\xa5'
mem[0xf7fdab08] = '\x00'
mem[0xf7fdab09] = '\x00'
mem[0xf7fdab0a] = '\x00'
mem[0xf7fdab0b] = '\x00'
mem[0xf7fdab19] = '\xd9'
mem[0xf7fdab1a] = '\xff'
cpu.EIP = 0xf7ff4636
cpu.EDI = 0xf7fdab08
cpu.ESI = 0xf7fdab18
cpu.ECX = 0x3
cpu.execute()
self.assertEqual(mem[0xf7fdab18], '8')
self.assertEqual(mem[0xf7fdab1b], '\xf7')
self.assertEqual(mem[0xf7ff4636], '\xf3')
self.assertEqual(mem[0xf7ff4637], '\xa5')
self.assertEqual(mem[0xf7fdab08], '8')
self.assertEqual(mem[0xf7fdab09], '\xd9')
self.assertEqual(mem[0xf7fdab0a], '\xff')
self.assertEqual(mem[0xf7fdab0b], '\xf7')
self.assertEqual(mem[0xf7fdab19], '\xd9')
self.assertEqual(mem[0xf7fdab1a], '\xff')
self.assertEqual(cpu.EIP, 4160702006)
self.assertEqual(cpu.EDI, 4160596748)
self.assertEqual(cpu.ESI, 4160596764)
self.assertEqual(cpu.ECX, 2)
def test_MOVSD_4(self):
''' Instruction MOVSD_4
Groups:
0xf7ff4651: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fd7000, 0x1000, 'rwx')
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4651] = '\xf3'
mem[0xf7ff4652] = '\xa5'
mem[0xf7fd7048] = '-'
mem[0xf7fda846] = '\x00'
mem[0xf7fda847] = '\x00'
mem[0xf7fda848] = '\x00'
mem[0xf7fda849] = '\x00'
mem[0xf7fd704a] = 'n'
mem[0xf7fd7047] = 'x'
mem[0xf7fd7049] = 'g'
cpu.EIP = 0xf7ff4651
cpu.EDI = 0xf7fda846
cpu.ESI = 0xf7fd7047
cpu.ECX = 0x4
cpu.execute()
self.assertEqual(mem[0xf7ff4651], '\xf3')
self.assertEqual(mem[0xf7ff4652], '\xa5')
self.assertEqual(mem[0xf7fd7048], '-')
self.assertEqual(mem[0xf7fda846], 'x')
self.assertEqual(mem[0xf7fda847], '-')
self.assertEqual(mem[0xf7fda848], 'g')
self.assertEqual(mem[0xf7fda849], 'n')
self.assertEqual(mem[0xf7fd704a], 'n')
self.assertEqual(mem[0xf7fd7047], 'x')
self.assertEqual(mem[0xf7fd7049], 'g')
self.assertEqual(cpu.EIP, 4160702033)
self.assertEqual(cpu.EDI, 4160596042)
self.assertEqual(cpu.ESI, 4160581707)
self.assertEqual(cpu.ECX, 3)
def test_MOVSD_5(self):
''' Instruction MOVSD_5
Groups:
0xf7ff454c: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7fdaae2] = '\x00'
mem[0xf7fdaae3] = '\x00'
mem[0xf7fdaae4] = '\x00'
mem[0xf7fdaae5] = '\x00'
mem[0xf7ff454c] = '\xf3'
mem[0xf7fda84a] = 'u'
mem[0xf7fda84b] = '/'
mem[0xf7fda84c] = 'l'
mem[0xf7ff454d] = '\xa5'
mem[0xf7fda84d] = 'i'
cpu.EIP = 0xf7ff454c
cpu.EDI = 0xf7fdaae2
cpu.ESI = 0xf7fda84a
cpu.ECX = 0x3
cpu.execute()
self.assertEqual(mem[0xf7fdaae2], 'u')
self.assertEqual(mem[0xf7fdaae3], '/')
self.assertEqual(mem[0xf7fdaae4], 'l')
self.assertEqual(mem[0xf7fdaae5], 'i')
self.assertEqual(mem[0xf7fda84c], 'l')
self.assertEqual(mem[0xf7fda84a], 'u')
self.assertEqual(mem[0xf7fda84b], '/')
self.assertEqual(mem[0xf7ff454c], '\xf3')
self.assertEqual(mem[0xf7ff454d], '\xa5')
self.assertEqual(mem[0xf7fda84d], 'i')
self.assertEqual(cpu.EIP, 4160701772)
self.assertEqual(cpu.EDI, 4160596710)
self.assertEqual(cpu.ESI, 4160596046)
self.assertEqual(cpu.ECX, 2)
def test_MOVSD_6(self):
''' Instruction MOVSD_6
Groups:
0xf7ff454c: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xf7ffc000, 0x2000, 'rwx')
mem[0xf7ffdf31] = '\x00'
mem[0xf7ffdf32] = '\x00'
mem[0xf7ffdf33] = '\x00'
mem[0xf7ffce44] = 's'
mem[0xf7ffce45] = 's'
mem[0xf7ffce46] = 'e'
mem[0xf7ffce47] = '2'
mem[0xf7ffdf34] = '\x00'
mem[0xf7ff454c] = '\xf3'
mem[0xf7ff454d] = '\xa5'
cpu.EIP = 0xf7ff454c
cpu.EDI = 0xf7ffdf31
cpu.ESI = 0xf7ffce44
cpu.ECX = 0x1
cpu.execute()
self.assertEqual(mem[0xf7ffdf31], 's')
self.assertEqual(mem[0xf7ffdf32], 's')
self.assertEqual(mem[0xf7ffdf33], 'e')
self.assertEqual(mem[0xf7ffce44], 's')
self.assertEqual(mem[0xf7ffce45], 's')
self.assertEqual(mem[0xf7ffce46], 'e')
self.assertEqual(mem[0xf7ffce47], '2')
self.assertEqual(mem[0xf7ffdf34], '2')
self.assertEqual(mem[0xf7ff454c], '\xf3')
self.assertEqual(mem[0xf7ff454d], '\xa5')
self.assertEqual(cpu.EIP, 4160701774)
self.assertEqual(cpu.EDI, 4160741173)
self.assertEqual(cpu.ESI, 4160736840)
self.assertEqual(cpu.ECX, 0)
def test_MOVSD_7(self):
''' Instruction MOVSD_7
Groups:
0x804d55b: movsd dword ptr es:[edi], dword ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0x0807e000, 0x2000, 'rwx')
mem[0x0807f033] = '\x08'
mem[0x0807e033] = '\x08'
mem[0x0807f034] = '\xed'
mem[0x0807f035] = '\xd1'
mem[0x0807e036] = '\x1e'
mem[0x0807e034] = '\xe5'
mem[0x0804d55b] = '\xa5'
mem[0x0807f036] = '\x1e'
mem[0x0807e035] = 'Q'
cpu.DF = False
cpu.EIP = 0x804d55b
cpu.EDI = 0x807f033
cpu.ESI = 0x807e033
cpu.execute()
self.assertEqual(mem[0x807e033], '\x08')
self.assertEqual(mem[0x807f033], '\x08')
self.assertEqual(mem[0x807f034], '\xe5')
self.assertEqual(mem[0x807f035], 'Q')
self.assertEqual(mem[0x807f036], '\x1e')
self.assertEqual(mem[0x807e034], '\xe5')
self.assertEqual(mem[0x804d55b], '\xa5')
self.assertEqual(mem[0x807e036], '\x1e')
self.assertEqual(mem[0x807e035], 'Q')
self.assertEqual(cpu.EIP, 134534492)
self.assertEqual(cpu.EDI, 134737975)
self.assertEqual(cpu.ESI, 134733879)
def test_MOVSD_8(self):
''' Instruction MOVSD_8
Groups:
0xf7ff454c: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7fdaad2] = '\x00'
mem[0xf7fdaad3] = '\x00'
mem[0xf7fdaad4] = '\x00'
mem[0xf7fdaad5] = '\x00'
mem[0xf7fda83c] = '/'
mem[0xf7fda83a] = 'i'
mem[0xf7fda83b] = 'b'
mem[0xf7ff454c] = '\xf3'
mem[0xf7ff454d] = '\xa5'
mem[0xf7fda83d] = 'i'
cpu.EIP = 0xf7ff454c
cpu.EDI = 0xf7fdaad2
cpu.ESI = 0xf7fda83a
cpu.ECX = 0x7
cpu.execute()
self.assertEqual(mem[0xf7fdaad2], 'i')
self.assertEqual(mem[0xf7fdaad3], 'b')
self.assertEqual(mem[0xf7fdaad4], '/')
self.assertEqual(mem[0xf7fdaad5], 'i')
self.assertEqual(mem[0xf7fda83c], '/')
self.assertEqual(mem[0xf7fda83a], 'i')
self.assertEqual(mem[0xf7fda83b], 'b')
self.assertEqual(mem[0xf7ff454c], '\xf3')
self.assertEqual(mem[0xf7ff454d], '\xa5')
self.assertEqual(mem[0xf7fda83d], 'i')
self.assertEqual(cpu.EIP, 4160701772)
self.assertEqual(cpu.EDI, 4160596694)
self.assertEqual(cpu.ESI, 4160596030)
self.assertEqual(cpu.ECX, 6)
def test_MOVSD_9(self):
''' Instruction MOVSD_9
Groups:
0xf7ff454c: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x2000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
mem[0xf7ff5ea0] = '-'
mem[0xf7ff5e9f] = 'l'
mem[0xf7ff5e9e] = 'd'
mem[0xf7ff5e9d] = '\x00'
mem[0xf7ffdf2c] = '\x00'
mem[0xf7ffdf2b] = '\x00'
mem[0xf7ff454c] = '\xf3'
mem[0xf7ff454d] = '\xa5'
mem[0xf7ffdf2e] = '\x00'
mem[0xf7ffdf2d] = '\x00'
cpu.EIP = 0xf7ff454c
cpu.EDI = 0xf7ffdf2b
cpu.ESI = 0xf7ff5e9d
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7ff5ea0], '-')
self.assertEqual(mem[0xf7ff5e9f], 'l')
self.assertEqual(mem[0xf7ff5e9e], 'd')
self.assertEqual(mem[0xf7ff5e9d], '\x00')
self.assertEqual(mem[0xf7ff454c], '\xf3')
self.assertEqual(mem[0xf7ffdf2b], '\x00')
self.assertEqual(mem[0xf7ffdf2c], '\x00')
self.assertEqual(mem[0xf7ff454d], '\xa5')
self.assertEqual(mem[0xf7ffdf2e], '\x00')
self.assertEqual(mem[0xf7ffdf2d], '\x00')
self.assertEqual(cpu.EIP, 4160701774)
self.assertEqual(cpu.EDI, 4160741163)
self.assertEqual(cpu.ESI, 4160708253)
self.assertEqual(cpu.ECX, 0)
def test_MOVSS_1(self):
''' Instruction MOVSS_1
Groups: sse1
0x805badf: movss xmm0, xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x0805bae0] = '\x0f'
mem[0x0805bae1] = '\x10'
mem[0x0805bae2] = '\xc1'
mem[0x0805badf] = '\xf3'
cpu.EIP = 0x805badf
cpu.XMM0 = 0x1
cpu.XMM1 = 0x0
cpu.execute()
self.assertEqual(mem[0x805bae0], '\x0f')
self.assertEqual(mem[0x805bae1], '\x10')
self.assertEqual(mem[0x805bae2], '\xc1')
self.assertEqual(mem[0x805badf], '\xf3')
self.assertEqual(cpu.EIP, 134593251)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.XMM1, 0)
def test_MOVSS_2(self):
''' Instruction MOVSS_2
Groups: sse1
0x805bae3: movss xmm0, dword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0x0805bae3] = '\xf3'
mem[0x0805bae4] = '\x0f'
mem[0x0805bae5] = '\x10'
mem[0x0805bae6] = 'E'
mem[0x0805bae7] = '\x00'
mem[0xffffb603] = '\x00'
cpu.EIP = 0x805bae3
cpu.XMM0 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0x805bae3], '\xf3')
self.assertEqual(mem[0x805bae4], '\x0f')
self.assertEqual(mem[0x805bae5], '\x10')
self.assertEqual(mem[0x805bae6], 'E')
self.assertEqual(mem[0x805bae7], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(cpu.EIP, 134593256)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_MOVSS_3(self):
''' Instruction MOVSS_3
Groups: sse1
0x805bae8: movss dword ptr [ebp], xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x0805bae8] = '\xf3'
mem[0x0805bae9] = '\x0f'
mem[0x0805baea] = '\x11'
mem[0x0805baeb] = 'M'
mem[0x0805baec] = '\x00'
cpu.EIP = 0x805bae8
cpu.XMM1 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x805bae8], '\xf3')
self.assertEqual(mem[0x805bae9], '\x0f')
self.assertEqual(mem[0x805baea], '\x11')
self.assertEqual(mem[0x805baeb], 'M')
self.assertEqual(mem[0x805baec], '\x00')
self.assertEqual(cpu.EIP, 134593261)
self.assertEqual(cpu.XMM1, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_MOVSW_1(self):
''' Instruction MOVSW_1
Groups:
0xf7ff454a: movsw word ptr es:[edi], word ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x2000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
mem[0xf7ff454a] = 'f'
mem[0xf7ff454b] = '\xa5'
mem[0xf7ffdf58] = '\x00'
mem[0xf7ffdf59] = '\x00'
mem[0xf7ff5e9b] = 'l'
mem[0xf7ff5e9c] = 's'
cpu.DF = False
cpu.EIP = 0xf7ff454a
cpu.EDI = 0xf7ffdf58
cpu.ESI = 0xf7ff5e9b
cpu.execute()
self.assertEqual(mem[0xf7ff454a], 'f')
self.assertEqual(mem[0xf7ff454b], '\xa5')
self.assertEqual(mem[0xf7ffdf58], 'l')
self.assertEqual(mem[0xf7ffdf59], 's')
self.assertEqual(mem[0xf7ff5e9b], 'l')
self.assertEqual(mem[0xf7ff5e9c], 's')
self.assertEqual(cpu.EIP, 4160701772)
self.assertEqual(cpu.EDI, 4160741210)
self.assertEqual(cpu.ESI, 4160708253)
def test_MOVSW_2(self):
''' Instruction MOVSW_2
Groups:
0xf7ff454a: movsw word ptr es:[edi], word ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x2000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
mem[0xf7ff454b] = '\xa5'
mem[0xf7ff454a] = 'f'
mem[0xf7ffdf4b] = '\x00'
mem[0xf7ff5e9b] = 'l'
mem[0xf7ff5e9c] = 's'
mem[0xf7ffdf4a] = '\x00'
cpu.DF = False
cpu.EIP = 0xf7ff454a
cpu.EDI = 0xf7ffdf4a
cpu.ESI = 0xf7ff5e9b
cpu.execute()
self.assertEqual(mem[0xf7ffdf4b], 's')
self.assertEqual(mem[0xf7ff454a], 'f')
self.assertEqual(mem[0xf7ff454b], '\xa5')
self.assertEqual(mem[0xf7ff5e9b], 'l')
self.assertEqual(mem[0xf7ff5e9c], 's')
self.assertEqual(mem[0xf7ffdf4a], 'l')
self.assertEqual(cpu.EIP, 4160701772)
self.assertEqual(cpu.EDI, 4160741196)
self.assertEqual(cpu.ESI, 4160708253)
def test_MOVSW_3(self):
''' Instruction MOVSW_3
Groups:
0xf7ff454a: movsw word ptr es:[edi], word ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff454a] = 'f'
mem[0xf7ff454b] = '\xa5'
mem[0xf7fdaad0] = '\x00'
mem[0xf7fdaad1] = '\x00'
mem[0xf7fda838] = '/'
mem[0xf7fda839] = 'l'
cpu.DF = False
cpu.EIP = 0xf7ff454a
cpu.EDI = 0xf7fdaad0
cpu.ESI = 0xf7fda838
cpu.execute()
self.assertEqual(mem[0xf7ff454a], 'f')
self.assertEqual(mem[0xf7ff454b], '\xa5')
self.assertEqual(mem[0xf7fdaad0], '/')
self.assertEqual(mem[0xf7fdaad1], 'l')
self.assertEqual(mem[0xf7fda838], '/')
self.assertEqual(mem[0xf7fda839], 'l')
self.assertEqual(cpu.EIP, 4160701772)
self.assertEqual(cpu.EDI, 4160596690)
self.assertEqual(cpu.ESI, 4160596026)
def test_MOVSW_4(self):
''' Instruction MOVSW_4
Groups:
0x804d559: movsw word ptr es:[edi], word ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0x0807e000, 0x2000, 'rwx')
mem[0x0807e031] = '\xe0'
mem[0x0807e032] = '\x07'
mem[0x0807f031] = '\xf0'
mem[0x0807f032] = '\x07'
mem[0x0804d559] = 'f'
mem[0x0804d55a] = '\xa5'
cpu.DF = False
cpu.EIP = 0x804d559
cpu.EDI = 0x807f031
cpu.ESI = 0x807e031
cpu.execute()
self.assertEqual(mem[0x807e031], '\xe0')
self.assertEqual(mem[0x807e032], '\x07')
self.assertEqual(mem[0x807f031], '\xe0')
self.assertEqual(mem[0x807f032], '\x07')
self.assertEqual(mem[0x804d559], 'f')
self.assertEqual(mem[0x804d55a], '\xa5')
self.assertEqual(cpu.EIP, 134534491)
self.assertEqual(cpu.EDI, 134737971)
self.assertEqual(cpu.ESI, 134733875)
def test_MOVSW_5(self):
''' Instruction MOVSW_5
Groups:
0xf7ff454a: movsw word ptr es:[edi], word ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x2000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
mem[0xf7ffdf29] = '\x00'
mem[0xf7ff454a] = 'f'
mem[0xf7ff454b] = '\xa5'
mem[0xf7ff5e9b] = 'l'
mem[0xf7ff5e9c] = 's'
mem[0xf7ffdf2a] = '\x00'
cpu.DF = False
cpu.EIP = 0xf7ff454a
cpu.EDI = 0xf7ffdf29
cpu.ESI = 0xf7ff5e9b
cpu.execute()
self.assertEqual(mem[0xf7ffdf29], 'l')
self.assertEqual(mem[0xf7ff454a], 'f')
self.assertEqual(mem[0xf7ff454b], '\xa5')
self.assertEqual(mem[0xf7ff5e9b], 'l')
self.assertEqual(mem[0xf7ff5e9c], 's')
self.assertEqual(mem[0xf7ffdf2a], 's')
self.assertEqual(cpu.EIP, 4160701772)
self.assertEqual(cpu.EDI, 4160741163)
self.assertEqual(cpu.ESI, 4160708253)
def test_MOVSW_6(self):
''' Instruction MOVSW_6
Groups:
0xf7ff454a: movsw word ptr es:[edi], word ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x2000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
mem[0xf7ffdf3c] = '\x00'
mem[0xf7ff454a] = 'f'
mem[0xf7ff454b] = '\xa5'
mem[0xf7ff5e9b] = 'l'
mem[0xf7ff5e9c] = 's'
mem[0xf7ffdf3d] = '\x00'
cpu.DF = False
cpu.EIP = 0xf7ff454a
cpu.EDI = 0xf7ffdf3c
cpu.ESI = 0xf7ff5e9b
cpu.execute()
self.assertEqual(mem[0xf7ff5e9c], 's')
self.assertEqual(mem[0xf7ff454a], 'f')
self.assertEqual(mem[0xf7ff454b], '\xa5')
self.assertEqual(mem[0xf7ff5e9b], 'l')
self.assertEqual(mem[0xf7ffdf3c], 'l')
self.assertEqual(mem[0xf7ffdf3d], 's')
self.assertEqual(cpu.EIP, 4160701772)
self.assertEqual(cpu.EDI, 4160741182)
self.assertEqual(cpu.ESI, 4160708253)
def test_MOVSW_7(self):
''' Instruction MOVSW_7
Groups:
0xf7ff464f: movsw word ptr es:[edi], word ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fd7000, 0x1000, 'rwx')
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff464f] = 'f'
mem[0xf7ff4650] = '\xa5'
mem[0xf7fda839] = '\x00'
mem[0xf7fda838] = '\x00'
mem[0xf7fd7039] = '/'
mem[0xf7fd703a] = 'l'
cpu.DF = False
cpu.EIP = 0xf7ff464f
cpu.EDI = 0xf7fda838
cpu.ESI = 0xf7fd7039
cpu.execute()
self.assertEqual(mem[0xf7ff464f], 'f')
self.assertEqual(mem[0xf7ff4650], '\xa5')
self.assertEqual(mem[0xf7fd7039], '/')
self.assertEqual(mem[0xf7fda838], '/')
self.assertEqual(mem[0xf7fda839], 'l')
self.assertEqual(mem[0xf7fd703a], 'l')
self.assertEqual(cpu.EIP, 4160702033)
self.assertEqual(cpu.EDI, 4160596026)
self.assertEqual(cpu.ESI, 4160581691)
def test_MOVSW_8(self):
''' Instruction MOVSW_8
Groups:
0xf7ff464f: movsw word ptr es:[edi], word ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7fdaac4] = '\x00'
mem[0xf7fdaac5] = '\x00'
mem[0x080481e9] = 'l'
mem[0x080481ea] = 'i'
mem[0xf7ff464f] = 'f'
mem[0xf7ff4650] = '\xa5'
cpu.DF = False
cpu.EIP = 0xf7ff464f
cpu.EDI = 0xf7fdaac4
cpu.ESI = 0x80481e9
cpu.execute()
self.assertEqual(mem[0xf7fdaac4], 'l')
self.assertEqual(mem[0xf7fdaac5], 'i')
self.assertEqual(mem[0x80481e9], 'l')
self.assertEqual(mem[0x80481ea], 'i')
self.assertEqual(mem[0xf7ff464f], 'f')
self.assertEqual(mem[0xf7ff4650], '\xa5')
self.assertEqual(cpu.EIP, 4160702033)
self.assertEqual(cpu.EDI, 4160596678)
self.assertEqual(cpu.ESI, 134513131)
def test_MOVSX_1(self):
''' Instruction MOVSX_1
Groups:
0xf7ff06c5: movsx ecx, dl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff06c5] = '\x0f'
mem[0xf7ff06c6] = '\xbe'
mem[0xf7ff06c7] = '\xca'
cpu.EIP = 0xf7ff06c5
cpu.DL = 0x64
cpu.ECX = 0x63
cpu.execute()
self.assertEqual(mem[0xf7ff06c5], '\x0f')
self.assertEqual(mem[0xf7ff06c6], '\xbe')
self.assertEqual(mem[0xf7ff06c7], '\xca')
self.assertEqual(cpu.EIP, 4160685768)
self.assertEqual(cpu.DL, 100)
self.assertEqual(cpu.ECX, 100)
def test_MOVSX_10(self):
''' Instruction MOVSX_10
Groups:
0x805ba7e: movsx cx, dl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x0805ba80] = '\xbe'
mem[0x0805ba81] = '\xca'
mem[0x0805ba7e] = 'f'
mem[0x0805ba7f] = '\x0f'
cpu.EIP = 0x805ba7e
cpu.DL = 0xec
cpu.CX = 0x1
cpu.execute()
self.assertEqual(mem[0x805ba80], '\xbe')
self.assertEqual(mem[0x805ba81], '\xca')
self.assertEqual(mem[0x805ba7e], 'f')
self.assertEqual(mem[0x805ba7f], '\x0f')
self.assertEqual(cpu.EIP, 134593154)
self.assertEqual(cpu.DL, 236)
self.assertEqual(cpu.CX, 65516)
def test_MOVSX_11(self):
''' Instruction MOVSX_11
Groups:
0xf7ff069c: movsx eax, byte ptr [edx]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fd6000, 0x1000, 'rwx')
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7fd6ff2] = '\x00'
mem[0xf7ff069c] = '\x0f'
mem[0xf7ff069d] = '\xbe'
mem[0xf7ff069e] = '\x02'
cpu.EIP = 0xf7ff069c
cpu.EDX = 0xf7fd6ff2
cpu.EAX = 0x80481f2
cpu.execute()
self.assertEqual(mem[0xf7fd6ff2], '\x00')
self.assertEqual(mem[0xf7ff069c], '\x0f')
self.assertEqual(mem[0xf7ff069d], '\xbe')
self.assertEqual(mem[0xf7ff069e], '\x02')
self.assertEqual(cpu.EIP, 4160685727)
self.assertEqual(cpu.EDX, 4160581618)
self.assertEqual(cpu.EAX, 0)
def test_MOVSX_12(self):
''' Instruction MOVSX_12
Groups:
0xf7ff05d7: movsx esi, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff05d8] = '\xbe'
mem[0xf7ff05d9] = '\xf1'
mem[0xf7ff05d7] = '\x0f'
cpu.EIP = 0xf7ff05d7
cpu.ESI = 0x36
cpu.CL = 0x36
cpu.execute()
self.assertEqual(mem[0xf7ff05d8], '\xbe')
self.assertEqual(mem[0xf7ff05d9], '\xf1')
self.assertEqual(mem[0xf7ff05d7], '\x0f')
self.assertEqual(cpu.EIP, 4160685530)
self.assertEqual(cpu.ESI, 54)
self.assertEqual(cpu.CL, 54)
def test_MOVSX_13(self):
''' Instruction MOVSX_13
Groups:
0xf7ff06c5: movsx ecx, dl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff06c5] = '\x0f'
mem[0xf7ff06c6] = '\xbe'
mem[0xf7ff06c7] = '\xca'
cpu.EIP = 0xf7ff06c5
cpu.DL = 0x61
cpu.ECX = 0x63
cpu.execute()
self.assertEqual(mem[0xf7ff06c5], '\x0f')
self.assertEqual(mem[0xf7ff06c6], '\xbe')
self.assertEqual(mem[0xf7ff06c7], '\xca')
self.assertEqual(cpu.EIP, 4160685768)
self.assertEqual(cpu.DL, 97)
self.assertEqual(cpu.ECX, 97)
def test_MOVSX_14(self):
''' Instruction MOVSX_14
Groups:
0xf7ff06c2: movsx eax, al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff06c2] = '\x0f'
mem[0xf7ff06c3] = '\xbe'
mem[0xf7ff06c4] = '\xc0'
cpu.EIP = 0xf7ff06c2
cpu.AL = 0x2e
cpu.EAX = 0x2e
cpu.execute()
self.assertEqual(mem[0xf7ff06c2], '\x0f')
self.assertEqual(mem[0xf7ff06c3], '\xbe')
self.assertEqual(mem[0xf7ff06c4], '\xc0')
self.assertEqual(cpu.EIP, 4160685765)
self.assertEqual(cpu.AL, 46)
self.assertEqual(cpu.EAX, 46)
def test_MOVSX_15(self):
''' Instruction MOVSX_15
Groups:
0xf7ff05da: movsx ecx, dl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff05da] = '\x0f'
mem[0xf7ff05db] = '\xbe'
mem[0xf7ff05dc] = '\xca'
cpu.EIP = 0xf7ff05da
cpu.DL = 0x36
cpu.ECX = 0x36
cpu.execute()
self.assertEqual(mem[0xf7ff05da], '\x0f')
self.assertEqual(mem[0xf7ff05db], '\xbe')
self.assertEqual(mem[0xf7ff05dc], '\xca')
self.assertEqual(cpu.EIP, 4160685533)
self.assertEqual(cpu.DL, 54)
self.assertEqual(cpu.ECX, 54)
def test_MOVSX_16(self):
''' Instruction MOVSX_16
Groups:
0xf7ff06c2: movsx eax, al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff06c2] = '\x0f'
mem[0xf7ff06c3] = '\xbe'
mem[0xf7ff06c4] = '\xc0'
cpu.EIP = 0xf7ff06c2
cpu.AL = 0x63
cpu.EAX = 0x63
cpu.execute()
self.assertEqual(mem[0xf7ff06c2], '\x0f')
self.assertEqual(mem[0xf7ff06c3], '\xbe')
self.assertEqual(mem[0xf7ff06c4], '\xc0')
self.assertEqual(cpu.EIP, 4160685765)
self.assertEqual(cpu.AL, 99)
self.assertEqual(cpu.EAX, 99)
def test_MOVSX_17(self):
''' Instruction MOVSX_17
Groups:
0xf7ff05d7: movsx esi, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff05d8] = '\xbe'
mem[0xf7ff05d9] = '\xf1'
mem[0xf7ff05d7] = '\x0f'
cpu.EIP = 0xf7ff05d7
cpu.ESI = 0x36
cpu.CL = 0x36
cpu.execute()
self.assertEqual(mem[0xf7ff05d8], '\xbe')
self.assertEqual(mem[0xf7ff05d9], '\xf1')
self.assertEqual(mem[0xf7ff05d7], '\x0f')
self.assertEqual(cpu.EIP, 4160685530)
self.assertEqual(cpu.ESI, 54)
self.assertEqual(cpu.CL, 54)
def test_MOVSX_18(self):
''' Instruction MOVSX_18
Groups:
0xf7ff06c2: movsx eax, al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff06c2] = '\x0f'
mem[0xf7ff06c3] = '\xbe'
mem[0xf7ff06c4] = '\xc0'
cpu.EIP = 0xf7ff06c2
cpu.AL = 0x63
cpu.EAX = 0x63
cpu.execute()
self.assertEqual(mem[0xf7ff06c2], '\x0f')
self.assertEqual(mem[0xf7ff06c3], '\xbe')
self.assertEqual(mem[0xf7ff06c4], '\xc0')
self.assertEqual(cpu.EIP, 4160685765)
self.assertEqual(cpu.AL, 99)
self.assertEqual(cpu.EAX, 99)
def test_MOVSX_19(self):
''' Instruction MOVSX_19
Groups:
0x805ba82: movsx cx, byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0x0805ba82] = 'f'
mem[0x0805ba83] = '\x0f'
mem[0x0805ba84] = '\xbe'
mem[0x0805ba85] = 'M'
mem[0x0805ba86] = '\x00'
cpu.EIP = 0x805ba82
cpu.CX = 0xffec
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0x805ba82], 'f')
self.assertEqual(mem[0x805ba83], '\x0f')
self.assertEqual(mem[0x805ba84], '\xbe')
self.assertEqual(mem[0x805ba85], 'M')
self.assertEqual(mem[0x805ba86], '\x00')
self.assertEqual(cpu.EIP, 134593159)
self.assertEqual(cpu.CX, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_MOVSX_2(self):
''' Instruction MOVSX_2
Groups:
0xf7ff069c: movsx eax, byte ptr [edx]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fd7000, 0x1000, 'rwx')
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7fd7038] = '\x00'
mem[0xf7ff069c] = '\x0f'
mem[0xf7ff069d] = '\xbe'
mem[0xf7ff069e] = '\x02'
cpu.EIP = 0xf7ff069c
cpu.EDX = 0xf7fd7038
cpu.EAX = 0x80481f2
cpu.execute()
self.assertEqual(mem[0xf7fd7038], '\x00')
self.assertEqual(mem[0xf7ff069c], '\x0f')
self.assertEqual(mem[0xf7ff069d], '\xbe')
self.assertEqual(mem[0xf7ff069e], '\x02')
self.assertEqual(cpu.EIP, 4160685727)
self.assertEqual(cpu.EDX, 4160581688)
self.assertEqual(cpu.EAX, 0)
def test_MOVSX_20(self):
''' Instruction MOVSX_20
Groups:
0x805ba91: movsx ecx, word ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0x0805ba91] = '\x0f'
mem[0x0805ba92] = '\xbf'
mem[0x0805ba93] = 'M'
mem[0x0805ba94] = '\x00'
cpu.EIP = 0x805ba91
cpu.EBP = 0xffffb600
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0x805ba91], '\x0f')
self.assertEqual(mem[0x805ba92], '\xbf')
self.assertEqual(mem[0x805ba93], 'M')
self.assertEqual(mem[0x805ba94], '\x00')
self.assertEqual(cpu.EIP, 134593173)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.ECX, 0)
def test_MOVSX_21(self):
''' Instruction MOVSX_21
Groups:
0xf7ff05da: movsx ecx, dl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff05da] = '\x0f'
mem[0xf7ff05db] = '\xbe'
mem[0xf7ff05dc] = '\xca'
cpu.EIP = 0xf7ff05da
cpu.DL = 0x36
cpu.ECX = 0x36
cpu.execute()
self.assertEqual(mem[0xf7ff05da], '\x0f')
self.assertEqual(mem[0xf7ff05db], '\xbe')
self.assertEqual(mem[0xf7ff05dc], '\xca')
self.assertEqual(cpu.EIP, 4160685533)
self.assertEqual(cpu.DL, 54)
self.assertEqual(cpu.ECX, 54)
def test_MOVSX_3(self):
''' Instruction MOVSX_3
Groups:
0x805ba87: movsx ecx, dl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x0805ba88] = '\xbe'
mem[0x0805ba89] = '\xca'
mem[0x0805ba87] = '\x0f'
cpu.EIP = 0x805ba87
cpu.DL = 0xec
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0x805ba88], '\xbe')
self.assertEqual(mem[0x805ba89], '\xca')
self.assertEqual(mem[0x805ba87], '\x0f')
self.assertEqual(cpu.EIP, 134593162)
self.assertEqual(cpu.DL, 236)
self.assertEqual(cpu.ECX, 4294967276)
def test_MOVSX_4(self):
''' Instruction MOVSX_4
Groups:
0x805ba8d: movsx ecx, byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x0805ba90] = '\x00'
mem[0xffffb600] = '\x00'
mem[0x0805ba8d] = '\x0f'
mem[0x0805ba8e] = '\xbe'
mem[0x0805ba8f] = 'M'
cpu.EIP = 0x805ba8d
cpu.EBP = 0xffffb600
cpu.ECX = 0x3ec
cpu.execute()
self.assertEqual(mem[0x805ba90], '\x00')
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0x805ba8d], '\x0f')
self.assertEqual(mem[0x805ba8e], '\xbe')
self.assertEqual(mem[0x805ba8f], 'M')
self.assertEqual(cpu.EIP, 134593169)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.ECX, 0)
def test_MOVSX_5(self):
''' Instruction MOVSX_5
Groups:
0xf7ff05d7: movsx esi, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff05d8] = '\xbe'
mem[0xf7ff05d9] = '\xf1'
mem[0xf7ff05d7] = '\x0f'
cpu.EIP = 0xf7ff05d7
cpu.ESI = 0x36
cpu.CL = 0x36
cpu.execute()
self.assertEqual(mem[0xf7ff05d8], '\xbe')
self.assertEqual(mem[0xf7ff05d9], '\xf1')
self.assertEqual(mem[0xf7ff05d7], '\x0f')
self.assertEqual(cpu.EIP, 4160685530)
self.assertEqual(cpu.ESI, 54)
self.assertEqual(cpu.CL, 54)
def test_MOVSX_6(self):
''' Instruction MOVSX_6
Groups:
0xf7ff06c5: movsx ecx, dl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff06c5] = '\x0f'
mem[0xf7ff06c6] = '\xbe'
mem[0xf7ff06c7] = '\xca'
cpu.EIP = 0xf7ff06c5
cpu.DL = 0x61
cpu.ECX = 0x2e
cpu.execute()
self.assertEqual(mem[0xf7ff06c5], '\x0f')
self.assertEqual(mem[0xf7ff06c6], '\xbe')
self.assertEqual(mem[0xf7ff06c7], '\xca')
self.assertEqual(cpu.EIP, 4160685768)
self.assertEqual(cpu.DL, 97)
self.assertEqual(cpu.ECX, 97)
def test_MOVSX_7(self):
''' Instruction MOVSX_7
Groups:
0xf7ff06c2: movsx eax, al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff06c2] = '\x0f'
mem[0xf7ff06c3] = '\xbe'
mem[0xf7ff06c4] = '\xc0'
cpu.EIP = 0xf7ff06c2
cpu.AL = 0x63
cpu.EAX = 0x63
cpu.execute()
self.assertEqual(mem[0xf7ff06c2], '\x0f')
self.assertEqual(mem[0xf7ff06c3], '\xbe')
self.assertEqual(mem[0xf7ff06c4], '\xc0')
self.assertEqual(cpu.EIP, 4160685765)
self.assertEqual(cpu.AL, 99)
self.assertEqual(cpu.EAX, 99)
def test_MOVSX_8(self):
''' Instruction MOVSX_8
Groups:
0xf7ff05da: movsx ecx, dl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff05da] = '\x0f'
mem[0xf7ff05db] = '\xbe'
mem[0xf7ff05dc] = '\xca'
cpu.EIP = 0xf7ff05da
cpu.DL = 0x36
cpu.ECX = 0x36
cpu.execute()
self.assertEqual(mem[0xf7ff05da], '\x0f')
self.assertEqual(mem[0xf7ff05db], '\xbe')
self.assertEqual(mem[0xf7ff05dc], '\xca')
self.assertEqual(cpu.EIP, 4160685533)
self.assertEqual(cpu.DL, 54)
self.assertEqual(cpu.ECX, 54)
def test_MOVSX_9(self):
''' Instruction MOVSX_9
Groups:
0xf7ff06c5: movsx ecx, dl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff06c5] = '\x0f'
mem[0xf7ff06c6] = '\xbe'
mem[0xf7ff06c7] = '\xca'
cpu.EIP = 0xf7ff06c5
cpu.DL = 0x6c
cpu.ECX = 0x2e
cpu.execute()
self.assertEqual(mem[0xf7ff06c5], '\x0f')
self.assertEqual(mem[0xf7ff06c6], '\xbe')
self.assertEqual(mem[0xf7ff06c7], '\xca')
self.assertEqual(cpu.EIP, 4160685768)
self.assertEqual(cpu.DL, 108)
self.assertEqual(cpu.ECX, 108)
def test_MOVZX_1(self):
''' Instruction MOVZX_1
Groups:
0xf7fe7239: movzx eax, byte ptr [eax + 0xc]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e20000, 0x1000, 'rwx')
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7e20b40] = '\x11'
mem[0xf7fe7239] = '\x0f'
mem[0xf7fe723a] = '\xb6'
mem[0xf7fe723b] = '@'
mem[0xf7fe723c] = '\x0c'
cpu.EIP = 0xf7fe7239
cpu.EAX = 0xf7e20b34
cpu.execute()
self.assertEqual(mem[0xf7e20b40], '\x11')
self.assertEqual(mem[0xf7fe7239], '\x0f')
self.assertEqual(mem[0xf7fe723a], '\xb6')
self.assertEqual(mem[0xf7fe723b], '@')
self.assertEqual(mem[0xf7fe723c], '\x0c')
self.assertEqual(cpu.EIP, 4160647741)
self.assertEqual(cpu.EAX, 17)
def test_MOVZX_10(self):
''' Instruction MOVZX_10
Groups:
0xf7fe720c: movzx edx, word ptr [edx + ecx*2]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e28000, 0x1000, 'rwx')
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe720c] = '\x0f'
mem[0xf7fe720d] = '\xb7'
mem[0xf7fe720e] = '\x14'
mem[0xf7fe720f] = 'J'
mem[0xf7e287da] = '\x02'
mem[0xf7e287db] = '\x00'
cpu.EIP = 0xf7fe720c
cpu.EDX = 0xf7e281c2
cpu.ECX = 0x30c
cpu.execute()
self.assertEqual(mem[0xf7fe720c], '\x0f')
self.assertEqual(mem[0xf7fe720d], '\xb7')
self.assertEqual(mem[0xf7fe720e], '\x14')
self.assertEqual(mem[0xf7fe720f], 'J')
self.assertEqual(mem[0xf7e287da], '\x02')
self.assertEqual(mem[0xf7e287db], '\x00')
self.assertEqual(cpu.EIP, 4160647696)
self.assertEqual(cpu.EDX, 2)
self.assertEqual(cpu.ECX, 780)
def test_MOVZX_11(self):
''' Instruction MOVZX_11
Groups:
0xf7fe57ac: movzx eax, byte ptr [esi + 0x194]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe57b0] = '\x01'
mem[0xf7fe57b1] = '\x00'
mem[0xf7fe57b2] = '\x00'
mem[0xf7fe57ac] = '\x0f'
mem[0xf7fda9ec] = '\x15'
mem[0xf7fe57ad] = '\xb6'
mem[0xf7fe57ae] = '\x86'
mem[0xf7fe57af] = '\x94'
cpu.EIP = 0xf7fe57ac
cpu.ESI = 0xf7fda858
cpu.EAX = 0xf7fdc3bc
cpu.execute()
self.assertEqual(mem[0xf7fe57b0], '\x01')
self.assertEqual(mem[0xf7fe57b1], '\x00')
self.assertEqual(mem[0xf7fe57b2], '\x00')
self.assertEqual(mem[0xf7fda9ec], '\x15')
self.assertEqual(mem[0xf7fe57ac], '\x0f')
self.assertEqual(mem[0xf7fe57ad], '\xb6')
self.assertEqual(mem[0xf7fe57ae], '\x86')
self.assertEqual(mem[0xf7fe57af], '\x94')
self.assertEqual(cpu.EIP, 4160640947)
self.assertEqual(cpu.ESI, 4160596056)
self.assertEqual(cpu.EAX, 21)
def test_MOVZX_12(self):
''' Instruction MOVZX_12
Groups:
0xf7fe56ac: movzx eax, byte ptr [edx]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e25000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7e25fd3] = 't'
mem[0xf7fe56ac] = '\x0f'
mem[0xf7fe56ad] = '\xb6'
mem[0xf7fe56ae] = '\x02'
cpu.EIP = 0xf7fe56ac
cpu.EDX = 0xf7e25fd3
cpu.EAX = 0x72
cpu.execute()
self.assertEqual(mem[0xf7e25fd3], 't')
self.assertEqual(mem[0xf7fe56ac], '\x0f')
self.assertEqual(mem[0xf7fe56ad], '\xb6')
self.assertEqual(mem[0xf7fe56ae], '\x02')
self.assertEqual(cpu.EIP, 4160640687)
self.assertEqual(cpu.EDX, 4158808019)
self.assertEqual(cpu.EAX, 116)
def test_MOVZX_13(self):
''' Instruction MOVZX_13
Groups:
0xf7fe5796: movzx edx, byte ptr [eax + 0xd]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e20000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe5798] = 'P'
mem[0xf7fe5799] = '\r'
mem[0xf7fe5797] = '\xb6'
mem[0xf7fe5796] = '\x0f'
mem[0xf7e202f1] = '\x00'
cpu.EIP = 0xf7fe5796
cpu.EDX = 0x1
cpu.EAX = 0xf7e202e4
cpu.execute()
self.assertEqual(mem[0xf7fe5798], 'P')
self.assertEqual(mem[0xf7fe5799], '\r')
self.assertEqual(mem[0xf7e202f1], '\x00')
self.assertEqual(mem[0xf7fe5796], '\x0f')
self.assertEqual(mem[0xf7fe5797], '\xb6')
self.assertEqual(cpu.EIP, 4160640922)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.EAX, 4158784228)
def test_MOVZX_14(self):
''' Instruction MOVZX_14
Groups:
0xf7fe56ac: movzx eax, byte ptr [edx]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e26000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56ac] = '\x0f'
mem[0xf7fe56ad] = '\xb6'
mem[0xf7fe56ae] = '\x02'
mem[0xf7e26a2d] = '1'
cpu.EIP = 0xf7fe56ac
cpu.EDX = 0xf7e26a2d
cpu.EAX = 0x5f
cpu.execute()
self.assertEqual(mem[0xf7fe56ac], '\x0f')
self.assertEqual(mem[0xf7fe56ad], '\xb6')
self.assertEqual(mem[0xf7fe56ae], '\x02')
self.assertEqual(mem[0xf7e26a2d], '1')
self.assertEqual(cpu.EIP, 4160640687)
self.assertEqual(cpu.EDX, 4158810669)
self.assertEqual(cpu.EAX, 49)
def test_MOVZX_15(self):
''' Instruction MOVZX_15
Groups:
0xf7fe56ac: movzx eax, byte ptr [edx]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e23000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56ac] = '\x0f'
mem[0xf7fe56ad] = '\xb6'
mem[0xf7fe56ae] = '\x02'
mem[0xf7e23345] = '\x00'
cpu.EIP = 0xf7fe56ac
cpu.EDX = 0xf7e23345
cpu.EAX = 0x65
cpu.execute()
self.assertEqual(mem[0xf7fe56ac], '\x0f')
self.assertEqual(mem[0xf7fe56ad], '\xb6')
self.assertEqual(mem[0xf7fe56ae], '\x02')
self.assertEqual(mem[0xf7e23345], '\x00')
self.assertEqual(cpu.EIP, 4160640687)
self.assertEqual(cpu.EDX, 4158796613)
self.assertEqual(cpu.EAX, 0)
def test_MOVZX_16(self):
''' Instruction MOVZX_16
Groups:
0xf7fe56ac: movzx eax, byte ptr [edx]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e24000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56ac] = '\x0f'
mem[0xf7fe56ad] = '\xb6'
mem[0xf7e24b9e] = 'r'
mem[0xf7fe56ae] = '\x02'
cpu.EIP = 0xf7fe56ac
cpu.EDX = 0xf7e24b9e
cpu.EAX = 0x6f
cpu.execute()
self.assertEqual(mem[0xf7fe56ac], '\x0f')
self.assertEqual(mem[0xf7fe56ad], '\xb6')
self.assertEqual(mem[0xf7e24b9e], 'r')
self.assertEqual(mem[0xf7fe56ae], '\x02')
self.assertEqual(cpu.EIP, 4160640687)
self.assertEqual(cpu.EDX, 4158802846)
self.assertEqual(cpu.EAX, 114)
def test_MOVZX_17(self):
''' Instruction MOVZX_17
Groups:
0xf7fe7239: movzx eax, byte ptr [eax + 0xc]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e1b000, 0x1000, 'rwx')
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7e1bd70] = '\x11'
mem[0xf7fe7239] = '\x0f'
mem[0xf7fe723a] = '\xb6'
mem[0xf7fe723b] = '@'
mem[0xf7fe723c] = '\x0c'
cpu.EIP = 0xf7fe7239
cpu.EAX = 0xf7e1bd64
cpu.execute()
self.assertEqual(mem[0xf7e1bd70], '\x11')
self.assertEqual(mem[0xf7fe7239], '\x0f')
self.assertEqual(mem[0xf7fe723a], '\xb6')
self.assertEqual(mem[0xf7fe723b], '@')
self.assertEqual(mem[0xf7fe723c], '\x0c')
self.assertEqual(cpu.EIP, 4160647741)
self.assertEqual(cpu.EAX, 17)
def test_MOVZX_18(self):
''' Instruction MOVZX_18
Groups:
0xf7fe56ac: movzx eax, byte ptr [edx]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fdc000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56ac] = '\x0f'
mem[0xf7fe56ad] = '\xb6'
mem[0xf7fe56ae] = '\x02'
mem[0xf7fdc56d] = 'l'
cpu.EIP = 0xf7fe56ac
cpu.EDX = 0xf7fdc56d
cpu.EAX = 0x64
cpu.execute()
self.assertEqual(mem[0xf7fe56ac], '\x0f')
self.assertEqual(mem[0xf7fe56ad], '\xb6')
self.assertEqual(mem[0xf7fe56ae], '\x02')
self.assertEqual(mem[0xf7fdc56d], 'l')
self.assertEqual(cpu.EIP, 4160640687)
self.assertEqual(cpu.EDX, 4160603501)
self.assertEqual(cpu.EAX, 108)
def test_MOVZX_19(self):
''' Instruction MOVZX_19
Groups:
0xf7fe56ac: movzx eax, byte ptr [edx]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e26000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56ac] = '\x0f'
mem[0xf7e26a64] = 'r'
mem[0xf7fe56ad] = '\xb6'
mem[0xf7fe56ae] = '\x02'
cpu.EIP = 0xf7fe56ac
cpu.EDX = 0xf7e26a64
cpu.EAX = 0x75
cpu.execute()
self.assertEqual(mem[0xf7e26a64], 'r')
self.assertEqual(mem[0xf7fe56ac], '\x0f')
self.assertEqual(mem[0xf7fe56ad], '\xb6')
self.assertEqual(mem[0xf7fe56ae], '\x02')
self.assertEqual(cpu.EIP, 4160640687)
self.assertEqual(cpu.EDX, 4158810724)
self.assertEqual(cpu.EAX, 114)
def test_MOVZX_2(self):
''' Instruction MOVZX_2
Groups:
0xf7fe56ac: movzx eax, byte ptr [edx]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e24000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7e24cb9] = 'o'
mem[0xf7fe56ac] = '\x0f'
mem[0xf7fe56ad] = '\xb6'
mem[0xf7fe56ae] = '\x02'
cpu.EIP = 0xf7fe56ac
cpu.EDX = 0xf7e24cb9
cpu.EAX = 0x64
cpu.execute()
self.assertEqual(mem[0xf7e24cb9], 'o')
self.assertEqual(mem[0xf7fe56ac], '\x0f')
self.assertEqual(mem[0xf7fe56ad], '\xb6')
self.assertEqual(mem[0xf7fe56ae], '\x02')
self.assertEqual(cpu.EIP, 4160640687)
self.assertEqual(cpu.EDX, 4158803129)
self.assertEqual(cpu.EAX, 111)
def test_MOVZX_20(self):
''' Instruction MOVZX_20
Groups:
0xf7fe56ac: movzx eax, byte ptr [edx]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e22000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7e22bf1] = '_'
mem[0xf7fe56ac] = '\x0f'
mem[0xf7fe56ad] = '\xb6'
mem[0xf7fe56ae] = '\x02'
cpu.EIP = 0xf7fe56ac
cpu.EDX = 0xf7e22bf1
cpu.EAX = 0x5f
cpu.execute()
self.assertEqual(mem[0xf7e22bf1], '_')
self.assertEqual(mem[0xf7fe56ac], '\x0f')
self.assertEqual(mem[0xf7fe56ad], '\xb6')
self.assertEqual(mem[0xf7fe56ae], '\x02')
self.assertEqual(cpu.EIP, 4160640687)
self.assertEqual(cpu.EDX, 4158794737)
self.assertEqual(cpu.EAX, 95)
def test_MOVZX_21(self):
''' Instruction MOVZX_21
Groups:
0xf7fe56ac: movzx eax, byte ptr [edx]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e24000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56ac] = '\x0f'
mem[0xf7fe56ad] = '\xb6'
mem[0xf7fe56ae] = '\x02'
mem[0xf7e247e5] = '\x00'
cpu.EIP = 0xf7fe56ac
cpu.EDX = 0xf7e247e5
cpu.EAX = 0x6b
cpu.execute()
self.assertEqual(mem[0xf7fe56ac], '\x0f')
self.assertEqual(mem[0xf7fe56ad], '\xb6')
self.assertEqual(mem[0xf7fe56ae], '\x02')
self.assertEqual(mem[0xf7e247e5], '\x00')
self.assertEqual(cpu.EIP, 4160640687)
self.assertEqual(cpu.EDX, 4158801893)
self.assertEqual(cpu.EAX, 0)
def test_MOVZX_3(self):
''' Instruction MOVZX_3
Groups:
0xf7fe56ac: movzx eax, byte ptr [edx]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e22000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56ac] = '\x0f'
mem[0xf7fe56ad] = '\xb6'
mem[0xf7e22bf6] = 'c'
mem[0xf7fe56ae] = '\x02'
cpu.EIP = 0xf7fe56ac
cpu.EDX = 0xf7e22bf6
cpu.EAX = 0x65
cpu.execute()
self.assertEqual(mem[0xf7fe56ac], '\x0f')
self.assertEqual(mem[0xf7fe56ad], '\xb6')
self.assertEqual(mem[0xf7e22bf6], 'c')
self.assertEqual(mem[0xf7fe56ae], '\x02')
self.assertEqual(cpu.EIP, 4160640687)
self.assertEqual(cpu.EDX, 4158794742)
self.assertEqual(cpu.EAX, 99)
def test_MOVZX_4(self):
''' Instruction MOVZX_4
Groups:
0xf7fe7239: movzx eax, byte ptr [eax + 0xc]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e1e000, 0x1000, 'rwx')
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7e1ec70] = '\x11'
mem[0xf7fe7239] = '\x0f'
mem[0xf7fe723a] = '\xb6'
mem[0xf7fe723b] = '@'
mem[0xf7fe723c] = '\x0c'
cpu.EIP = 0xf7fe7239
cpu.EAX = 0xf7e1ec64
cpu.execute()
self.assertEqual(mem[0xf7e1ec70], '\x11')
self.assertEqual(mem[0xf7fe7239], '\x0f')
self.assertEqual(mem[0xf7fe723a], '\xb6')
self.assertEqual(mem[0xf7fe723b], '@')
self.assertEqual(mem[0xf7fe723c], '\x0c')
self.assertEqual(cpu.EIP, 4160647741)
self.assertEqual(cpu.EAX, 17)
def test_MOVZX_5(self):
''' Instruction MOVZX_5
Groups:
0xf7fe56ac: movzx eax, byte ptr [edx]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e27000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7e27850] = 's'
mem[0xf7fe56ac] = '\x0f'
mem[0xf7fe56ad] = '\xb6'
mem[0xf7fe56ae] = '\x02'
cpu.EIP = 0xf7fe56ac
cpu.EDX = 0xf7e27850
cpu.EAX = 0x74
cpu.execute()
self.assertEqual(mem[0xf7e27850], 's')
self.assertEqual(mem[0xf7fe56ac], '\x0f')
self.assertEqual(mem[0xf7fe56ad], '\xb6')
self.assertEqual(mem[0xf7fe56ae], '\x02')
self.assertEqual(cpu.EIP, 4160640687)
self.assertEqual(cpu.EDX, 4158814288)
self.assertEqual(cpu.EAX, 115)
def test_MOVZX_6(self):
''' Instruction MOVZX_6
Groups:
0xf7fe7239: movzx eax, byte ptr [eax + 0xc]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e21000, 0x1000, 'rwx')
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7e21a00] = '\x11'
mem[0xf7fe7239] = '\x0f'
mem[0xf7fe723a] = '\xb6'
mem[0xf7fe723b] = '@'
mem[0xf7fe723c] = '\x0c'
cpu.EIP = 0xf7fe7239
cpu.EAX = 0xf7e219f4
cpu.execute()
self.assertEqual(mem[0xf7e21a00], '\x11')
self.assertEqual(mem[0xf7fe7239], '\x0f')
self.assertEqual(mem[0xf7fe723a], '\xb6')
self.assertEqual(mem[0xf7fe723b], '@')
self.assertEqual(mem[0xf7fe723c], '\x0c')
self.assertEqual(cpu.EIP, 4160647741)
self.assertEqual(cpu.EAX, 17)
def test_MOVZX_7(self):
''' Instruction MOVZX_7
Groups:
0xf7fe56ac: movzx eax, byte ptr [edx]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e27000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7e271c0] = 'y'
mem[0xf7fe56ac] = '\x0f'
mem[0xf7fe56ad] = '\xb6'
mem[0xf7fe56ae] = '\x02'
cpu.EIP = 0xf7fe56ac
cpu.EDX = 0xf7e271c0
cpu.EAX = 0x74
cpu.execute()
self.assertEqual(mem[0xf7e271c0], 'y')
self.assertEqual(mem[0xf7fe56ac], '\x0f')
self.assertEqual(mem[0xf7fe56ad], '\xb6')
self.assertEqual(mem[0xf7fe56ae], '\x02')
self.assertEqual(cpu.EIP, 4160640687)
self.assertEqual(cpu.EDX, 4158812608)
self.assertEqual(cpu.EAX, 121)
def test_MOVZX_8(self):
''' Instruction MOVZX_8
Groups:
0xf7fe7239: movzx eax, byte ptr [eax + 0xc]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fdc000, 0x1000, 'rwx')
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fdc3c8] = '"'
mem[0xf7fe7239] = '\x0f'
mem[0xf7fe723a] = '\xb6'
mem[0xf7fe723b] = '@'
mem[0xf7fe723c] = '\x0c'
cpu.EIP = 0xf7fe7239
cpu.EAX = 0xf7fdc3bc
cpu.execute()
self.assertEqual(mem[0xf7fdc3c8], '"')
self.assertEqual(mem[0xf7fe7239], '\x0f')
self.assertEqual(mem[0xf7fe723a], '\xb6')
self.assertEqual(mem[0xf7fe723b], '@')
self.assertEqual(mem[0xf7fe723c], '\x0c')
self.assertEqual(cpu.EIP, 4160647741)
self.assertEqual(cpu.EAX, 34)
def test_MOVZX_9(self):
''' Instruction MOVZX_9
Groups:
0xf7fec2c2: movzx edx, word ptr [eax + 4]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e29000, 0x1000, 'rwx')
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec2c2] = '\x0f'
mem[0xf7fec2c3] = '\xb7'
mem[0xf7fec2c4] = 'P'
mem[0xf7fec2c5] = '\x04'
mem[0xf7e295f8] = '\x0c'
mem[0xf7e295f9] = '\x00'
cpu.EIP = 0xf7fec2c2
cpu.EDX = 0x24
cpu.EAX = 0xf7e295f4
cpu.execute()
self.assertEqual(mem[0xf7fec2c2], '\x0f')
self.assertEqual(mem[0xf7fec2c3], '\xb7')
self.assertEqual(mem[0xf7fec2c4], 'P')
self.assertEqual(mem[0xf7fec2c5], '\x04')
self.assertEqual(mem[0xf7e295f8], '\x0c')
self.assertEqual(mem[0xf7e295f9], '\x00')
self.assertEqual(cpu.EIP, 4160668358)
self.assertEqual(cpu.EDX, 12)
self.assertEqual(cpu.EAX, 4158821876)
def test_MOV_1(self):
''' Instruction MOV_1
Groups:
0xf7fe22fb: mov dword ptr [ebp - 0x9c], eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe2000, 0x1000, 'rwx')
mem.mmap(0xffffc000, 0x1000, 'rwx')
mem[0xf7fe2300] = '\xff'
mem[0xf7fe22fd] = 'd'
mem[0xf7fe22ff] = '\xff'
mem[0xf7fe22fe] = '\xff'
mem[0xf7fe22fc] = '\x85'
mem[0xf7fe22fb] = '\x89'
mem[0xffffcfec] = '\xff'
mem[0xffffcfed] = '\x0f'
mem[0xffffcfee] = '\x00'
mem[0xffffcfef] = '\x00'
cpu.EIP = 0xf7fe22fb
cpu.EBP = 0xffffd088
cpu.EAX = 0xf7fc3a7c
cpu.execute()
self.assertEqual(mem[0xf7fe2300], '\xff')
self.assertEqual(mem[0xf7fe22fd], 'd')
self.assertEqual(mem[0xf7fe22ff], '\xff')
self.assertEqual(mem[0xf7fe22fe], '\xff')
self.assertEqual(mem[0xf7fe22fc], '\x85')
self.assertEqual(mem[0xf7fe22fb], '\x89')
self.assertEqual(mem[0xffffcfec], '|')
self.assertEqual(mem[0xffffcfed], ':')
self.assertEqual(mem[0xffffcfee], '\xfc')
self.assertEqual(mem[0xffffcfef], '\xf7')
self.assertEqual(cpu.EIP, 4160627457)
self.assertEqual(cpu.EBP, 4294955144)
self.assertEqual(cpu.EAX, 4160502396)
def test_MOV_10(self):
''' Instruction MOV_10
Groups:
0x8057c2f: mov esp, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08057000, 0x1000, 'rwx')
mem[0x08057c30] = '\xd4'
mem[0x08057c2f] = '\x89'
cpu.EIP = 0x8057c2f
cpu.EDX = 0xffffc606
cpu.ESP = 0xffffc606
cpu.execute()
self.assertEqual(mem[0x8057c30], '\xd4')
self.assertEqual(mem[0x8057c2f], '\x89')
self.assertEqual(cpu.EIP, 134577201)
self.assertEqual(cpu.EDX, 4294952454)
self.assertEqual(cpu.ESP, 4294952454)
def test_MOV_11(self):
''' Instruction MOV_11
Groups:
0xf7fe56a0: mov ecx, edi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a0] = '\x89'
mem[0xf7fe56a1] = '\xf9'
cpu.EIP = 0xf7fe56a0
cpu.EDI = 0xc498786f
cpu.ECX = 0x710ff860
cpu.execute()
self.assertEqual(mem[0xf7fe56a0], '\x89')
self.assertEqual(mem[0xf7fe56a1], '\xf9')
self.assertEqual(cpu.EIP, 4160640674)
self.assertEqual(cpu.EDI, 3298326639)
self.assertEqual(cpu.ECX, 3298326639)
def test_MOV_12(self):
''' Instruction MOV_12
Groups:
0xf7fe71a8: mov eax, dword ptr [esi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e2b000, 0x1000, 'rwx')
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71a8] = '\x8b'
mem[0xf7fe71a9] = '\x06'
mem[0xf7e2b33c] = 'T'
mem[0xf7e2b33d] = '\xa6'
mem[0xf7e2b33e] = '\x1a'
mem[0xf7e2b33f] = '\x00'
cpu.EIP = 0xf7fe71a8
cpu.ESI = 0xf7e2b33c
cpu.EAX = 0xf7fbf650
cpu.execute()
self.assertEqual(mem[0xf7fe71a8], '\x8b')
self.assertEqual(mem[0xf7fe71a9], '\x06')
self.assertEqual(mem[0xf7e2b33c], 'T')
self.assertEqual(mem[0xf7e2b33d], '\xa6')
self.assertEqual(mem[0xf7e2b33e], '\x1a')
self.assertEqual(mem[0xf7e2b33f], '\x00')
self.assertEqual(cpu.EIP, 4160647594)
self.assertEqual(cpu.ESI, 4158829372)
self.assertEqual(cpu.EAX, 1746516)
def test_MOV_13(self):
''' Instruction MOV_13
Groups:
0xf7fe4f32: mov edx, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f32] = '\x89'
mem[0xf7fe4f33] = '\xc2'
cpu.EIP = 0xf7fe4f32
cpu.EDX = 0x3105395
cpu.EAX = 0x20002000
cpu.execute()
self.assertEqual(mem[0xf7fe4f32], '\x89')
self.assertEqual(mem[0xf7fe4f33], '\xc2')
self.assertEqual(cpu.EIP, 4160638772)
self.assertEqual(cpu.EDX, 536879104)
self.assertEqual(cpu.EAX, 536879104)
def test_MOV_14(self):
''' Instruction MOV_14
Groups:
0xf7fe0b98: mov esi, dword ptr [ebp - 0x30]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe0000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe0b98] = '\x8b'
mem[0xf7fe0b99] = 'u'
mem[0xffffd678] = '\x10'
mem[0xffffd679] = '\xd0'
mem[0xf7fe0b9a] = '\xd0'
mem[0xffffd67b] = '\xf7'
mem[0xffffd67a] = '\xff'
cpu.EIP = 0xf7fe0b98
cpu.EBP = 0xffffd6a8
cpu.ESI = 0xf7fdc44c
cpu.execute()
self.assertEqual(mem[0xffffd678], '\x10')
self.assertEqual(mem[0xffffd679], '\xd0')
self.assertEqual(mem[0xf7fe0b98], '\x8b')
self.assertEqual(mem[0xf7fe0b99], 'u')
self.assertEqual(mem[0xf7fe0b9a], '\xd0')
self.assertEqual(mem[0xffffd67b], '\xf7')
self.assertEqual(mem[0xffffd67a], '\xff')
self.assertEqual(cpu.EIP, 4160621467)
self.assertEqual(cpu.EBP, 4294956712)
self.assertEqual(cpu.ESI, 4160737296)
def test_MOV_15(self):
''' Instruction MOV_15
Groups:
0xf7ff167f: mov eax, dword ptr [esp + 0x20]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7ff1680] = 'D'
mem[0xf7ff1681] = '$'
mem[0xf7ff1682] = ' '
mem[0xffffd4b3] = '\x00'
mem[0xffffd4b1] = '\x02'
mem[0xffffd4b0] = '\x08'
mem[0xffffd4b2] = '\x00'
mem[0xf7ff167f] = '\x8b'
cpu.EIP = 0xf7ff167f
cpu.EAX = 0x209
cpu.ESP = 0xffffd490
cpu.execute()
self.assertEqual(mem[0xf7ff1680], 'D')
self.assertEqual(mem[0xf7ff1681], '$')
self.assertEqual(mem[0xf7ff1682], ' ')
self.assertEqual(mem[0xffffd4b3], '\x00')
self.assertEqual(mem[0xffffd4b1], '\x02')
self.assertEqual(mem[0xffffd4b0], '\x08')
self.assertEqual(mem[0xffffd4b2], '\x00')
self.assertEqual(mem[0xf7ff167f], '\x8b')
self.assertEqual(cpu.EIP, 4160689795)
self.assertEqual(cpu.ESP, 4294956176)
self.assertEqual(cpu.EAX, 520)
def test_MOV_16(self):
''' Instruction MOV_16
Groups:
0xf7fe576f: mov dword ptr [esp], eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd380] = '\xe8'
mem[0xffffd381] = '\xd3'
mem[0xffffd382] = '\xff'
mem[0xffffd383] = '\xff'
mem[0xf7fe576f] = '\x89'
mem[0xf7fe5770] = '\x04'
mem[0xf7fe5771] = '$'
cpu.EIP = 0xf7fe576f
cpu.ESP = 0xffffd380
cpu.EAX = 0xffffd3e8
cpu.execute()
self.assertEqual(mem[0xffffd380], '\xe8')
self.assertEqual(mem[0xffffd381], '\xd3')
self.assertEqual(mem[0xffffd382], '\xff')
self.assertEqual(mem[0xffffd383], '\xff')
self.assertEqual(mem[0xf7fe576f], '\x89')
self.assertEqual(mem[0xf7fe5770], '\x04')
self.assertEqual(mem[0xf7fe5771], '$')
self.assertEqual(cpu.EIP, 4160640882)
self.assertEqual(cpu.EAX, 4294956008)
self.assertEqual(cpu.ESP, 4294955904)
def test_MOV_17(self):
''' Instruction MOV_17
Groups:
0xf7fe7219: mov dword ptr [ebp - 0x74], edi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd484] = '\x88'
mem[0xffffd485] = '\xab'
mem[0xffffd486] = '\xfd'
mem[0xffffd487] = '\xf7'
mem[0xf7fe7219] = '\x89'
mem[0xf7fe721a] = '}'
mem[0xf7fe721b] = '\x8c'
cpu.EIP = 0xf7fe7219
cpu.EDI = 0xf7fdab88
cpu.EBP = 0xffffd4f8
cpu.execute()
self.assertEqual(mem[0xffffd484], '\x88')
self.assertEqual(mem[0xffffd485], '\xab')
self.assertEqual(mem[0xffffd486], '\xfd')
self.assertEqual(mem[0xffffd487], '\xf7')
self.assertEqual(mem[0xf7fe7219], '\x89')
self.assertEqual(mem[0xf7fe721a], '}')
self.assertEqual(mem[0xf7fe721b], '\x8c')
self.assertEqual(cpu.EIP, 4160647708)
self.assertEqual(cpu.EDI, 4160596872)
self.assertEqual(cpu.EBP, 4294956280)
def test_MOV_18(self):
''' Instruction MOV_18
Groups:
0xf7fe99cf: mov dword ptr [ebp - 0x20], eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe99cf] = '\x89'
mem[0xf7fe99d0] = 'E'
mem[0xf7fe99d1] = '\xe0'
mem[0xffffd478] = '\x00'
mem[0xffffd479] = '\x00'
mem[0xffffd47a] = '\x00'
mem[0xffffd47b] = '\x00'
cpu.EIP = 0xf7fe99cf
cpu.EBP = 0xffffd498
cpu.EAX = 0xfffffffe
cpu.execute()
self.assertEqual(mem[0xf7fe99cf], '\x89')
self.assertEqual(mem[0xf7fe99d0], 'E')
self.assertEqual(mem[0xf7fe99d1], '\xe0')
self.assertEqual(mem[0xffffd478], '\xfe')
self.assertEqual(mem[0xffffd479], '\xff')
self.assertEqual(mem[0xffffd47a], '\xff')
self.assertEqual(mem[0xffffd47b], '\xff')
self.assertEqual(cpu.EIP, 4160657874)
self.assertEqual(cpu.EBP, 4294956184)
self.assertEqual(cpu.EAX, 4294967294)
def test_MOV_19(self):
''' Instruction MOV_19
Groups:
0xf7febbf1: mov edi, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7feb000, 0x1000, 'rwx')
mem[0xf7febbf1] = '\x89'
mem[0xf7febbf2] = '\xc7'
cpu.EIP = 0xf7febbf1
cpu.EDI = 0xf7ffd938
cpu.EAX = 0xf7e28049
cpu.execute()
self.assertEqual(mem[0xf7febbf1], '\x89')
self.assertEqual(mem[0xf7febbf2], '\xc7')
self.assertEqual(cpu.EIP, 4160666611)
self.assertEqual(cpu.EDI, 4158816329)
self.assertEqual(cpu.EAX, 4158816329)
def test_MOV_2(self):
''' Instruction MOV_2
Groups:
0x8072b02: mov eax, 0x137
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08072000, 0x1000, 'rwx')
mem[0x08072b02] = '\xb8'
mem[0x08072b03] = '7'
mem[0x08072b04] = '\x01'
mem[0x08072b05] = '\x00'
mem[0x08072b06] = '\x00'
cpu.EIP = 0x8072b02
cpu.EAX = 0x137
cpu.execute()
self.assertEqual(mem[0x8072b02], '\xb8')
self.assertEqual(mem[0x8072b03], '7')
self.assertEqual(mem[0x8072b04], '\x01')
self.assertEqual(mem[0x8072b05], '\x00')
self.assertEqual(mem[0x8072b06], '\x00')
self.assertEqual(cpu.EIP, 134687495)
self.assertEqual(cpu.EAX, 311)
def test_MOV_20(self):
''' Instruction MOV_20
Groups:
0x8059513: mov edx, esp
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x08059513] = '\x89'
mem[0x08059514] = '\xe2'
cpu.EIP = 0x8059513
cpu.EDX = 0xffffc606
cpu.ESP = 0xffffc606
cpu.execute()
self.assertEqual(mem[0x8059513], '\x89')
self.assertEqual(mem[0x8059514], '\xe2')
self.assertEqual(cpu.EIP, 134583573)
self.assertEqual(cpu.EDX, 4294952454)
self.assertEqual(cpu.ESP, 4294952454)
def test_MOV_21(self):
''' Instruction MOV_21
Groups:
0x8077737: mov edx, 0
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08077000, 0x1000, 'rwx')
mem[0x08077738] = '\x00'
mem[0x08077739] = '\x00'
mem[0x0807773a] = '\x00'
mem[0x0807773b] = '\x00'
mem[0x08077737] = '\xba'
cpu.EIP = 0x8077737
cpu.EDX = 0x0
cpu.execute()
self.assertEqual(mem[0x8077738], '\x00')
self.assertEqual(mem[0x8077739], '\x00')
self.assertEqual(mem[0x807773a], '\x00')
self.assertEqual(mem[0x807773b], '\x00')
self.assertEqual(mem[0x8077737], '\xba')
self.assertEqual(cpu.EIP, 134707004)
self.assertEqual(cpu.EDX, 0)
def test_MOV_3(self):
''' Instruction MOV_3
Groups:
0xf7ff3e68: mov al, byte ptr [ecx]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e28000, 0x1000, 'rwx')
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e68] = '\x8a'
mem[0xf7ff3e69] = '\x01'
mem[0xf7e280a1] = '2'
cpu.EIP = 0xf7ff3e68
cpu.AL = 0x2e
cpu.ECX = 0xf7e280a1
cpu.execute()
self.assertEqual(mem[0xf7ff3e68], '\x8a')
self.assertEqual(mem[0xf7ff3e69], '\x01')
self.assertEqual(mem[0xf7e280a1], '2')
self.assertEqual(cpu.EIP, 4160700010)
self.assertEqual(cpu.AL, 50)
self.assertEqual(cpu.ECX, 4158816417)
def test_MOV_4(self):
''' Instruction MOV_4
Groups:
0x8058801: mov ebp, ebx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08058000, 0x1000, 'rwx')
mem[0x08058801] = '\x89'
mem[0x08058802] = '\xdd'
cpu.EIP = 0x8058801
cpu.EBP = 0xffffb600
cpu.EBX = 0xffffb600
cpu.execute()
self.assertEqual(mem[0x8058801], '\x89')
self.assertEqual(mem[0x8058802], '\xdd')
self.assertEqual(cpu.EIP, 134580227)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.EBX, 4294948352)
def test_MOV_5(self):
''' Instruction MOV_5
Groups:
0xf7fe4fcb: mov eax, dword ptr [esp + 0x5c]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd34f] = '\xf7'
mem[0xffffd34e] = '\xfd'
mem[0xffffd34c] = 'X'
mem[0xf7fe4fcb] = '\x8b'
mem[0xf7fe4fcc] = 'D'
mem[0xf7fe4fcd] = '$'
mem[0xf7fe4fce] = '\\'
mem[0xffffd34d] = '\xa8'
cpu.EIP = 0xf7fe4fcb
cpu.EAX = 0xffffd3f0
cpu.ESP = 0xffffd2f0
cpu.execute()
self.assertEqual(mem[0xffffd34f], '\xf7')
self.assertEqual(mem[0xffffd34e], '\xfd')
self.assertEqual(mem[0xf7fe4fcc], 'D')
self.assertEqual(mem[0xf7fe4fcb], '\x8b')
self.assertEqual(mem[0xffffd34c], 'X')
self.assertEqual(mem[0xf7fe4fcd], '$')
self.assertEqual(mem[0xf7fe4fce], '\\')
self.assertEqual(mem[0xffffd34d], '\xa8')
self.assertEqual(cpu.EIP, 4160638927)
self.assertEqual(cpu.ESP, 4294955760)
self.assertEqual(cpu.EAX, 4160596056)
def test_MOV_6(self):
''' Instruction MOV_6
Groups:
0xf7ff3e68: mov al, byte ptr [ecx]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fdc000, 0x1000, 'rwx')
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e68] = '\x8a'
mem[0xf7ff3e69] = '\x01'
mem[0xf7fdc4f5] = 'a'
cpu.EIP = 0xf7ff3e68
cpu.AL = 0x74
cpu.ECX = 0xf7fdc4f5
cpu.execute()
self.assertEqual(mem[0xf7ff3e68], '\x8a')
self.assertEqual(mem[0xf7ff3e69], '\x01')
self.assertEqual(mem[0xf7fdc4f5], 'a')
self.assertEqual(cpu.EIP, 4160700010)
self.assertEqual(cpu.AL, 97)
self.assertEqual(cpu.ECX, 4160603381)
def test_MOV_7(self):
''' Instruction MOV_7
Groups:
0x805083b: mov eax, 0x137
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08050000, 0x1000, 'rwx')
mem[0x0805083b] = '\xb8'
mem[0x0805083c] = '7'
mem[0x0805083d] = '\x01'
mem[0x0805083e] = '\x00'
mem[0x0805083f] = '\x00'
cpu.EIP = 0x805083b
cpu.EAX = 0x137
cpu.execute()
self.assertEqual(mem[0x805083b], '\xb8')
self.assertEqual(mem[0x805083c], '7')
self.assertEqual(mem[0x805083d], '\x01')
self.assertEqual(mem[0x805083e], '\x00')
self.assertEqual(mem[0x805083f], '\x00')
self.assertEqual(cpu.EIP, 134547520)
self.assertEqual(cpu.EAX, 311)
def test_MOV_8(self):
''' Instruction MOV_8
Groups:
0xf7fe4d09: mov eax, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4d09] = '\x89'
mem[0xf7fe4d0a] = '\xc8'
cpu.EIP = 0xf7fe4d09
cpu.EAX = 0xf7fdc642
cpu.ECX = 0x6
cpu.execute()
self.assertEqual(mem[0xf7fe4d09], '\x89')
self.assertEqual(mem[0xf7fe4d0a], '\xc8')
self.assertEqual(cpu.EIP, 4160638219)
self.assertEqual(cpu.ECX, 6)
self.assertEqual(cpu.EAX, 6)
def test_MOV_9(self):
''' Instruction MOV_9
Groups:
0xf7fe9dad: mov byte ptr [eax], 0x2f
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
mem[0xf7ffdf2b] = '\x00'
mem[0xf7fe9dad] = '\xc6'
mem[0xf7fe9dae] = '\x00'
mem[0xf7fe9daf] = '/'
cpu.EIP = 0xf7fe9dad
cpu.EAX = 0xf7ffdf2b
cpu.execute()
self.assertEqual(mem[0xf7ffdf2b], '/')
self.assertEqual(mem[0xf7fe9dad], '\xc6')
self.assertEqual(mem[0xf7fe9dae], '\x00')
self.assertEqual(mem[0xf7fe9daf], '/')
self.assertEqual(cpu.EIP, 4160658864)
self.assertEqual(cpu.EAX, 4160741163)
def test_NEG_1(self):
''' Instruction NEG_1
Groups:
0xf7ff15a4: neg edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem[0xf7ff15a4] = '\xf7'
mem[0xf7ff15a5] = '\xda'
cpu.EIP = 0xf7ff15a4
cpu.EDX = 0xf7ffdc28
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = True
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7ff15a4], '\xf7')
self.assertEqual(mem[0xf7ff15a5], '\xda')
self.assertEqual(cpu.EIP, 4160689574)
self.assertEqual(cpu.EDX, 134226904)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.SF, False)
def test_NEG_10(self):
''' Instruction NEG_10
Groups:
0xf7ff15a4: neg edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem[0xf7ff15a4] = '\xf7'
mem[0xf7ff15a5] = '\xda'
cpu.EIP = 0xf7ff15a4
cpu.EDX = 0xf7ffdea8
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = True
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7ff15a4], '\xf7')
self.assertEqual(mem[0xf7ff15a5], '\xda')
self.assertEqual(cpu.EIP, 4160689574)
self.assertEqual(cpu.EDX, 134226264)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.SF, False)
def test_NEG_11(self):
''' Instruction NEG_11
Groups:
0xf7fdea7d: neg eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fde000, 0x1000, 'rwx')
mem[0xf7fdea7d] = '\xf7'
mem[0xf7fdea7e] = '\xd8'
cpu.EIP = 0xf7fdea7d
cpu.EAX = 0x1
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = True
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fdea7d], '\xf7')
self.assertEqual(mem[0xf7fdea7e], '\xd8')
self.assertEqual(cpu.EIP, 4160612991)
self.assertEqual(cpu.EAX, 4294967295)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.SF, True)
def test_NEG_12(self):
''' Instruction NEG_12
Groups:
0xf7fe270f: neg eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe2000, 0x1000, 'rwx')
mem[0xf7fe2710] = '\xd8'
mem[0xf7fe270f] = '\xf7'
cpu.EIP = 0xf7fe270f
cpu.EAX = 0x6ffffef5
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = True
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe2710], '\xd8')
self.assertEqual(mem[0xf7fe270f], '\xf7')
self.assertEqual(cpu.EIP, 4160628497)
self.assertEqual(cpu.EAX, 2415919371)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.SF, True)
def test_NEG_13(self):
''' Instruction NEG_13
Groups:
0x8065f5e: neg dword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x08065f60] = '\x00'
mem[0xffffb600] = 'G'
mem[0xffffb602] = '\x1f'
mem[0xffffb603] = '\xfe'
mem[0xffffb601] = '\x85'
mem[0x08065f5e] = '\xf7'
mem[0x08065f5f] = ']'
cpu.EIP = 0x8065f5e
cpu.EBP = 0xffffb600
cpu.PF = True
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.CF = True
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0x8065f60], '\x00')
self.assertEqual(mem[0xffffb600], '\xb9')
self.assertEqual(mem[0xffffb602], '\xe0')
self.assertEqual(mem[0xffffb603], '\x01')
self.assertEqual(mem[0xffffb601], 'z')
self.assertEqual(mem[0x8065f5e], '\xf7')
self.assertEqual(mem[0x8065f5f], ']')
self.assertEqual(cpu.EIP, 134635361)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.SF, False)
def test_NEG_14(self):
''' Instruction NEG_14
Groups:
0xf7fe20a7: neg edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe2000, 0x1000, 'rwx')
mem[0xf7fe20a8] = '\xda'
mem[0xf7fe20a7] = '\xf7'
cpu.EIP = 0xf7fe20a7
cpu.EDX = 0x1000
cpu.PF = False
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe20a8], '\xda')
self.assertEqual(mem[0xf7fe20a7], '\xf7')
self.assertEqual(cpu.EIP, 4160626857)
self.assertEqual(cpu.EDX, 4294963200)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.SF, True)
def test_NEG_15(self):
''' Instruction NEG_15
Groups:
0xf7fe230f: neg esi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe2000, 0x1000, 'rwx')
mem[0xf7fe2310] = '\xde'
mem[0xf7fe230f] = '\xf7'
cpu.EIP = 0xf7fe230f
cpu.PF = False
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.ESI = 0x1000
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fe2310], '\xde')
self.assertEqual(mem[0xf7fe230f], '\xf7')
self.assertEqual(cpu.EIP, 4160627473)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.ESI, 4294963200)
self.assertEqual(cpu.SF, True)
def test_NEG_16(self):
''' Instruction NEG_16
Groups:
0xf7ff06a5: neg eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff06a5] = '\xf7'
mem[0xf7ff06a6] = '\xd8'
cpu.EIP = 0xf7ff06a5
cpu.EAX = 0x0
cpu.PF = False
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7ff06a5], '\xf7')
self.assertEqual(mem[0xf7ff06a6], '\xd8')
self.assertEqual(cpu.EIP, 4160685735)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_NEG_17(self):
''' Instruction NEG_17
Groups:
0xf7ff1640: neg edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem[0xf7ff1640] = '\xf7'
mem[0xf7ff1641] = '\xda'
cpu.EIP = 0xf7ff1640
cpu.EDX = 0x1000
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = True
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7ff1640], '\xf7')
self.assertEqual(mem[0xf7ff1641], '\xda')
self.assertEqual(cpu.EIP, 4160689730)
self.assertEqual(cpu.EDX, 4294963200)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.SF, True)
def test_NEG_18(self):
''' Instruction NEG_18
Groups:
0xf7ff1591: neg eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem[0xf7ff1591] = '\xf7'
mem[0xf7ff1592] = '\xd8'
cpu.EIP = 0xf7ff1591
cpu.EAX = 0x8
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7ff1591], '\xf7')
self.assertEqual(mem[0xf7ff1592], '\xd8')
self.assertEqual(cpu.EIP, 4160689555)
self.assertEqual(cpu.EAX, 4294967288)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.SF, True)
def test_NEG_19(self):
''' Instruction NEG_19
Groups:
0xf7ff1591: neg eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem[0xf7ff1591] = '\xf7'
mem[0xf7ff1592] = '\xd8'
cpu.EIP = 0xf7ff1591
cpu.EAX = 0x8
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7ff1591], '\xf7')
self.assertEqual(mem[0xf7ff1592], '\xd8')
self.assertEqual(cpu.EIP, 4160689555)
self.assertEqual(cpu.EAX, 4294967288)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.SF, True)
def test_NEG_2(self):
''' Instruction NEG_2
Groups:
0xf7ff1591: neg eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem[0xf7ff1591] = '\xf7'
mem[0xf7ff1592] = '\xd8'
cpu.EIP = 0xf7ff1591
cpu.EAX = 0x8
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7ff1591], '\xf7')
self.assertEqual(mem[0xf7ff1592], '\xd8')
self.assertEqual(cpu.EIP, 4160689555)
self.assertEqual(cpu.EAX, 4294967288)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.SF, True)
def test_NEG_20(self):
''' Instruction NEG_20
Groups:
0xf7fed337: neg eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fed000, 0x1000, 'rwx')
mem[0xf7fed338] = '\xd8'
mem[0xf7fed337] = '\xf7'
cpu.EIP = 0xf7fed337
cpu.EAX = 0x0
cpu.PF = False
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fed338], '\xd8')
self.assertEqual(mem[0xf7fed337], '\xf7')
self.assertEqual(cpu.EIP, 4160672569)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_NEG_21(self):
''' Instruction NEG_21
Groups:
0xf7ff15a4: neg edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem[0xf7ff15a4] = '\xf7'
mem[0xf7ff15a5] = '\xda'
cpu.EIP = 0xf7ff15a4
cpu.EDX = 0xf7fdaad0
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = True
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7ff15a4], '\xf7')
self.assertEqual(mem[0xf7ff15a5], '\xda')
self.assertEqual(cpu.EIP, 4160689574)
self.assertEqual(cpu.EDX, 134370608)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.SF, False)
def test_NEG_3(self):
''' Instruction NEG_3
Groups:
0xf7ff1591: neg eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem[0xf7ff1591] = '\xf7'
mem[0xf7ff1592] = '\xd8'
cpu.EIP = 0xf7ff1591
cpu.EAX = 0x40
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7ff1591], '\xf7')
self.assertEqual(mem[0xf7ff1592], '\xd8')
self.assertEqual(cpu.EIP, 4160689555)
self.assertEqual(cpu.EAX, 4294967232)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.SF, True)
def test_NEG_4(self):
''' Instruction NEG_4
Groups:
0xf7fe6b73: neg edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe6b73] = '\xf7'
mem[0xf7fe6b74] = '\xda'
cpu.EIP = 0xf7fe6b73
cpu.EDX = 0x1000
cpu.PF = False
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe6b73], '\xf7')
self.assertEqual(mem[0xf7fe6b74], '\xda')
self.assertEqual(cpu.EIP, 4160646005)
self.assertEqual(cpu.EDX, 4294963200)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.SF, True)
def test_NEG_5(self):
''' Instruction NEG_5
Groups:
0xf7fe20a7: neg edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe2000, 0x1000, 'rwx')
mem[0xf7fe20a8] = '\xda'
mem[0xf7fe20a7] = '\xf7'
cpu.EIP = 0xf7fe20a7
cpu.EDX = 0x1000
cpu.PF = False
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe20a8], '\xda')
self.assertEqual(mem[0xf7fe20a7], '\xf7')
self.assertEqual(cpu.EIP, 4160626857)
self.assertEqual(cpu.EDX, 4294963200)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.SF, True)
def test_NEG_6(self):
''' Instruction NEG_6
Groups:
0xf7ff1591: neg eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem[0xf7ff1591] = '\xf7'
mem[0xf7ff1592] = '\xd8'
cpu.EIP = 0xf7ff1591
cpu.EAX = 0x8
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7ff1591], '\xf7')
self.assertEqual(mem[0xf7ff1592], '\xd8')
self.assertEqual(cpu.EIP, 4160689555)
self.assertEqual(cpu.EAX, 4294967288)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.SF, True)
def test_NEG_7(self):
''' Instruction NEG_7
Groups:
0xf7ff15a4: neg edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem[0xf7ff15a4] = '\xf7'
mem[0xf7ff15a5] = '\xda'
cpu.EIP = 0xf7ff15a4
cpu.EDX = 0xf7e14240
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = True
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7ff15a4], '\xf7')
self.assertEqual(mem[0xf7ff15a5], '\xda')
self.assertEqual(cpu.EIP, 4160689574)
self.assertEqual(cpu.EDX, 136232384)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.SF, False)
def test_NEG_8(self):
''' Instruction NEG_8
Groups:
0xf7ff15a4: neg edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem[0xf7ff15a4] = '\xf7'
mem[0xf7ff15a5] = '\xda'
cpu.EIP = 0xf7ff15a4
cpu.EDX = 0xf7fdab08
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = True
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7ff15a4], '\xf7')
self.assertEqual(mem[0xf7ff15a5], '\xda')
self.assertEqual(cpu.EIP, 4160689574)
self.assertEqual(cpu.EDX, 134370552)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.SF, False)
def test_NEG_9(self):
''' Instruction NEG_9
Groups:
0xf7ff15a4: neg edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem[0xf7ff15a4] = '\xf7'
mem[0xf7ff15a5] = '\xda'
cpu.EIP = 0xf7ff15a4
cpu.EDX = 0xf7fda858
cpu.PF = False
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = True
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7ff15a4], '\xf7')
self.assertEqual(mem[0xf7ff15a5], '\xda')
self.assertEqual(cpu.EIP, 4160689574)
self.assertEqual(cpu.EDX, 134371240)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.SF, False)
def test_NOT_1(self):
''' Instruction NOT_1
Groups:
0x8065e96: not dword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\xef'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\xff'
mem[0xffffb603] = '\xff'
mem[0x08065e96] = '\xf7'
mem[0x08065e97] = 'U'
mem[0x08065e98] = '\x00'
cpu.EIP = 0x8065e96
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x10')
self.assertEqual(mem[0xffffb601], '\xff')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x8065e96], '\xf7')
self.assertEqual(mem[0x8065e97], 'U')
self.assertEqual(mem[0x8065e98], '\x00')
self.assertEqual(cpu.EIP, 134635161)
self.assertEqual(cpu.EBP, 4294948352)
def test_NOT_10(self):
''' Instruction NOT_10
Groups:
0x8065e87: not cx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem[0x08065e88] = '\xf7'
mem[0x08065e89] = '\xd1'
mem[0x08065e87] = 'f'
cpu.EIP = 0x8065e87
cpu.CX = 0xff00
cpu.execute()
self.assertEqual(mem[0x8065e88], '\xf7')
self.assertEqual(mem[0x8065e89], '\xd1')
self.assertEqual(mem[0x8065e87], 'f')
self.assertEqual(cpu.EIP, 134635146)
self.assertEqual(cpu.CX, 255)
def test_NOT_11(self):
''' Instruction NOT_11
Groups:
0x8065e93: not dword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x10'
mem[0xffffb601] = '\xff'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x08065e93] = '\xf7'
mem[0x08065e94] = 'U'
mem[0x08065e95] = '\x00'
cpu.EIP = 0x8065e93
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\xef')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\xff')
self.assertEqual(mem[0xffffb603], '\xff')
self.assertEqual(mem[0x8065e93], '\xf7')
self.assertEqual(mem[0x8065e94], 'U')
self.assertEqual(mem[0x8065e95], '\x00')
self.assertEqual(cpu.EIP, 134635158)
self.assertEqual(cpu.EBP, 4294948352)
def test_NOT_12(self):
''' Instruction NOT_12
Groups:
0xf7fe685e: not ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe685e] = '\xf7'
mem[0xf7fe685f] = '\xd1'
cpu.EIP = 0xf7fe685e
cpu.ECX = 0xffffffff
cpu.execute()
self.assertEqual(mem[0xf7fe685e], '\xf7')
self.assertEqual(mem[0xf7fe685f], '\xd1')
self.assertEqual(cpu.EIP, 4160645216)
self.assertEqual(cpu.ECX, 0)
def test_NOT_13(self):
''' Instruction NOT_13
Groups:
0x8065e8a: not ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem[0x08065e8a] = '\xf7'
mem[0x08065e8b] = '\xd1'
cpu.EIP = 0x8065e8a
cpu.ECX = 0x7fff00ff
cpu.execute()
self.assertEqual(mem[0x8065e8a], '\xf7')
self.assertEqual(mem[0x8065e8b], '\xd1')
self.assertEqual(cpu.EIP, 134635148)
self.assertEqual(cpu.ECX, 2147548928)
def test_NOT_14(self):
''' Instruction NOT_14
Groups:
0x8065e85: not cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem[0x08065e85] = '\xf6'
mem[0x08065e86] = '\xd1'
cpu.EIP = 0x8065e85
cpu.CL = 0xff
cpu.execute()
self.assertEqual(mem[0x8065e85], '\xf6')
self.assertEqual(mem[0x8065e86], '\xd1')
self.assertEqual(cpu.EIP, 134635143)
self.assertEqual(cpu.CL, 0)
def test_NOT_15(self):
''' Instruction NOT_15
Groups:
0xf7fdd6c3: not eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fdd000, 0x1000, 'rwx')
mem[0xf7fdd6c3] = '\xf7'
mem[0xf7fdd6c4] = '\xd0'
cpu.EIP = 0xf7fdd6c3
cpu.EAX = 0xffffffff
cpu.execute()
self.assertEqual(mem[0xf7fdd6c3], '\xf7')
self.assertEqual(mem[0xf7fdd6c4], '\xd0')
self.assertEqual(cpu.EIP, 4160607941)
self.assertEqual(cpu.EAX, 0)
def test_NOT_2(self):
''' Instruction NOT_2
Groups:
0x8065e8f: not word ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\xef'
mem[0xffffb601] = '\x00'
mem[0x08065e8f] = 'f'
mem[0x08065e90] = '\xf7'
mem[0x08065e91] = 'U'
mem[0x08065e92] = '\x00'
cpu.EIP = 0x8065e8f
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x10')
self.assertEqual(mem[0xffffb601], '\xff')
self.assertEqual(mem[0x8065e8f], 'f')
self.assertEqual(mem[0x8065e90], '\xf7')
self.assertEqual(mem[0x8065e91], 'U')
self.assertEqual(mem[0x8065e92], '\x00')
self.assertEqual(cpu.EIP, 134635155)
self.assertEqual(cpu.EBP, 4294948352)
def test_NOT_3(self):
''' Instruction NOT_3
Groups:
0xf7fe685e: not ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe685e] = '\xf7'
mem[0xf7fe685f] = '\xd1'
cpu.EIP = 0xf7fe685e
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe685e], '\xf7')
self.assertEqual(mem[0xf7fe685f], '\xd1')
self.assertEqual(cpu.EIP, 4160645216)
self.assertEqual(cpu.ECX, 4294967295)
def test_NOT_4(self):
''' Instruction NOT_4
Groups:
0xf7e2e8fb: not eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e2e000, 0x1000, 'rwx')
mem[0xf7e2e8fb] = '\xf7'
mem[0xf7e2e8fc] = '\xd0'
cpu.EIP = 0xf7e2e8fb
cpu.EAX = 0xffffffe0
cpu.execute()
self.assertEqual(mem[0xf7e2e8fb], '\xf7')
self.assertEqual(mem[0xf7e2e8fc], '\xd0')
self.assertEqual(cpu.EIP, 4158843133)
self.assertEqual(cpu.EAX, 31)
def test_NOT_5(self):
''' Instruction NOT_5
Groups:
0xf7fe25d1: not eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe2000, 0x1000, 'rwx')
mem[0xf7fe25d1] = '\xf7'
mem[0xf7fe25d2] = '\xd0'
cpu.EIP = 0xf7fe25d1
cpu.EAX = 0x6
cpu.execute()
self.assertEqual(mem[0xf7fe25d1], '\xf7')
self.assertEqual(mem[0xf7fe25d2], '\xd0')
self.assertEqual(cpu.EIP, 4160628179)
self.assertEqual(cpu.EAX, 4294967289)
def test_NOT_6(self):
''' Instruction NOT_6
Groups:
0x8065e8c: not byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x10'
mem[0x08065e8c] = '\xf6'
mem[0x08065e8d] = 'U'
mem[0x08065e8e] = '\x00'
cpu.EIP = 0x8065e8c
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\xef')
self.assertEqual(mem[0x8065e8c], '\xf6')
self.assertEqual(mem[0x8065e8d], 'U')
self.assertEqual(mem[0x8065e8e], '\x00')
self.assertEqual(cpu.EIP, 134635151)
self.assertEqual(cpu.EBP, 4294948352)
def test_NOT_7(self):
''' Instruction NOT_7
Groups:
0xf7fe685e: not ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe685e] = '\xf7'
mem[0xf7fe685f] = '\xd1'
cpu.EIP = 0xf7fe685e
cpu.ECX = 0xffffffff
cpu.execute()
self.assertEqual(mem[0xf7fe685e], '\xf7')
self.assertEqual(mem[0xf7fe685f], '\xd1')
self.assertEqual(cpu.EIP, 4160645216)
self.assertEqual(cpu.ECX, 0)
def test_NOT_8(self):
''' Instruction NOT_8
Groups:
0xf7ff0b0e: not edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff0b0e] = '\xf7'
mem[0xf7ff0b0f] = '\xd2'
cpu.EIP = 0xf7ff0b0e
cpu.EDX = 0x800f0000
cpu.execute()
self.assertEqual(mem[0xf7ff0b0e], '\xf7')
self.assertEqual(mem[0xf7ff0b0f], '\xd2')
self.assertEqual(cpu.EIP, 4160686864)
self.assertEqual(cpu.EDX, 2146500607)
def test_NOT_9(self):
''' Instruction NOT_9
Groups:
0xf7ff0b1f: not edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff0b20] = '\xd2'
mem[0xf7ff0b1f] = '\xf7'
cpu.EIP = 0xf7ff0b1f
cpu.EDX = 0x4008000
cpu.execute()
self.assertEqual(mem[0xf7ff0b20], '\xd2')
self.assertEqual(mem[0xf7ff0b1f], '\xf7')
self.assertEqual(cpu.EIP, 4160686881)
self.assertEqual(cpu.EDX, 4227825663)
def test_OR_1(self):
''' Instruction OR_1
Groups:
0x8052945: or ecx, 0x3130313
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08052000, 0x1000, 'rwx')
mem[0x08052945] = '\x81'
mem[0x08052946] = '\xc9'
mem[0x08052947] = '\x13'
mem[0x08052948] = '\x03'
mem[0x08052949] = '\x13'
mem[0x0805294a] = '\x03'
cpu.EIP = 0x8052945
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = False
cpu.ECX = 0x3130313
cpu.execute()
self.assertEqual(mem[0x8052945], '\x81')
self.assertEqual(mem[0x8052946], '\xc9')
self.assertEqual(mem[0x8052947], '\x13')
self.assertEqual(mem[0x8052948], '\x03')
self.assertEqual(mem[0x8052949], '\x13')
self.assertEqual(mem[0x805294a], '\x03')
self.assertEqual(cpu.EIP, 134555979)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ECX, 51577619)
def test_OR_10(self):
''' Instruction OR_10
Groups:
0x804fbfd: or ecx, 0x3130313
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804f000, 0x1000, 'rwx')
mem[0x0804fc00] = '\x03'
mem[0x0804fc01] = '\x13'
mem[0x0804fc02] = '\x03'
mem[0x0804fbfd] = '\x81'
mem[0x0804fbfe] = '\xc9'
mem[0x0804fbff] = '\x13'
cpu.EIP = 0x804fbfd
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = False
cpu.ECX = 0x3130313
cpu.execute()
self.assertEqual(mem[0x804fc00], '\x03')
self.assertEqual(mem[0x804fc01], '\x13')
self.assertEqual(mem[0x804fc02], '\x03')
self.assertEqual(mem[0x804fbfd], '\x81')
self.assertEqual(mem[0x804fbfe], '\xc9')
self.assertEqual(mem[0x804fbff], '\x13')
self.assertEqual(cpu.EIP, 134544387)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ECX, 51577619)
def test_OR_11(self):
''' Instruction OR_11
Groups:
0x804f135: or ecx, 0x3130313
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804f000, 0x1000, 'rwx')
mem[0x0804f135] = '\x81'
mem[0x0804f136] = '\xc9'
mem[0x0804f137] = '\x13'
mem[0x0804f138] = '\x03'
mem[0x0804f139] = '\x13'
mem[0x0804f13a] = '\x03'
cpu.EIP = 0x804f135
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = False
cpu.ECX = 0x3130313
cpu.execute()
self.assertEqual(mem[0x804f135], '\x81')
self.assertEqual(mem[0x804f136], '\xc9')
self.assertEqual(mem[0x804f137], '\x13')
self.assertEqual(mem[0x804f138], '\x03')
self.assertEqual(mem[0x804f139], '\x13')
self.assertEqual(mem[0x804f13a], '\x03')
self.assertEqual(cpu.EIP, 134541627)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ECX, 51577619)
def test_OR_12(self):
''' Instruction OR_12
Groups:
0xf7fe99e4: or edx, dword ptr [ebp - 0x24]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe99e4] = '\x0b'
mem[0xf7fe99e5] = 'U'
mem[0xf7fe99e6] = '\xdc'
mem[0xffffd474] = '\x00'
mem[0xffffd475] = '\x00'
mem[0xffffd476] = '\x00'
mem[0xffffd477] = '\x04'
cpu.EIP = 0xf7fe99e4
cpu.EDX = 0x0
cpu.EBP = 0xffffd498
cpu.PF = True
cpu.OF = False
cpu.ZF = True
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe99e4], '\x0b')
self.assertEqual(mem[0xf7fe99e5], 'U')
self.assertEqual(mem[0xf7fe99e6], '\xdc')
self.assertEqual(mem[0xffffd474], '\x00')
self.assertEqual(mem[0xffffd475], '\x00')
self.assertEqual(mem[0xffffd476], '\x00')
self.assertEqual(mem[0xffffd477], '\x04')
self.assertEqual(cpu.EIP, 4160657895)
self.assertEqual(cpu.EDX, 67108864)
self.assertEqual(cpu.EBP, 4294956184)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_OR_13(self):
''' Instruction OR_13
Groups:
0x8072245: or ecx, 0x3130313
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08072000, 0x1000, 'rwx')
mem[0x08072245] = '\x81'
mem[0x08072246] = '\xc9'
mem[0x08072247] = '\x13'
mem[0x08072248] = '\x03'
mem[0x08072249] = '\x13'
mem[0x0807224a] = '\x03'
cpu.EIP = 0x8072245
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = True
cpu.ECX = 0xff1f731f
cpu.execute()
self.assertEqual(mem[0x8072245], '\x81')
self.assertEqual(mem[0x8072246], '\xc9')
self.assertEqual(mem[0x8072247], '\x13')
self.assertEqual(mem[0x8072248], '\x03')
self.assertEqual(mem[0x8072249], '\x13')
self.assertEqual(mem[0x807224a], '\x03')
self.assertEqual(cpu.EIP, 134685259)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, True)
self.assertEqual(cpu.ECX, 4280251167)
def test_OR_14(self):
''' Instruction OR_14
Groups:
0x8053286: or ecx, 0x3130313
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08053000, 0x1000, 'rwx')
mem[0x08053286] = '\x81'
mem[0x08053287] = '\xc9'
mem[0x08053288] = '\x13'
mem[0x08053289] = '\x03'
mem[0x0805328a] = '\x13'
mem[0x0805328b] = '\x03'
cpu.EIP = 0x8053286
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = False
cpu.ECX = 0x3130313
cpu.execute()
self.assertEqual(mem[0x8053286], '\x81')
self.assertEqual(mem[0x8053287], '\xc9')
self.assertEqual(mem[0x8053288], '\x13')
self.assertEqual(mem[0x8053289], '\x03')
self.assertEqual(mem[0x805328a], '\x13')
self.assertEqual(mem[0x805328b], '\x03')
self.assertEqual(cpu.EIP, 134558348)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ECX, 51577619)
def test_OR_15(self):
''' Instruction OR_15
Groups:
0x80556bb: or ecx, 0x3130313
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08055000, 0x1000, 'rwx')
mem[0x080556c0] = '\x03'
mem[0x080556bb] = '\x81'
mem[0x080556bc] = '\xc9'
mem[0x080556bd] = '\x13'
mem[0x080556be] = '\x03'
mem[0x080556bf] = '\x13'
cpu.EIP = 0x80556bb
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = False
cpu.ECX = 0x3130313
cpu.execute()
self.assertEqual(mem[0x80556c0], '\x03')
self.assertEqual(mem[0x80556bb], '\x81')
self.assertEqual(mem[0x80556bc], '\xc9')
self.assertEqual(mem[0x80556bd], '\x13')
self.assertEqual(mem[0x80556be], '\x03')
self.assertEqual(mem[0x80556bf], '\x13')
self.assertEqual(cpu.EIP, 134567617)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ECX, 51577619)
def test_OR_16(self):
''' Instruction OR_16
Groups:
0x8052c25: or ecx, 0x3130313
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08052000, 0x1000, 'rwx')
mem[0x08052c25] = '\x81'
mem[0x08052c26] = '\xc9'
mem[0x08052c27] = '\x13'
mem[0x08052c28] = '\x03'
mem[0x08052c29] = '\x13'
mem[0x08052c2a] = '\x03'
cpu.EIP = 0x8052c25
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = False
cpu.ECX = 0x3130313
cpu.execute()
self.assertEqual(mem[0x8052c25], '\x81')
self.assertEqual(mem[0x8052c26], '\xc9')
self.assertEqual(mem[0x8052c27], '\x13')
self.assertEqual(mem[0x8052c28], '\x03')
self.assertEqual(mem[0x8052c29], '\x13')
self.assertEqual(mem[0x8052c2a], '\x03')
self.assertEqual(cpu.EIP, 134556715)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ECX, 51577619)
def test_OR_17(self):
''' Instruction OR_17
Groups:
0x80557fd: or ecx, 0x3130313
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08055000, 0x1000, 'rwx')
mem[0x08055800] = '\x03'
mem[0x08055801] = '\x13'
mem[0x08055802] = '\x03'
mem[0x080557fd] = '\x81'
mem[0x080557fe] = '\xc9'
mem[0x080557ff] = '\x13'
cpu.EIP = 0x80557fd
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = False
cpu.ECX = 0x3130313
cpu.execute()
self.assertEqual(mem[0x8055800], '\x03')
self.assertEqual(mem[0x8055801], '\x13')
self.assertEqual(mem[0x8055802], '\x03')
self.assertEqual(mem[0x80557fd], '\x81')
self.assertEqual(mem[0x80557fe], '\xc9')
self.assertEqual(mem[0x80557ff], '\x13')
self.assertEqual(cpu.EIP, 134567939)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ECX, 51577619)
def test_OR_18(self):
''' Instruction OR_18
Groups:
0x80539e4: or ecx, 0x3130313
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08053000, 0x1000, 'rwx')
mem[0x080539e4] = '\x81'
mem[0x080539e5] = '\xc9'
mem[0x080539e6] = '\x13'
mem[0x080539e7] = '\x03'
mem[0x080539e8] = '\x13'
mem[0x080539e9] = '\x03'
cpu.EIP = 0x80539e4
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = False
cpu.ECX = 0x3130313
cpu.execute()
self.assertEqual(mem[0x80539e4], '\x81')
self.assertEqual(mem[0x80539e5], '\xc9')
self.assertEqual(mem[0x80539e6], '\x13')
self.assertEqual(mem[0x80539e7], '\x03')
self.assertEqual(mem[0x80539e8], '\x13')
self.assertEqual(mem[0x80539e9], '\x03')
self.assertEqual(cpu.EIP, 134560234)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ECX, 51577619)
def test_OR_19(self):
''' Instruction OR_19
Groups:
0x8073cc6: or ecx, 0x3130313
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08073000, 0x1000, 'rwx')
mem[0x08073cc6] = '\x81'
mem[0x08073cc7] = '\xc9'
mem[0x08073cc8] = '\x13'
mem[0x08073cc9] = '\x03'
mem[0x08073cca] = '\x13'
mem[0x08073ccb] = '\x03'
cpu.EIP = 0x8073cc6
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = True
cpu.ECX = 0xff1f731f
cpu.execute()
self.assertEqual(mem[0x8073cc6], '\x81')
self.assertEqual(mem[0x8073cc7], '\xc9')
self.assertEqual(mem[0x8073cc8], '\x13')
self.assertEqual(mem[0x8073cc9], '\x03')
self.assertEqual(mem[0x8073cca], '\x13')
self.assertEqual(mem[0x8073ccb], '\x03')
self.assertEqual(cpu.EIP, 134692044)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, True)
self.assertEqual(cpu.ECX, 4280251167)
def test_OR_2(self):
''' Instruction OR_2
Groups:
0x8072ec2: or ecx, 0x3130313
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08072000, 0x1000, 'rwx')
mem[0x08072ec2] = '\x81'
mem[0x08072ec3] = '\xc9'
mem[0x08072ec4] = '\x13'
mem[0x08072ec5] = '\x03'
mem[0x08072ec6] = '\x13'
mem[0x08072ec7] = '\x03'
cpu.EIP = 0x8072ec2
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = True
cpu.ECX = 0xff1f731f
cpu.execute()
self.assertEqual(mem[0x8072ec2], '\x81')
self.assertEqual(mem[0x8072ec3], '\xc9')
self.assertEqual(mem[0x8072ec4], '\x13')
self.assertEqual(mem[0x8072ec5], '\x03')
self.assertEqual(mem[0x8072ec6], '\x13')
self.assertEqual(mem[0x8072ec7], '\x03')
self.assertEqual(cpu.EIP, 134688456)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, True)
self.assertEqual(cpu.ECX, 4280251167)
def test_OR_20(self):
''' Instruction OR_20
Groups:
0x8051ddc: or ecx, 0x3130313
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08051000, 0x1000, 'rwx')
mem[0x08051de0] = '\x13'
mem[0x08051de1] = '\x03'
mem[0x08051ddc] = '\x81'
mem[0x08051ddd] = '\xc9'
mem[0x08051dde] = '\x13'
mem[0x08051ddf] = '\x03'
cpu.EIP = 0x8051ddc
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = False
cpu.ECX = 0x3130313
cpu.execute()
self.assertEqual(mem[0x8051de0], '\x13')
self.assertEqual(mem[0x8051de1], '\x03')
self.assertEqual(mem[0x8051ddc], '\x81')
self.assertEqual(mem[0x8051ddd], '\xc9')
self.assertEqual(mem[0x8051dde], '\x13')
self.assertEqual(mem[0x8051ddf], '\x03')
self.assertEqual(cpu.EIP, 134553058)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ECX, 51577619)
def test_OR_21(self):
''' Instruction OR_21
Groups:
0x807523f: or ecx, 0x3130313
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08075000, 0x1000, 'rwx')
mem[0x08075240] = '\xc9'
mem[0x08075241] = '\x13'
mem[0x08075242] = '\x03'
mem[0x08075243] = '\x13'
mem[0x08075244] = '\x03'
mem[0x0807523f] = '\x81'
cpu.EIP = 0x807523f
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = True
cpu.ECX = 0xff1f731f
cpu.execute()
self.assertEqual(mem[0x8075240], '\xc9')
self.assertEqual(mem[0x8075241], '\x13')
self.assertEqual(mem[0x8075242], '\x03')
self.assertEqual(mem[0x8075243], '\x13')
self.assertEqual(mem[0x8075244], '\x03')
self.assertEqual(mem[0x807523f], '\x81')
self.assertEqual(cpu.EIP, 134697541)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, True)
self.assertEqual(cpu.ECX, 4280251167)
def test_OR_3(self):
''' Instruction OR_3
Groups:
0x804dfc7: or ecx, 0x3130313
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x0804dfc7] = '\x81'
mem[0x0804dfc8] = '\xc9'
mem[0x0804dfc9] = '\x13'
mem[0x0804dfca] = '\x03'
mem[0x0804dfcb] = '\x13'
mem[0x0804dfcc] = '\x03'
cpu.EIP = 0x804dfc7
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = False
cpu.ECX = 0x3130313
cpu.execute()
self.assertEqual(mem[0x804dfc7], '\x81')
self.assertEqual(mem[0x804dfc8], '\xc9')
self.assertEqual(mem[0x804dfc9], '\x13')
self.assertEqual(mem[0x804dfca], '\x03')
self.assertEqual(mem[0x804dfcb], '\x13')
self.assertEqual(mem[0x804dfcc], '\x03')
self.assertEqual(cpu.EIP, 134537165)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ECX, 51577619)
def test_OR_4(self):
''' Instruction OR_4
Groups:
0x80755c0: or ecx, 0x3130313
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08075000, 0x1000, 'rwx')
mem[0x080755c0] = '\x81'
mem[0x080755c1] = '\xc9'
mem[0x080755c2] = '\x13'
mem[0x080755c3] = '\x03'
mem[0x080755c4] = '\x13'
mem[0x080755c5] = '\x03'
cpu.EIP = 0x80755c0
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = True
cpu.ECX = 0xff1f731f
cpu.execute()
self.assertEqual(mem[0x80755c0], '\x81')
self.assertEqual(mem[0x80755c1], '\xc9')
self.assertEqual(mem[0x80755c2], '\x13')
self.assertEqual(mem[0x80755c3], '\x03')
self.assertEqual(mem[0x80755c4], '\x13')
self.assertEqual(mem[0x80755c5], '\x03')
self.assertEqual(cpu.EIP, 134698438)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, True)
self.assertEqual(cpu.ECX, 4280251167)
def test_OR_5(self):
''' Instruction OR_5
Groups:
0x8072273: or ecx, 0x3130313
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08072000, 0x1000, 'rwx')
mem[0x08072273] = '\x81'
mem[0x08072274] = '\xc9'
mem[0x08072275] = '\x13'
mem[0x08072276] = '\x03'
mem[0x08072277] = '\x13'
mem[0x08072278] = '\x03'
cpu.EIP = 0x8072273
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = True
cpu.ECX = 0xff1f731f
cpu.execute()
self.assertEqual(mem[0x8072273], '\x81')
self.assertEqual(mem[0x8072274], '\xc9')
self.assertEqual(mem[0x8072275], '\x13')
self.assertEqual(mem[0x8072276], '\x03')
self.assertEqual(mem[0x8072277], '\x13')
self.assertEqual(mem[0x8072278], '\x03')
self.assertEqual(cpu.EIP, 134685305)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, True)
self.assertEqual(cpu.ECX, 4280251167)
def test_OR_6(self):
''' Instruction OR_6
Groups:
0x804f796: or ecx, 0x3130313
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804f000, 0x1000, 'rwx')
mem[0x0804f796] = '\x81'
mem[0x0804f797] = '\xc9'
mem[0x0804f798] = '\x13'
mem[0x0804f799] = '\x03'
mem[0x0804f79a] = '\x13'
mem[0x0804f79b] = '\x03'
cpu.EIP = 0x804f796
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = False
cpu.ECX = 0x3130313
cpu.execute()
self.assertEqual(mem[0x804f796], '\x81')
self.assertEqual(mem[0x804f797], '\xc9')
self.assertEqual(mem[0x804f798], '\x13')
self.assertEqual(mem[0x804f799], '\x03')
self.assertEqual(mem[0x804f79a], '\x13')
self.assertEqual(mem[0x804f79b], '\x03')
self.assertEqual(cpu.EIP, 134543260)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ECX, 51577619)
def test_OR_7(self):
''' Instruction OR_7
Groups:
0xf7fe7283: or eax, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7283] = '\t'
mem[0xf7fe7284] = '\xc8'
cpu.EIP = 0xf7fe7283
cpu.PF = True
cpu.EAX = 0xffffff00
cpu.OF = False
cpu.ZF = False
cpu.ECX = 0xf7e1dd00
cpu.CF = True
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fe7283], '\t')
self.assertEqual(mem[0xf7fe7284], '\xc8')
self.assertEqual(cpu.EIP, 4160647813)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EAX, 4294967040)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.ECX, 4158774528)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, True)
def test_OR_8(self):
''' Instruction OR_8
Groups:
0x80713ce: or ecx, 0x3130313
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08071000, 0x1000, 'rwx')
mem[0x080713ce] = '\x81'
mem[0x080713cf] = '\xc9'
mem[0x080713d0] = '\x13'
mem[0x080713d1] = '\x03'
mem[0x080713d2] = '\x13'
mem[0x080713d3] = '\x03'
cpu.EIP = 0x80713ce
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = True
cpu.ECX = 0xff1f731f
cpu.execute()
self.assertEqual(mem[0x80713ce], '\x81')
self.assertEqual(mem[0x80713cf], '\xc9')
self.assertEqual(mem[0x80713d0], '\x13')
self.assertEqual(mem[0x80713d1], '\x03')
self.assertEqual(mem[0x80713d2], '\x13')
self.assertEqual(mem[0x80713d3], '\x03')
self.assertEqual(cpu.EIP, 134681556)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, True)
self.assertEqual(cpu.ECX, 4280251167)
def test_OR_9(self):
''' Instruction OR_9
Groups:
0x8078547: or ecx, 0x3130313
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08078000, 0x1000, 'rwx')
mem[0x08078547] = '\x81'
mem[0x08078548] = '\xc9'
mem[0x08078549] = '\x13'
mem[0x0807854a] = '\x03'
mem[0x0807854b] = '\x13'
mem[0x0807854c] = '\x03'
cpu.EIP = 0x8078547
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = True
cpu.ECX = 0xff1f731f
cpu.execute()
self.assertEqual(mem[0x8078547], '\x81')
self.assertEqual(mem[0x8078548], '\xc9')
self.assertEqual(mem[0x8078549], '\x13')
self.assertEqual(mem[0x807854a], '\x03')
self.assertEqual(mem[0x807854b], '\x13')
self.assertEqual(mem[0x807854c], '\x03')
self.assertEqual(cpu.EIP, 134710605)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, True)
self.assertEqual(cpu.ECX, 4280251167)
def test_PALIGNR_1(self):
''' Instruction PALIGNR_1
Groups: ssse3
0x8059a25: palignr xmm0, xmm1, 2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x08059a25] = 'f'
mem[0x08059a26] = '\x0f'
mem[0x08059a27] = ':'
mem[0x08059a28] = '\x0f'
mem[0x08059a29] = '\xc1'
mem[0x08059a2a] = '\x02'
cpu.EIP = 0x8059a25
cpu.XMM0 = 0x0
cpu.XMM1 = 0x0
cpu.execute()
self.assertEqual(mem[0x8059a25], 'f')
self.assertEqual(mem[0x8059a26], '\x0f')
self.assertEqual(mem[0x8059a27], ':')
self.assertEqual(mem[0x8059a28], '\x0f')
self.assertEqual(mem[0x8059a29], '\xc1')
self.assertEqual(mem[0x8059a2a], '\x02')
self.assertEqual(cpu.EIP, 134584875)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.XMM1, 0)
def test_PALIGNR_2(self):
''' Instruction PALIGNR_2
Groups: ssse3
0x8059a2b: palignr xmm0, xmmword ptr [ebp], 2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '>'
mem[0xffffb601] = '0'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x1e'
mem[0xffffb604] = '\x00'
mem[0xffffb605] = '\x00'
mem[0xffffb606] = '\x00'
mem[0xffffb607] = '\x00'
mem[0xffffb608] = '\x00'
mem[0xffffb609] = '\x00'
mem[0xffffb60a] = '\x00'
mem[0xffffb60b] = '\x00'
mem[0xffffb60c] = '\x00'
mem[0xffffb60d] = '\x00'
mem[0xffffb60e] = '\x00'
mem[0xffffb60f] = '\x00'
mem[0x08059a2b] = 'f'
mem[0x08059a2c] = '\x0f'
mem[0x08059a2d] = ':'
mem[0x08059a2e] = '\x0f'
mem[0x08059a2f] = 'E'
mem[0x08059a30] = '\x00'
mem[0x08059a31] = '\x02'
cpu.EIP = 0x8059a2b
cpu.XMM0 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '>')
self.assertEqual(mem[0xffffb601], '0')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x1e')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\x00')
self.assertEqual(mem[0xffffb606], '\x00')
self.assertEqual(mem[0xffffb607], '\x00')
self.assertEqual(mem[0xffffb608], '\x00')
self.assertEqual(mem[0xffffb609], '\x00')
self.assertEqual(mem[0xffffb60a], '\x00')
self.assertEqual(mem[0xffffb60b], '\x00')
self.assertEqual(mem[0xffffb60c], '\x00')
self.assertEqual(mem[0xffffb60d], '\x00')
self.assertEqual(mem[0xffffb60e], '\x00')
self.assertEqual(mem[0xffffb60f], '\x00')
self.assertEqual(mem[0x8059a2b], 'f')
self.assertEqual(mem[0x8059a2c], '\x0f')
self.assertEqual(mem[0x8059a2d], ':')
self.assertEqual(mem[0x8059a2e], '\x0f')
self.assertEqual(mem[0x8059a2f], 'E')
self.assertEqual(mem[0x8059a30], '\x00')
self.assertEqual(mem[0x8059a31], '\x02')
self.assertEqual(cpu.EIP, 134584882)
self.assertEqual(cpu.XMM0, 7680)
self.assertEqual(cpu.EBP, 4294948352)
def test_PAND_1(self):
''' Instruction PAND_1
Groups: sse2
0x8079492: pand xmm0, xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079492] = 'f'
mem[0x08079493] = '\x0f'
mem[0x08079494] = '\xdb'
mem[0x08079495] = '\xc1'
cpu.EIP = 0x8079492
cpu.XMM0 = 0x0
cpu.XMM1 = 0x0
cpu.execute()
self.assertEqual(mem[0x8079492], 'f')
self.assertEqual(mem[0x8079493], '\x0f')
self.assertEqual(mem[0x8079494], '\xdb')
self.assertEqual(mem[0x8079495], '\xc1')
self.assertEqual(cpu.EIP, 134714518)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.XMM1, 0)
def test_PAND_2(self):
''' Instruction PAND_2
Groups: sse2
0x8079496: pand xmm0, xmmword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x7f'
mem[0xffffb601] = '\x03'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0xffffb604] = '\x00'
mem[0xffffb605] = '\x00'
mem[0xffffb606] = '\x00'
mem[0xffffb607] = '\x00'
mem[0xffffb608] = '\x00'
mem[0xffffb609] = '\x00'
mem[0xffffb60a] = '\x00'
mem[0xffffb60b] = '\x00'
mem[0xffffb60c] = '\x00'
mem[0xffffb60d] = '\x00'
mem[0xffffb60e] = '\x00'
mem[0xffffb60f] = '\x00'
mem[0x08079496] = 'f'
mem[0x08079497] = '\x0f'
mem[0x08079498] = '\xdb'
mem[0x08079499] = 'E'
mem[0x0807949a] = '\x00'
cpu.EIP = 0x8079496
cpu.XMM0 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x7f')
self.assertEqual(mem[0xffffb601], '\x03')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\x00')
self.assertEqual(mem[0xffffb606], '\x00')
self.assertEqual(mem[0xffffb607], '\x00')
self.assertEqual(mem[0xffffb608], '\x00')
self.assertEqual(mem[0xffffb609], '\x00')
self.assertEqual(mem[0xffffb60a], '\x00')
self.assertEqual(mem[0xffffb60b], '\x00')
self.assertEqual(mem[0xffffb60c], '\x00')
self.assertEqual(mem[0xffffb60d], '\x00')
self.assertEqual(mem[0xffffb60e], '\x00')
self.assertEqual(mem[0xffffb60f], '\x00')
self.assertEqual(mem[0x8079496], 'f')
self.assertEqual(mem[0x8079497], '\x0f')
self.assertEqual(mem[0x8079498], '\xdb')
self.assertEqual(mem[0x8079499], 'E')
self.assertEqual(mem[0x807949a], '\x00')
self.assertEqual(cpu.EIP, 134714523)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_PAUSE_1(self):
''' Instruction PAUSE_1
Groups: sse2
0x8059855: pause
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x08059855] = '\xf3'
mem[0x08059856] = '\x90'
cpu.EIP = 0x8059855
cpu.execute()
self.assertEqual(mem[0x8059855], '\xf3')
self.assertEqual(mem[0x8059856], '\x90')
self.assertEqual(cpu.EIP, 134584407)
def test_PCMPEQB_1(self):
''' Instruction PCMPEQB_1
Groups: sse2
0x80565cb: pcmpeqb xmm0, xmmword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08056000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '7'
mem[0xffffb601] = '\x01'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0xffffb604] = '\x00'
mem[0xffffb605] = '\x00'
mem[0xffffb606] = '\x00'
mem[0xffffb607] = '\x00'
mem[0xffffb608] = '\x00'
mem[0xffffb609] = '\x00'
mem[0xffffb60a] = '\x00'
mem[0x080565cb] = 'f'
mem[0x080565cc] = '\x0f'
mem[0x080565cd] = 't'
mem[0x080565ce] = 'E'
mem[0x080565cf] = '\x00'
mem[0xffffb60e] = '\x00'
mem[0xffffb60b] = '\x00'
mem[0xffffb60f] = '\x00'
mem[0xffffb60d] = '\x00'
mem[0xffffb60c] = '\x00'
cpu.EIP = 0x80565cb
cpu.XMM0 = 0xffffffffffffffffffffffffffffffff
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '7')
self.assertEqual(mem[0xffffb601], '\x01')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\x00')
self.assertEqual(mem[0xffffb606], '\x00')
self.assertEqual(mem[0xffffb607], '\x00')
self.assertEqual(mem[0xffffb608], '\x00')
self.assertEqual(mem[0xffffb609], '\x00')
self.assertEqual(mem[0xffffb60a], '\x00')
self.assertEqual(mem[0x80565cb], 'f')
self.assertEqual(mem[0x80565cc], '\x0f')
self.assertEqual(mem[0x80565cd], 't')
self.assertEqual(mem[0x80565ce], 'E')
self.assertEqual(mem[0x80565cf], '\x00')
self.assertEqual(mem[0xffffb60e], '\x00')
self.assertEqual(mem[0xffffb60b], '\x00')
self.assertEqual(mem[0xffffb60f], '\x00')
self.assertEqual(mem[0xffffb60d], '\x00')
self.assertEqual(mem[0xffffb60c], '\x00')
self.assertEqual(cpu.EIP, 134571472)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_PCMPEQB_2(self):
''' Instruction PCMPEQB_2
Groups: sse2
0x80565c7: pcmpeqb xmm0, xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08056000, 0x1000, 'rwx')
mem[0x080565c8] = '\x0f'
mem[0x080565c9] = 't'
mem[0x080565ca] = '\xc1'
mem[0x080565c7] = 'f'
cpu.EIP = 0x80565c7
cpu.XMM0 = 0x0
cpu.XMM1 = 0x0
cpu.execute()
self.assertEqual(mem[0x80565c8], '\x0f')
self.assertEqual(mem[0x80565c9], 't')
self.assertEqual(mem[0x80565ca], '\xc1')
self.assertEqual(mem[0x80565c7], 'f')
self.assertEqual(cpu.EIP, 134571467)
self.assertEqual(cpu.XMM0, 340282366920938463463374607431768211455)
self.assertEqual(cpu.XMM1, 0)
def test_PEXTRW_1(self):
''' Instruction PEXTRW_1
Groups: sse2
0x80599cf: pextrw ecx, xmm1, 2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x080599d0] = '\x0f'
mem[0x080599d1] = '\xc5'
mem[0x080599d2] = '\xc9'
mem[0x080599d3] = '\x02'
mem[0x080599cf] = 'f'
cpu.EIP = 0x80599cf
cpu.XMM1 = 0x0
cpu.ECX = 0xff0d9f31
cpu.execute()
self.assertEqual(mem[0x80599d0], '\x0f')
self.assertEqual(mem[0x80599d1], '\xc5')
self.assertEqual(mem[0x80599d2], '\xc9')
self.assertEqual(mem[0x80599d3], '\x02')
self.assertEqual(mem[0x80599cf], 'f')
self.assertEqual(cpu.EIP, 134584788)
self.assertEqual(cpu.XMM1, 0)
self.assertEqual(cpu.ECX, 0)
def test_PEXTRW_2(self):
''' Instruction PEXTRW_2
Groups: sse41
0x80599d4: pextrw word ptr [ebp], xmm1, 2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\xfb'
mem[0xffffb601] = '\xb4'
mem[0x080599d4] = 'f'
mem[0x080599d5] = '\x0f'
mem[0x080599d6] = ':'
mem[0x080599d7] = '\x15'
mem[0x080599d8] = 'M'
mem[0x080599d9] = '\x00'
mem[0x080599da] = '\x02'
cpu.EIP = 0x80599d4
cpu.XMM1 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0x80599d4], 'f')
self.assertEqual(mem[0x80599d5], '\x0f')
self.assertEqual(mem[0x80599d6], ':')
self.assertEqual(mem[0x80599d7], '\x15')
self.assertEqual(mem[0x80599d8], 'M')
self.assertEqual(mem[0x80599d9], '\x00')
self.assertEqual(mem[0x80599da], '\x02')
self.assertEqual(cpu.EIP, 134584795)
self.assertEqual(cpu.XMM1, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_PINSRW_1(self):
''' Instruction PINSRW_1
Groups: sse2
0x805ba73: pinsrw xmm0, edx, 2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x0805ba73] = 'f'
mem[0x0805ba74] = '\x0f'
mem[0x0805ba75] = '\xc4'
mem[0x0805ba76] = '\xc2'
mem[0x0805ba77] = '\x02'
cpu.EIP = 0x805ba73
cpu.XMM0 = 0x1
cpu.EDX = 0x3ec
cpu.execute()
self.assertEqual(mem[0x805ba73], 'f')
self.assertEqual(mem[0x805ba74], '\x0f')
self.assertEqual(mem[0x805ba75], '\xc4')
self.assertEqual(mem[0x805ba76], '\xc2')
self.assertEqual(mem[0x805ba77], '\x02')
self.assertEqual(cpu.EIP, 134593144)
self.assertEqual(cpu.XMM0, 4312147165185)
self.assertEqual(cpu.EDX, 1004)
def test_PINSRW_2(self):
''' Instruction PINSRW_2
Groups: sse2
0x805ba78: pinsrw xmm0, word ptr [ebp], 2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0x0805ba78] = 'f'
mem[0x0805ba79] = '\x0f'
mem[0x0805ba7a] = '\xc4'
mem[0x0805ba7b] = 'E'
mem[0x0805ba7c] = '\x00'
mem[0x0805ba7d] = '\x02'
cpu.EIP = 0x805ba78
cpu.XMM0 = 0x3ec00000001
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0x805ba78], 'f')
self.assertEqual(mem[0x805ba79], '\x0f')
self.assertEqual(mem[0x805ba7a], '\xc4')
self.assertEqual(mem[0x805ba7b], 'E')
self.assertEqual(mem[0x805ba7c], '\x00')
self.assertEqual(mem[0x805ba7d], '\x02')
self.assertEqual(cpu.EIP, 134593150)
self.assertEqual(cpu.XMM0, 1)
self.assertEqual(cpu.EBP, 4294948352)
def test_PMINUB_1(self):
''' Instruction PMINUB_1
Groups: sse2
0x8065f88: pminub xmm0, xmmword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x85'
mem[0xffffb602] = '\x1f'
mem[0xffffb603] = '\xfe'
mem[0xffffb604] = '\x00'
mem[0xffffb605] = '\x00'
mem[0xffffb606] = '\x00'
mem[0xffffb607] = '\x00'
mem[0x08065f88] = 'f'
mem[0x08065f89] = '\x0f'
mem[0x08065f8a] = '\xda'
mem[0x08065f8b] = 'E'
mem[0x08065f8c] = '\x00'
mem[0xffffb60d] = '\x00'
mem[0xffffb60b] = '\x00'
mem[0xffffb60f] = '\x00'
mem[0xffffb608] = '\x00'
mem[0xffffb60e] = '\x00'
mem[0xffffb609] = '\x00'
mem[0xffffb60a] = '\x00'
mem[0xffffb60c] = '\x00'
cpu.EIP = 0x8065f88
cpu.XMM0 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x85')
self.assertEqual(mem[0xffffb602], '\x1f')
self.assertEqual(mem[0xffffb603], '\xfe')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\x00')
self.assertEqual(mem[0xffffb606], '\x00')
self.assertEqual(mem[0xffffb607], '\x00')
self.assertEqual(mem[0x8065f88], 'f')
self.assertEqual(mem[0x8065f89], '\x0f')
self.assertEqual(mem[0x8065f8a], '\xda')
self.assertEqual(mem[0x8065f8b], 'E')
self.assertEqual(mem[0x8065f8c], '\x00')
self.assertEqual(mem[0xffffb60d], '\x00')
self.assertEqual(mem[0xffffb60e], '\x00')
self.assertEqual(mem[0xffffb60f], '\x00')
self.assertEqual(mem[0xffffb608], '\x00')
self.assertEqual(mem[0xffffb60b], '\x00')
self.assertEqual(mem[0xffffb609], '\x00')
self.assertEqual(mem[0xffffb60a], '\x00')
self.assertEqual(mem[0xffffb60c], '\x00')
self.assertEqual(cpu.EIP, 134635405)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_PMINUB_2(self):
''' Instruction PMINUB_2
Groups: sse2
0x8065f84: pminub xmm0, xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem[0x08065f84] = 'f'
mem[0x08065f85] = '\x0f'
mem[0x08065f86] = '\xda'
mem[0x08065f87] = '\xc1'
cpu.EIP = 0x8065f84
cpu.XMM0 = 0x8000800080000000
cpu.XMM1 = 0x0
cpu.execute()
self.assertEqual(mem[0x8065f84], 'f')
self.assertEqual(mem[0x8065f85], '\x0f')
self.assertEqual(mem[0x8065f86], '\xda')
self.assertEqual(mem[0x8065f87], '\xc1')
self.assertEqual(cpu.EIP, 134635400)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.XMM1, 0)
def test_PMOVMSKB_1(self):
''' Instruction PMOVMSKB_1
Groups: sse2
0x804d5b5: pmovmskb ecx, xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x0804d5b8] = '\xc9'
mem[0x0804d5b5] = 'f'
mem[0x0804d5b6] = '\x0f'
mem[0x0804d5b7] = '\xd7'
cpu.EIP = 0x804d5b5
cpu.XMM1 = 0x0
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0x804d5b8], '\xc9')
self.assertEqual(mem[0x804d5b5], 'f')
self.assertEqual(mem[0x804d5b6], '\x0f')
self.assertEqual(mem[0x804d5b7], '\xd7')
self.assertEqual(cpu.EIP, 134534585)
self.assertEqual(cpu.XMM1, 0)
self.assertEqual(cpu.ECX, 0)
def test_POPCNT_1(self):
''' Instruction POPCNT_1
Groups:
0x804d545: popcnt ecx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x0804d548] = '\xca'
mem[0x0804d545] = '\xf3'
mem[0x0804d546] = '\x0f'
mem[0x0804d547] = '\xb8'
cpu.EIP = 0x804d545
cpu.EDX = 0xf0
cpu.PF = False
cpu.AF = False
cpu.OF = False
cpu.ZF = True
cpu.ECX = 0x0
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x804d548], '\xca')
self.assertEqual(mem[0x804d545], '\xf3')
self.assertEqual(mem[0x804d546], '\x0f')
self.assertEqual(mem[0x804d547], '\xb8')
self.assertEqual(cpu.EIP, 134534473)
self.assertEqual(cpu.EDX, 240)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.ECX, 4)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_POPCNT_2(self):
''' Instruction POPCNT_2
Groups:
0x804d53a: popcnt cx, dx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x0804d53a] = 'f'
mem[0x0804d53b] = '\xf3'
mem[0x0804d53c] = '\x0f'
mem[0x0804d53d] = '\xb8'
mem[0x0804d53e] = '\xca'
cpu.EIP = 0x804d53a
cpu.CX = 0x0
cpu.PF = True
cpu.DX = 0xf0
cpu.AF = False
cpu.OF = False
cpu.ZF = True
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x804d53a], 'f')
self.assertEqual(mem[0x804d53b], '\xf3')
self.assertEqual(mem[0x804d53c], '\x0f')
self.assertEqual(mem[0x804d53d], '\xb8')
self.assertEqual(mem[0x804d53e], '\xca')
self.assertEqual(cpu.EIP, 134534463)
self.assertEqual(cpu.CX, 4)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.DX, 240)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_POPCNT_3(self):
''' Instruction POPCNT_3
Groups:
0x804d549: popcnt ecx, dword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x0804d549] = '\xf3'
mem[0x0804d54a] = '\x0f'
mem[0x0804d54b] = '\xb8'
mem[0x0804d54c] = 'M'
mem[0x0804d54d] = '\x00'
cpu.EIP = 0x804d549
cpu.EBP = 0xffffb600
cpu.PF = False
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.ECX = 0x4
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x804d549], '\xf3')
self.assertEqual(mem[0x804d54a], '\x0f')
self.assertEqual(mem[0x804d54b], '\xb8')
self.assertEqual(mem[0x804d54c], 'M')
self.assertEqual(mem[0x804d54d], '\x00')
self.assertEqual(cpu.EIP, 134534478)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.ECX, 0)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_POPCNT_4(self):
''' Instruction POPCNT_4
Groups:
0x804d53f: popcnt cx, word ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x0804d540] = '\xf3'
mem[0x0804d541] = '\x0f'
mem[0x0804d542] = '\xb8'
mem[0x0804d543] = 'M'
mem[0x0804d544] = '\x00'
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0x0804d53f] = 'f'
cpu.EBP = 0xffffb600
cpu.EIP = 0x804d53f
cpu.CX = 0x4
cpu.PF = False
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x804d540], '\xf3')
self.assertEqual(mem[0x804d541], '\x0f')
self.assertEqual(mem[0x804d542], '\xb8')
self.assertEqual(mem[0x804d543], 'M')
self.assertEqual(mem[0x804d544], '\x00')
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0x804d53f], 'f')
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.EIP, 134534469)
self.assertEqual(cpu.CX, 0)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_POPFD_1(self):
''' Instruction POPFD_1
Groups: not64bitmode
0x804840d: popfd
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem.mmap(0xffffc000, 0x1000, 'rwx')
mem[0xffffc600] = '\x00'
mem[0xffffc601] = '\x00'
mem[0xffffc602] = '\x00'
mem[0xffffc603] = '\x00'
mem[0xffffc604] = '\x00'
mem[0xffffc5ff] = '\xeb'
mem[0xffffc5fc] = '\xeb'
mem[0x0804840d] = '\x9d'
mem[0xffffc5fe] = 'n'
mem[0xffffc5fd] = '\xb6'
cpu.EIP = 0x804840d
cpu.EBP = 0xffffb600
cpu.ESP = 0xffffc600
cpu.execute()
self.assertEqual(mem[0xffffc600], '\x00')
self.assertEqual(mem[0xffffc601], '\x00')
self.assertEqual(mem[0xffffc602], '\x00')
self.assertEqual(mem[0xffffc603], '\x00')
self.assertEqual(mem[0xffffc604], '\x00')
self.assertEqual(mem[0xffffc5ff], '\xeb')
self.assertEqual(mem[0xffffc5fc], '\xeb')
self.assertEqual(mem[0x804840d], '\x9d')
self.assertEqual(mem[0xffffc5fe], 'n')
self.assertEqual(mem[0xffffc5fd], '\xb6')
self.assertEqual(cpu.EIP, 134513678)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.ESP, 4294952452)
def test_POPF_1(self):
''' Instruction POPF_1
Groups:
0x804840e: popf
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem.mmap(0xffffc000, 0x1000, 'rwx')
mem[0xffffc600] = '\x00'
mem[0xffffc601] = '\x00'
mem[0xffffc602] = '\x00'
mem[0xffffc603] = '\x00'
mem[0xffffc604] = '\x00'
mem[0xffffc605] = '\x00'
mem[0xffffc606] = '\x00'
mem[0xffffc607] = '\x00'
mem[0xffffc608] = '\x00'
mem[0x0804840e] = 'f'
mem[0x0804840f] = '\x9d'
cpu.EIP = 0x804840e
cpu.EBP = 0xffffb600
cpu.ESP = 0xffffc604
cpu.execute()
self.assertEqual(mem[0xffffc600], '\x00')
self.assertEqual(mem[0xffffc601], '\x00')
self.assertEqual(mem[0xffffc602], '\x00')
self.assertEqual(mem[0xffffc603], '\x00')
self.assertEqual(mem[0xffffc604], '\x00')
self.assertEqual(mem[0xffffc605], '\x00')
self.assertEqual(mem[0xffffc606], '\x00')
self.assertEqual(mem[0xffffc607], '\x00')
self.assertEqual(mem[0xffffc608], '\x00')
self.assertEqual(mem[0x804840e], 'f')
self.assertEqual(mem[0x804840f], '\x9d')
self.assertEqual(cpu.EIP, 134513680)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.ESP, 4294952454)
def test_POP_1(self):
''' Instruction POP_1
Groups: not64bitmode
0xf7fe4d36: pop ebx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd2e0] = '`'
mem[0xf7fe4d36] = '['
mem[0xffffd2d8] = '\xef'
mem[0xffffd2d9] = '\xab'
mem[0xffffd2da] = '\xfe'
mem[0xffffd2db] = '\xf7'
mem[0xffffd2dc] = '\x00'
mem[0xffffd2dd] = '\xd0'
mem[0xffffd2de] = '\xff'
mem[0xffffd2df] = '\xf7'
cpu.EIP = 0xf7fe4d36
cpu.EBP = 0xf7fdabf8
cpu.EBX = 0xf7ffd000
cpu.ESP = 0xffffd2dc
cpu.execute()
self.assertEqual(mem[0xffffd2e0], '`')
self.assertEqual(mem[0xf7fe4d36], '[')
self.assertEqual(mem[0xffffd2d8], '\xef')
self.assertEqual(mem[0xffffd2d9], '\xab')
self.assertEqual(mem[0xffffd2da], '\xfe')
self.assertEqual(mem[0xffffd2db], '\xf7')
self.assertEqual(mem[0xffffd2dc], '\x00')
self.assertEqual(mem[0xffffd2dd], '\xd0')
self.assertEqual(mem[0xffffd2de], '\xff')
self.assertEqual(mem[0xffffd2df], '\xf7')
self.assertEqual(cpu.EIP, 4160638263)
self.assertEqual(cpu.EBP, 4160596984)
self.assertEqual(cpu.EBX, 4160737280)
self.assertEqual(cpu.ESP, 4294955744)
def test_POP_10(self):
''' Instruction POP_10
Groups: not64bitmode
0xf7ff43d4: pop ebx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd014] = '\xd2'
mem[0xffffd015] = 'N'
mem[0xffffd016] = '\x01'
mem[0xffffd017] = '\x00'
mem[0xffffd018] = '\x00'
mem[0xf7ff43d4] = '['
mem[0xffffd01a] = '\xff'
mem[0xffffd01b] = '\xf7'
mem[0xffffd01c] = '+'
mem[0xffffd019] = '\xd0'
cpu.EIP = 0xf7ff43d4
cpu.EBP = 0xffffd308
cpu.EBX = 0xf7ff4390
cpu.ESP = 0xffffd018
cpu.execute()
self.assertEqual(mem[0xffffd014], '\xd2')
self.assertEqual(mem[0xffffd015], 'N')
self.assertEqual(mem[0xffffd016], '\x01')
self.assertEqual(mem[0xffffd017], '\x00')
self.assertEqual(mem[0xffffd018], '\x00')
self.assertEqual(mem[0xf7ff43d4], '[')
self.assertEqual(mem[0xffffd01a], '\xff')
self.assertEqual(mem[0xffffd01b], '\xf7')
self.assertEqual(mem[0xffffd01c], '+')
self.assertEqual(mem[0xffffd019], '\xd0')
self.assertEqual(cpu.EIP, 4160701397)
self.assertEqual(cpu.EBP, 4294955784)
self.assertEqual(cpu.EBX, 4160737280)
self.assertEqual(cpu.ESP, 4294955036)
def test_POP_11(self):
''' Instruction POP_11
Groups: not64bitmode
0xf7fe9129: pop edi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd4f0] = '\x00'
mem[0xffffd4f1] = '\x00'
mem[0xffffd4f2] = '\x00'
mem[0xffffd4f3] = '\x00'
mem[0xffffd4f4] = '8'
mem[0xffffd4f5] = '\xd9'
mem[0xffffd4f6] = '\xff'
mem[0xffffd4f7] = '\xf7'
mem[0xffffd4f8] = '\xc8'
mem[0xf7fe9129] = '_'
cpu.EIP = 0xf7fe9129
cpu.EDI = 0xc
cpu.EBP = 0xffffd4f8
cpu.ESP = 0xffffd4f4
cpu.execute()
self.assertEqual(mem[0xffffd4f0], '\x00')
self.assertEqual(mem[0xffffd4f1], '\x00')
self.assertEqual(mem[0xffffd4f2], '\x00')
self.assertEqual(mem[0xffffd4f3], '\x00')
self.assertEqual(mem[0xffffd4f4], '8')
self.assertEqual(mem[0xffffd4f5], '\xd9')
self.assertEqual(mem[0xffffd4f6], '\xff')
self.assertEqual(mem[0xffffd4f7], '\xf7')
self.assertEqual(mem[0xffffd4f8], '\xc8')
self.assertEqual(mem[0xf7fe9129], '_')
self.assertEqual(cpu.EIP, 4160655658)
self.assertEqual(cpu.EDI, 4160739640)
self.assertEqual(cpu.EBP, 4294956280)
self.assertEqual(cpu.ESP, 4294956280)
def test_POP_12(self):
''' Instruction POP_12
Groups: not64bitmode
0xf7fe4d38: pop edi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd2e0] = '\xf0'
mem[0xffffd2e1] = '~'
mem[0xffffd2e2] = '\xe1'
mem[0xffffd2e3] = '\xf7'
mem[0xffffd2e4] = '\x01'
mem[0xffffd2e5] = '\x00'
mem[0xffffd2e6] = '\x00'
mem[0xffffd2e7] = '\x00'
mem[0xffffd2e8] = '\x18'
mem[0xf7fe4d38] = '_'
cpu.EIP = 0xf7fe4d38
cpu.EDI = 0xf7e1e4e4
cpu.EBP = 0xf7fdaba8
cpu.ESP = 0xffffd2e4
cpu.execute()
self.assertEqual(mem[0xffffd2e0], '\xf0')
self.assertEqual(mem[0xffffd2e1], '~')
self.assertEqual(mem[0xffffd2e2], '\xe1')
self.assertEqual(mem[0xffffd2e3], '\xf7')
self.assertEqual(mem[0xffffd2e4], '\x01')
self.assertEqual(mem[0xffffd2e5], '\x00')
self.assertEqual(mem[0xffffd2e6], '\x00')
self.assertEqual(mem[0xffffd2e7], '\x00')
self.assertEqual(mem[0xffffd2e8], '\x18')
self.assertEqual(mem[0xf7fe4d38], '_')
self.assertEqual(cpu.EIP, 4160638265)
self.assertEqual(cpu.EDI, 1)
self.assertEqual(cpu.EBP, 4160596904)
self.assertEqual(cpu.ESP, 4294955752)
def test_POP_13(self):
''' Instruction POP_13
Groups: not64bitmode
0xf7ff06a2: pop esi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd010] = '"'
mem[0xffffd011] = '\x03'
mem[0xf7ff06a2] = '^'
mem[0xffffd013] = '\x00'
mem[0xffffd014] = '#'
mem[0xffffd012] = '\x00'
mem[0xffffd00c] = '\x0e'
mem[0xffffd00d] = 'p'
mem[0xffffd00e] = '\xfd'
mem[0xffffd00f] = '\xf7'
cpu.EIP = 0xf7ff06a2
cpu.EBP = 0x80481f2
cpu.ESI = 0x0
cpu.ESP = 0xffffd010
cpu.execute()
self.assertEqual(mem[0xffffd010], '"')
self.assertEqual(mem[0xffffd011], '\x03')
self.assertEqual(mem[0xf7ff06a2], '^')
self.assertEqual(mem[0xffffd013], '\x00')
self.assertEqual(mem[0xffffd014], '#')
self.assertEqual(mem[0xffffd012], '\x00')
self.assertEqual(mem[0xffffd00c], '\x0e')
self.assertEqual(mem[0xffffd00d], 'p')
self.assertEqual(mem[0xffffd00e], '\xfd')
self.assertEqual(mem[0xffffd00f], '\xf7')
self.assertEqual(cpu.EIP, 4160685731)
self.assertEqual(cpu.EBP, 134513138)
self.assertEqual(cpu.ESI, 802)
self.assertEqual(cpu.ESP, 4294955028)
def test_POP_14(self):
''' Instruction POP_14
Groups: not64bitmode
0xf7feacad: pop ebp
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fea000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd4f4] = '\\'
mem[0xffffd4f5] = '\xd5'
mem[0xffffd4f6] = '\xff'
mem[0xffffd4f7] = '\xf7'
mem[0xffffd4f8] = '\xc8'
mem[0xffffd4f9] = '\xd5'
mem[0xffffd4fa] = '\xff'
mem[0xffffd4fb] = '\xff'
mem[0xffffd4fc] = '\x11'
mem[0xf7feacad] = ']'
cpu.EIP = 0xf7feacad
cpu.EBP = 0xf7fe0740
cpu.ESP = 0xffffd4f8
cpu.execute()
self.assertEqual(mem[0xffffd4f4], '\\')
self.assertEqual(mem[0xffffd4f5], '\xd5')
self.assertEqual(mem[0xffffd4f6], '\xff')
self.assertEqual(mem[0xffffd4f7], '\xf7')
self.assertEqual(mem[0xffffd4f8], '\xc8')
self.assertEqual(mem[0xffffd4f9], '\xd5')
self.assertEqual(mem[0xffffd4fa], '\xff')
self.assertEqual(mem[0xffffd4fb], '\xff')
self.assertEqual(mem[0xffffd4fc], '\x11')
self.assertEqual(mem[0xf7feacad], ']')
self.assertEqual(cpu.EIP, 4160662702)
self.assertEqual(cpu.EBP, 4294956488)
self.assertEqual(cpu.ESP, 4294956284)
def test_POP_15(self):
''' Instruction POP_15
Groups: not64bitmode
0xf7fe4d37: pop esi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd2e0] = '\x8c'
mem[0xffffd2e1] = '\xc2'
mem[0xffffd2e2] = '\xfd'
mem[0xffffd2e3] = '\xf7'
mem[0xffffd2e4] = '\x02'
mem[0xf7fe4d37] = '^'
mem[0xffffd2dc] = '\x00'
mem[0xffffd2dd] = '\xd0'
mem[0xffffd2de] = '\xff'
mem[0xffffd2df] = '\xf7'
cpu.EIP = 0xf7fe4d37
cpu.EBP = 0xf7fdadf8
cpu.ESI = 0xd696910
cpu.ESP = 0xffffd2e0
cpu.execute()
self.assertEqual(mem[0xffffd2e0], '\x8c')
self.assertEqual(mem[0xffffd2e1], '\xc2')
self.assertEqual(mem[0xffffd2e2], '\xfd')
self.assertEqual(mem[0xffffd2e3], '\xf7')
self.assertEqual(mem[0xffffd2e4], '\x02')
self.assertEqual(mem[0xf7fe4d37], '^')
self.assertEqual(mem[0xffffd2dc], '\x00')
self.assertEqual(mem[0xffffd2dd], '\xd0')
self.assertEqual(mem[0xffffd2de], '\xff')
self.assertEqual(mem[0xffffd2df], '\xf7')
self.assertEqual(cpu.EIP, 4160638264)
self.assertEqual(cpu.EBP, 4160597496)
self.assertEqual(cpu.ESI, 4160602764)
self.assertEqual(cpu.ESP, 4294955748)
def test_POP_16(self):
''' Instruction POP_16
Groups: not64bitmode
0xf7febc56: pop esi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7feb000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd2e0] = '\x00'
mem[0xffffd2e1] = '\xd0'
mem[0xffffd2e2] = '\xff'
mem[0xffffd2e3] = '\xf7'
mem[0xffffd2e4] = '`'
mem[0xffffd2e5] = 'j'
mem[0xffffd2e6] = '\xe1'
mem[0xffffd2e7] = '\xf7'
mem[0xffffd2e8] = '\x01'
mem[0xf7febc56] = '^'
cpu.EIP = 0xf7febc56
cpu.EBP = 0xf7fdab18
cpu.ESI = 0x0
cpu.ESP = 0xffffd2e4
cpu.execute()
self.assertEqual(mem[0xffffd2e0], '\x00')
self.assertEqual(mem[0xffffd2e1], '\xd0')
self.assertEqual(mem[0xffffd2e2], '\xff')
self.assertEqual(mem[0xffffd2e3], '\xf7')
self.assertEqual(mem[0xffffd2e4], '`')
self.assertEqual(mem[0xffffd2e5], 'j')
self.assertEqual(mem[0xffffd2e6], '\xe1')
self.assertEqual(mem[0xffffd2e7], '\xf7')
self.assertEqual(mem[0xffffd2e8], '\x01')
self.assertEqual(mem[0xf7febc56], '^')
self.assertEqual(cpu.EIP, 4160666711)
self.assertEqual(cpu.EBP, 4160596760)
self.assertEqual(cpu.ESI, 4158745184)
self.assertEqual(cpu.ESP, 4294955752)
def test_POP_17(self):
''' Instruction POP_17
Groups: not64bitmode
0xf7febc56: pop esi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7feb000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd3f0] = '\x00'
mem[0xffffd3f1] = '\xd0'
mem[0xffffd3f2] = '\xff'
mem[0xffffd3f3] = '\xf7'
mem[0xffffd3f4] = '8'
mem[0xffffd3f5] = '\xd9'
mem[0xffffd3f6] = '\xff'
mem[0xffffd3f7] = '\xf7'
mem[0xffffd3f8] = '\xe9'
mem[0xf7febc56] = '^'
cpu.EIP = 0xf7febc56
cpu.EBP = 0xffffd488
cpu.ESI = 0x0
cpu.ESP = 0xffffd3f4
cpu.execute()
self.assertEqual(mem[0xffffd3f0], '\x00')
self.assertEqual(mem[0xffffd3f1], '\xd0')
self.assertEqual(mem[0xffffd3f2], '\xff')
self.assertEqual(mem[0xffffd3f3], '\xf7')
self.assertEqual(mem[0xffffd3f4], '8')
self.assertEqual(mem[0xffffd3f5], '\xd9')
self.assertEqual(mem[0xf7febc56], '^')
self.assertEqual(mem[0xffffd3f7], '\xf7')
self.assertEqual(mem[0xffffd3f8], '\xe9')
self.assertEqual(mem[0xffffd3f6], '\xff')
self.assertEqual(cpu.EIP, 4160666711)
self.assertEqual(cpu.EBP, 4294956168)
self.assertEqual(cpu.ESI, 4160739640)
self.assertEqual(cpu.ESP, 4294956024)
def test_POP_18(self):
''' Instruction POP_18
Groups: not64bitmode
0xf7fe4d37: pop esi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd2e0] = '\x94'
mem[0xffffd2e1] = 'q'
mem[0xffffd2e2] = '\xe1'
mem[0xffffd2e3] = '\xf7'
mem[0xffffd2e4] = '\x01'
mem[0xf7fe4d37] = '^'
mem[0xffffd2dc] = '\x00'
mem[0xffffd2dd] = '\xd0'
mem[0xffffd2de] = '\xff'
mem[0xffffd2df] = '\xf7'
cpu.EIP = 0xf7fe4d37
cpu.EBP = 0xf7fdadf8
cpu.ESI = 0xd696910
cpu.ESP = 0xffffd2e0
cpu.execute()
self.assertEqual(mem[0xffffd2e0], '\x94')
self.assertEqual(mem[0xffffd2e1], 'q')
self.assertEqual(mem[0xffffd2e2], '\xe1')
self.assertEqual(mem[0xffffd2e3], '\xf7')
self.assertEqual(mem[0xffffd2e4], '\x01')
self.assertEqual(mem[0xf7fe4d37], '^')
self.assertEqual(mem[0xffffd2dc], '\x00')
self.assertEqual(mem[0xffffd2dd], '\xd0')
self.assertEqual(mem[0xffffd2de], '\xff')
self.assertEqual(mem[0xffffd2df], '\xf7')
self.assertEqual(cpu.EIP, 4160638264)
self.assertEqual(cpu.EBP, 4160597496)
self.assertEqual(cpu.ESI, 4158747028)
self.assertEqual(cpu.ESP, 4294955748)
def test_POP_19(self):
''' Instruction POP_19
Groups: not64bitmode
0xf7fe4d39: pop ebp
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd2e4] = '\x01'
mem[0xffffd2e5] = '\x00'
mem[0xffffd2e6] = '\x00'
mem[0xffffd2e7] = '\x00'
mem[0xffffd2e8] = '\x18'
mem[0xffffd2e9] = '\xab'
mem[0xffffd2ea] = '\xfd'
mem[0xffffd2eb] = '\xf7'
mem[0xffffd2ec] = '\xf4'
mem[0xf7fe4d39] = ']'
cpu.EIP = 0xf7fe4d39
cpu.EBP = 0xf7fdadf8
cpu.ESP = 0xffffd2e8
cpu.execute()
self.assertEqual(mem[0xffffd2e4], '\x01')
self.assertEqual(mem[0xffffd2e5], '\x00')
self.assertEqual(mem[0xffffd2e6], '\x00')
self.assertEqual(mem[0xffffd2e7], '\x00')
self.assertEqual(mem[0xffffd2e8], '\x18')
self.assertEqual(mem[0xffffd2e9], '\xab')
self.assertEqual(mem[0xffffd2ea], '\xfd')
self.assertEqual(mem[0xffffd2eb], '\xf7')
self.assertEqual(mem[0xffffd2ec], '\xf4')
self.assertEqual(mem[0xf7fe4d39], ']')
self.assertEqual(cpu.EIP, 4160638266)
self.assertEqual(cpu.EBP, 4160596760)
self.assertEqual(cpu.ESP, 4294955756)
def test_POP_2(self):
''' Instruction POP_2
Groups: not64bitmode
0xf7fe4d36: pop ebx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd2e0] = '\x98'
mem[0xf7fe4d36] = '['
mem[0xffffd2d8] = '\xef'
mem[0xffffd2d9] = '\xab'
mem[0xffffd2da] = '\xfe'
mem[0xffffd2db] = '\xf7'
mem[0xffffd2dc] = '\x00'
mem[0xffffd2dd] = '\xd0'
mem[0xffffd2de] = '\xff'
mem[0xffffd2df] = '\xf7'
cpu.EIP = 0xf7fe4d36
cpu.EBP = 0xf7fdaba8
cpu.EBX = 0xf7ffd000
cpu.ESP = 0xffffd2dc
cpu.execute()
self.assertEqual(mem[0xffffd2e0], '\x98')
self.assertEqual(mem[0xf7fe4d36], '[')
self.assertEqual(mem[0xffffd2d8], '\xef')
self.assertEqual(mem[0xffffd2d9], '\xab')
self.assertEqual(mem[0xffffd2da], '\xfe')
self.assertEqual(mem[0xffffd2db], '\xf7')
self.assertEqual(mem[0xffffd2dc], '\x00')
self.assertEqual(mem[0xffffd2dd], '\xd0')
self.assertEqual(mem[0xffffd2de], '\xff')
self.assertEqual(mem[0xffffd2df], '\xf7')
self.assertEqual(cpu.EIP, 4160638263)
self.assertEqual(cpu.EBP, 4160596904)
self.assertEqual(cpu.EBX, 4160737280)
self.assertEqual(cpu.ESP, 4294955744)
def test_POP_20(self):
''' Instruction POP_20
Groups: not64bitmode
0xf7fe4d38: pop edi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd2e0] = '\xd0'
mem[0xffffd2e1] = '\x80'
mem[0xffffd2e2] = '\xe1'
mem[0xffffd2e3] = '\xf7'
mem[0xffffd2e4] = '\x01'
mem[0xffffd2e5] = '\x00'
mem[0xffffd2e6] = '\x00'
mem[0xffffd2e7] = '\x00'
mem[0xffffd2e8] = '\x18'
mem[0xf7fe4d38] = '_'
cpu.EIP = 0xf7fe4d38
cpu.EDI = 0xf7e1ec64
cpu.EBP = 0xf7fdaba8
cpu.ESP = 0xffffd2e4
cpu.execute()
self.assertEqual(mem[0xffffd2e0], '\xd0')
self.assertEqual(mem[0xffffd2e1], '\x80')
self.assertEqual(mem[0xffffd2e2], '\xe1')
self.assertEqual(mem[0xffffd2e3], '\xf7')
self.assertEqual(mem[0xffffd2e4], '\x01')
self.assertEqual(mem[0xffffd2e5], '\x00')
self.assertEqual(mem[0xffffd2e6], '\x00')
self.assertEqual(mem[0xffffd2e7], '\x00')
self.assertEqual(mem[0xffffd2e8], '\x18')
self.assertEqual(mem[0xf7fe4d38], '_')
self.assertEqual(cpu.EIP, 4160638265)
self.assertEqual(cpu.EDI, 1)
self.assertEqual(cpu.EBP, 4160596904)
self.assertEqual(cpu.ESP, 4294955752)
def test_POP_21(self):
''' Instruction POP_21
Groups: not64bitmode
0xf7eaa40c: pop edi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd5f0] = '\x03'
mem[0xffffd5f1] = '\x00'
mem[0xffffd5f2] = '\x00'
mem[0xffffd5f3] = '\x00'
mem[0xffffd5f4] = '\x01'
mem[0xffffd5f5] = '\x00'
mem[0xffffd5f6] = '\x00'
mem[0xffffd5f7] = '\x00'
mem[0xffffd5f8] = '\xd4'
mem[0xf7eaa40c] = '_'
cpu.EIP = 0xf7eaa40c
cpu.EDI = 0xffffd5ef
cpu.EBP = 0xbc
cpu.ESP = 0xffffd5f4
cpu.execute()
self.assertEqual(mem[0xffffd5f0], '\x03')
self.assertEqual(mem[0xffffd5f1], '\x00')
self.assertEqual(mem[0xffffd5f2], '\x00')
self.assertEqual(mem[0xffffd5f3], '\x00')
self.assertEqual(mem[0xffffd5f4], '\x01')
self.assertEqual(mem[0xffffd5f5], '\x00')
self.assertEqual(mem[0xffffd5f6], '\x00')
self.assertEqual(mem[0xffffd5f7], '\x00')
self.assertEqual(mem[0xffffd5f8], '\xd4')
self.assertEqual(mem[0xf7eaa40c], '_')
self.assertEqual(cpu.EIP, 4159349773)
self.assertEqual(cpu.EDI, 1)
self.assertEqual(cpu.EBP, 188)
self.assertEqual(cpu.ESP, 4294956536)
def test_POP_3(self):
''' Instruction POP_3
Groups: not64bitmode
0xf7fe57eb: pop ebx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd430] = '\x00'
mem[0xf7fe57eb] = '['
mem[0xffffd428] = '\x04'
mem[0xffffd429] = '\x99'
mem[0xffffd42a] = '\xe2'
mem[0xffffd42b] = '\xf7'
mem[0xffffd42c] = '\x00'
mem[0xffffd42d] = '\xd0'
mem[0xffffd42e] = '\xff'
mem[0xffffd42f] = '\xf7'
cpu.EIP = 0xf7fe57eb
cpu.EBP = 0xffffd438
cpu.EBX = 0xf7ffd000
cpu.ESP = 0xffffd42c
cpu.execute()
self.assertEqual(mem[0xffffd430], '\x00')
self.assertEqual(mem[0xffffd42b], '\xf7')
self.assertEqual(mem[0xffffd428], '\x04')
self.assertEqual(mem[0xffffd429], '\x99')
self.assertEqual(mem[0xffffd42a], '\xe2')
self.assertEqual(mem[0xf7fe57eb], '[')
self.assertEqual(mem[0xffffd42c], '\x00')
self.assertEqual(mem[0xffffd42d], '\xd0')
self.assertEqual(mem[0xffffd42e], '\xff')
self.assertEqual(mem[0xffffd42f], '\xf7')
self.assertEqual(cpu.EIP, 4160641004)
self.assertEqual(cpu.EBP, 4294956088)
self.assertEqual(cpu.EBX, 4160737280)
self.assertEqual(cpu.ESP, 4294956080)
def test_POP_4(self):
''' Instruction POP_4
Groups: not64bitmode
0xf7ff06cb: pop edi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd010] = 'A'
mem[0xffffd011] = '\x03'
mem[0xffffd012] = '\x00'
mem[0xffffd013] = '\x00'
mem[0xffffd014] = '\xb8'
mem[0xffffd015] = '\x03'
mem[0xffffd016] = '\x00'
mem[0xffffd017] = '\x00'
mem[0xffffd018] = '\xcb'
mem[0xf7ff06cb] = '_'
cpu.EIP = 0xf7ff06cb
cpu.EDI = 0x31
cpu.EBP = 0x61
cpu.ESP = 0xffffd014
cpu.execute()
self.assertEqual(mem[0xffffd010], 'A')
self.assertEqual(mem[0xffffd011], '\x03')
self.assertEqual(mem[0xffffd012], '\x00')
self.assertEqual(mem[0xffffd013], '\x00')
self.assertEqual(mem[0xffffd014], '\xb8')
self.assertEqual(mem[0xffffd015], '\x03')
self.assertEqual(mem[0xffffd016], '\x00')
self.assertEqual(mem[0xffffd017], '\x00')
self.assertEqual(mem[0xffffd018], '\xcb')
self.assertEqual(mem[0xf7ff06cb], '_')
self.assertEqual(cpu.EIP, 4160685772)
self.assertEqual(cpu.EDI, 952)
self.assertEqual(cpu.EBP, 97)
self.assertEqual(cpu.ESP, 4294955032)
def test_POP_5(self):
''' Instruction POP_5
Groups: not64bitmode
0xf7fe4d39: pop ebp
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd2e4] = '\x01'
mem[0xffffd2e5] = '\x00'
mem[0xffffd2e6] = '\x00'
mem[0xffffd2e7] = '\x00'
mem[0xffffd2e8] = '\x18'
mem[0xffffd2e9] = '\xab'
mem[0xffffd2ea] = '\xfd'
mem[0xffffd2eb] = '\xf7'
mem[0xffffd2ec] = '\xf4'
mem[0xf7fe4d39] = ']'
cpu.EIP = 0xf7fe4d39
cpu.EBP = 0xf7fdaba8
cpu.ESP = 0xffffd2e8
cpu.execute()
self.assertEqual(mem[0xffffd2e4], '\x01')
self.assertEqual(mem[0xffffd2e5], '\x00')
self.assertEqual(mem[0xffffd2e6], '\x00')
self.assertEqual(mem[0xffffd2e7], '\x00')
self.assertEqual(mem[0xffffd2e8], '\x18')
self.assertEqual(mem[0xffffd2e9], '\xab')
self.assertEqual(mem[0xffffd2ea], '\xfd')
self.assertEqual(mem[0xffffd2eb], '\xf7')
self.assertEqual(mem[0xffffd2ec], '\xf4')
self.assertEqual(mem[0xf7fe4d39], ']')
self.assertEqual(cpu.EIP, 4160638266)
self.assertEqual(cpu.EBP, 4160596760)
self.assertEqual(cpu.ESP, 4294955756)
def test_POP_6(self):
''' Instruction POP_6
Groups: not64bitmode
0xf7fe4fe2: pop esi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd370] = '\xb4'
mem[0xffffd371] = '\xd4'
mem[0xf7fe4fe2] = '^'
mem[0xffffd373] = '\xff'
mem[0xffffd374] = '\x10'
mem[0xffffd372] = '\xff'
mem[0xffffd36c] = '\x00'
mem[0xffffd36d] = '\xd0'
mem[0xffffd36e] = '\xff'
mem[0xffffd36f] = '\xf7'
cpu.EIP = 0xf7fe4fe2
cpu.EBP = 0xf7fdab18
cpu.ESI = 0xf7e17efc
cpu.ESP = 0xffffd370
cpu.execute()
self.assertEqual(mem[0xffffd370], '\xb4')
self.assertEqual(mem[0xffffd371], '\xd4')
self.assertEqual(mem[0xf7fe4fe2], '^')
self.assertEqual(mem[0xffffd373], '\xff')
self.assertEqual(mem[0xffffd374], '\x10')
self.assertEqual(mem[0xffffd372], '\xff')
self.assertEqual(mem[0xffffd36c], '\x00')
self.assertEqual(mem[0xffffd36d], '\xd0')
self.assertEqual(mem[0xffffd36e], '\xff')
self.assertEqual(mem[0xffffd36f], '\xf7')
self.assertEqual(cpu.EIP, 4160638947)
self.assertEqual(cpu.EBP, 4160596760)
self.assertEqual(cpu.ESI, 4294956212)
self.assertEqual(cpu.ESP, 4294955892)
def test_POP_7(self):
''' Instruction POP_7
Groups: not64bitmode
0xf7fe4d38: pop edi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd2e0] = '\x18'
mem[0xffffd2e1] = '\x8c'
mem[0xffffd2e2] = '\xe1'
mem[0xffffd2e3] = '\xf7'
mem[0xffffd2e4] = '\x01'
mem[0xffffd2e5] = '\x00'
mem[0xffffd2e6] = '\x00'
mem[0xffffd2e7] = '\x00'
mem[0xffffd2e8] = '\x18'
mem[0xf7fe4d38] = '_'
cpu.EIP = 0xf7fe4d38
cpu.EDI = 0xf7e21984
cpu.EBP = 0xf7fdaba8
cpu.ESP = 0xffffd2e4
cpu.execute()
self.assertEqual(mem[0xffffd2e0], '\x18')
self.assertEqual(mem[0xffffd2e1], '\x8c')
self.assertEqual(mem[0xffffd2e2], '\xe1')
self.assertEqual(mem[0xffffd2e3], '\xf7')
self.assertEqual(mem[0xffffd2e4], '\x01')
self.assertEqual(mem[0xffffd2e5], '\x00')
self.assertEqual(mem[0xffffd2e6], '\x00')
self.assertEqual(mem[0xffffd2e7], '\x00')
self.assertEqual(mem[0xffffd2e8], '\x18')
self.assertEqual(mem[0xf7fe4d38], '_')
self.assertEqual(cpu.EIP, 4160638265)
self.assertEqual(cpu.EDI, 1)
self.assertEqual(cpu.EBP, 4160596904)
self.assertEqual(cpu.ESP, 4294955752)
def test_POP_8(self):
''' Instruction POP_8
Groups: not64bitmode
0xf7fe4fe4: pop ebp
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe4fe4] = ']'
mem[0xffffd375] = '\xaa'
mem[0xffffd376] = '\xfd'
mem[0xffffd377] = '\xf7'
mem[0xffffd378] = '8'
mem[0xffffd374] = '\x10'
mem[0xffffd37a] = '\xff'
mem[0xffffd37b] = '\xff'
mem[0xffffd37c] = 'z'
mem[0xffffd379] = '\xd4'
cpu.EIP = 0xf7fe4fe4
cpu.EBP = 0xf7fdab18
cpu.ESP = 0xffffd378
cpu.execute()
self.assertEqual(mem[0xf7fe4fe4], ']')
self.assertEqual(mem[0xffffd375], '\xaa')
self.assertEqual(mem[0xffffd376], '\xfd')
self.assertEqual(mem[0xffffd377], '\xf7')
self.assertEqual(mem[0xffffd378], '8')
self.assertEqual(mem[0xffffd374], '\x10')
self.assertEqual(mem[0xffffd37a], '\xff')
self.assertEqual(mem[0xffffd37b], '\xff')
self.assertEqual(mem[0xffffd37c], 'z')
self.assertEqual(mem[0xffffd379], '\xd4')
self.assertEqual(cpu.EIP, 4160638949)
self.assertEqual(cpu.EBP, 4294956088)
self.assertEqual(cpu.ESP, 4294955900)
def test_POP_9(self):
''' Instruction POP_9
Groups: not64bitmode
0xf7fe57eb: pop ebx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd430] = '\x00'
mem[0xf7fe57eb] = '['
mem[0xffffd428] = '\x04'
mem[0xffffd429] = '\x99'
mem[0xffffd42a] = '\xe2'
mem[0xffffd42b] = '\xf7'
mem[0xffffd42c] = '\x00'
mem[0xffffd42d] = '\xd0'
mem[0xffffd42e] = '\xff'
mem[0xffffd42f] = '\xf7'
cpu.EIP = 0xf7fe57eb
cpu.EBP = 0xffffd438
cpu.EBX = 0xf7ffd000
cpu.ESP = 0xffffd42c
cpu.execute()
self.assertEqual(mem[0xffffd430], '\x00')
self.assertEqual(mem[0xffffd42b], '\xf7')
self.assertEqual(mem[0xffffd428], '\x04')
self.assertEqual(mem[0xffffd429], '\x99')
self.assertEqual(mem[0xffffd42a], '\xe2')
self.assertEqual(mem[0xf7fe57eb], '[')
self.assertEqual(mem[0xffffd42c], '\x00')
self.assertEqual(mem[0xffffd42d], '\xd0')
self.assertEqual(mem[0xffffd42e], '\xff')
self.assertEqual(mem[0xffffd42f], '\xf7')
self.assertEqual(cpu.EIP, 4160641004)
self.assertEqual(cpu.EBP, 4294956088)
self.assertEqual(cpu.EBX, 4160737280)
self.assertEqual(cpu.ESP, 4294956080)
def test_POR_1(self):
''' Instruction POR_1
Groups: sse2
0x8079357: por xmm0, xmmword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x01'
mem[0xffffb601] = '\x01'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0xffffb604] = '\x00'
mem[0xffffb605] = '\xfc'
mem[0xffffb606] = '\xf1'
mem[0xffffb607] = '\x80'
mem[0xffffb608] = '\x00'
mem[0xffffb609] = '\x00'
mem[0xffffb60a] = '\x00'
mem[0xffffb60b] = '\x00'
mem[0xffffb60c] = '\x00'
mem[0xffffb60d] = '\x00'
mem[0xffffb60e] = '\x00'
mem[0xffffb60f] = '\x00'
mem[0x08079357] = 'f'
mem[0x08079358] = '\x0f'
mem[0x08079359] = '\xeb'
mem[0x0807935a] = 'E'
mem[0x0807935b] = '\x00'
cpu.EIP = 0x8079357
cpu.XMM0 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x01')
self.assertEqual(mem[0xffffb601], '\x01')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\xfc')
self.assertEqual(mem[0xffffb606], '\xf1')
self.assertEqual(mem[0xffffb607], '\x80')
self.assertEqual(mem[0xffffb608], '\x00')
self.assertEqual(mem[0xffffb609], '\x00')
self.assertEqual(mem[0xffffb60a], '\x00')
self.assertEqual(mem[0xffffb60b], '\x00')
self.assertEqual(mem[0xffffb60c], '\x00')
self.assertEqual(mem[0xffffb60d], '\x00')
self.assertEqual(mem[0xffffb60e], '\x00')
self.assertEqual(mem[0xffffb60f], '\x00')
self.assertEqual(mem[0x8079357], 'f')
self.assertEqual(mem[0x8079358], '\x0f')
self.assertEqual(mem[0x8079359], '\xeb')
self.assertEqual(mem[0x807935a], 'E')
self.assertEqual(mem[0x807935b], '\x00')
self.assertEqual(cpu.EIP, 134714204)
self.assertEqual(cpu.XMM0, 9291484583172243713)
self.assertEqual(cpu.EBP, 4294948352)
def test_POR_2(self):
''' Instruction POR_2
Groups: sse2
0x8079353: por xmm0, xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079353] = 'f'
mem[0x08079354] = '\x0f'
mem[0x08079355] = '\xeb'
mem[0x08079356] = '\xc1'
cpu.EIP = 0x8079353
cpu.XMM0 = 0x0
cpu.XMM1 = 0x0
cpu.execute()
self.assertEqual(mem[0x8079353], 'f')
self.assertEqual(mem[0x8079354], '\x0f')
self.assertEqual(mem[0x8079355], '\xeb')
self.assertEqual(mem[0x8079356], '\xc1')
self.assertEqual(cpu.EIP, 134714199)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.XMM1, 0)
def test_PREFETCHT0_1(self):
''' Instruction PREFETCHT0_1
Groups: sse1
0x8070431: prefetcht0 byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '`'
mem[0x08070431] = '\x0f'
mem[0x08070432] = '\x18'
mem[0x08070433] = 'M'
mem[0x08070434] = '\x00'
cpu.EIP = 0x8070431
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '`')
self.assertEqual(mem[0x8070431], '\x0f')
self.assertEqual(mem[0x8070432], '\x18')
self.assertEqual(mem[0x8070433], 'M')
self.assertEqual(mem[0x8070434], '\x00')
self.assertEqual(cpu.EIP, 134677557)
self.assertEqual(cpu.EBP, 4294948352)
def test_PREFETCHT1_1(self):
''' Instruction PREFETCHT1_1
Groups: sse1
0x807042d: prefetcht1 byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x08070430] = '\x00'
mem[0xffffb600] = '`'
mem[0x0807042d] = '\x0f'
mem[0x0807042e] = '\x18'
mem[0x0807042f] = 'U'
cpu.EIP = 0x807042d
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0x8070430], '\x00')
self.assertEqual(mem[0xffffb600], '`')
self.assertEqual(mem[0x807042d], '\x0f')
self.assertEqual(mem[0x807042e], '\x18')
self.assertEqual(mem[0x807042f], 'U')
self.assertEqual(cpu.EIP, 134677553)
self.assertEqual(cpu.EBP, 4294948352)
def test_PREFETCHT2_1(self):
''' Instruction PREFETCHT2_1
Groups: sse1
0x8070429: prefetcht2 byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '`'
mem[0x08070429] = '\x0f'
mem[0x0807042a] = '\x18'
mem[0x0807042b] = ']'
mem[0x0807042c] = '\x00'
cpu.EIP = 0x8070429
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '`')
self.assertEqual(mem[0x8070429], '\x0f')
self.assertEqual(mem[0x807042a], '\x18')
self.assertEqual(mem[0x807042b], ']')
self.assertEqual(mem[0x807042c], '\x00')
self.assertEqual(cpu.EIP, 134677549)
self.assertEqual(cpu.EBP, 4294948352)
def test_PSHUFD_1(self):
''' Instruction PSHUFD_1
Groups: sse2
0x8060d6e: pshufd xmm0, xmm1, 2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08060000, 0x1000, 'rwx')
mem[0x08060d70] = 'p'
mem[0x08060d71] = '\xc1'
mem[0x08060d72] = '\x02'
mem[0x08060d6e] = 'f'
mem[0x08060d6f] = '\x0f'
cpu.EIP = 0x8060d6e
cpu.XMM0 = 0x0
cpu.XMM1 = 0x0
cpu.execute()
self.assertEqual(mem[0x8060d70], 'p')
self.assertEqual(mem[0x8060d71], '\xc1')
self.assertEqual(mem[0x8060d72], '\x02')
self.assertEqual(mem[0x8060d6e], 'f')
self.assertEqual(mem[0x8060d6f], '\x0f')
self.assertEqual(cpu.EIP, 134614387)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.XMM1, 0)
def test_PSHUFD_2(self):
''' Instruction PSHUFD_2
Groups: sse2
0x8060d73: pshufd xmm0, xmmword ptr [ebp], 2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08060000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x80'
mem[0xffffb602] = '\xf0'
mem[0xffffb603] = '\x00'
mem[0xffffb604] = '\x00'
mem[0xffffb605] = '\x00'
mem[0xffffb606] = '\x00'
mem[0xffffb607] = '\x00'
mem[0xffffb608] = '\x00'
mem[0xffffb609] = '\x00'
mem[0xffffb60a] = '\x00'
mem[0xffffb60b] = '\x00'
mem[0xffffb60c] = '\x00'
mem[0xffffb60d] = '\x00'
mem[0xffffb60e] = '\x00'
mem[0xffffb60f] = '\x00'
mem[0x08060d73] = 'f'
mem[0x08060d74] = '\x0f'
mem[0x08060d75] = 'p'
mem[0x08060d76] = 'E'
mem[0x08060d77] = '\x00'
mem[0x08060d78] = '\x02'
cpu.EIP = 0x8060d73
cpu.XMM0 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x80')
self.assertEqual(mem[0xffffb602], '\xf0')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\x00')
self.assertEqual(mem[0xffffb606], '\x00')
self.assertEqual(mem[0xffffb607], '\x00')
self.assertEqual(mem[0xffffb608], '\x00')
self.assertEqual(mem[0xffffb609], '\x00')
self.assertEqual(mem[0xffffb60a], '\x00')
self.assertEqual(mem[0xffffb60b], '\x00')
self.assertEqual(mem[0xffffb60c], '\x00')
self.assertEqual(mem[0xffffb60d], '\x00')
self.assertEqual(mem[0xffffb60e], '\x00')
self.assertEqual(mem[0xffffb60f], '\x00')
self.assertEqual(mem[0x8060d73], 'f')
self.assertEqual(mem[0x8060d74], '\x0f')
self.assertEqual(mem[0x8060d75], 'p')
self.assertEqual(mem[0x8060d76], 'E')
self.assertEqual(mem[0x8060d77], '\x00')
self.assertEqual(mem[0x8060d78], '\x02')
self.assertEqual(cpu.EIP, 134614393)
self.assertEqual(cpu.XMM0, 1248747394768372704346597415593181184)
self.assertEqual(cpu.EBP, 4294948352)
def test_PSHUFLW_1(self):
''' Instruction PSHUFLW_1
Groups: sse2
0x8060d7e: pshuflw xmm0, xmmword ptr [ebp], 2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08060000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x08060d80] = 'p'
mem[0x08060d81] = 'E'
mem[0x08060d82] = '\x00'
mem[0x08060d83] = '\x02'
mem[0xffffb604] = '\x00'
mem[0xffffb605] = '\x00'
mem[0xffffb606] = '\x00'
mem[0xffffb601] = '\x80'
mem[0xffffb608] = '\x00'
mem[0xffffb609] = '\x00'
mem[0xffffb60a] = '\x00'
mem[0xffffb60b] = '\x00'
mem[0xffffb60c] = '\x00'
mem[0xffffb602] = '\xf0'
mem[0xffffb60e] = '\x00'
mem[0xffffb60f] = '\x00'
mem[0xffffb603] = '\x00'
mem[0xffffb607] = '\x00'
mem[0xffffb600] = '\x00'
mem[0xffffb60d] = '\x00'
mem[0x08060d7e] = '\xf2'
mem[0x08060d7f] = '\x0f'
cpu.EIP = 0x8060d7e
cpu.XMM0 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0x8060d80], 'p')
self.assertEqual(mem[0x8060d81], 'E')
self.assertEqual(mem[0x8060d82], '\x00')
self.assertEqual(mem[0x8060d83], '\x02')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\x00')
self.assertEqual(mem[0xffffb606], '\x00')
self.assertEqual(mem[0xffffb601], '\x80')
self.assertEqual(mem[0xffffb608], '\x00')
self.assertEqual(mem[0xffffb609], '\x00')
self.assertEqual(mem[0xffffb60a], '\x00')
self.assertEqual(mem[0xffffb60b], '\x00')
self.assertEqual(mem[0xffffb60c], '\x00')
self.assertEqual(mem[0xffffb602], '\xf0')
self.assertEqual(mem[0xffffb60e], '\x00')
self.assertEqual(mem[0xffffb60f], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0xffffb607], '\x00')
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb60d], '\x00')
self.assertEqual(mem[0x8060d7e], '\xf2')
self.assertEqual(mem[0x8060d7f], '\x0f')
self.assertEqual(cpu.EIP, 134614404)
self.assertEqual(cpu.XMM0, 9223512776490614784)
self.assertEqual(cpu.EBP, 4294948352)
def test_PSHUFLW_2(self):
''' Instruction PSHUFLW_2
Groups: sse2
0x8060d79: pshuflw xmm0, xmm1, 2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08060000, 0x1000, 'rwx')
mem[0x08060d79] = '\xf2'
mem[0x08060d7a] = '\x0f'
mem[0x08060d7b] = 'p'
mem[0x08060d7c] = '\xc1'
mem[0x08060d7d] = '\x02'
cpu.EIP = 0x8060d79
cpu.XMM0 = 0xf0800000f0800000f0800000000000
cpu.XMM1 = 0x0
cpu.execute()
self.assertEqual(mem[0x8060d79], '\xf2')
self.assertEqual(mem[0x8060d7a], '\x0f')
self.assertEqual(mem[0x8060d7b], 'p')
self.assertEqual(mem[0x8060d7c], '\xc1')
self.assertEqual(mem[0x8060d7d], '\x02')
self.assertEqual(cpu.EIP, 134614398)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.XMM1, 0)
def test_PSLLDQ_1(self):
''' Instruction PSLLDQ_1
Groups: sse2
0x80701bd: pslldq xmm0, 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x080701c0] = '\xf8'
mem[0x080701c1] = '\x04'
mem[0x080701bd] = 'f'
mem[0x080701be] = '\x0f'
mem[0x080701bf] = 's'
cpu.EIP = 0x80701bd
cpu.XMM0 = 0x0
cpu.execute()
self.assertEqual(mem[0x80701c0], '\xf8')
self.assertEqual(mem[0x80701c1], '\x04')
self.assertEqual(mem[0x80701bd], 'f')
self.assertEqual(mem[0x80701be], '\x0f')
self.assertEqual(mem[0x80701bf], 's')
self.assertEqual(cpu.EIP, 134676930)
self.assertEqual(cpu.XMM0, 0)
def test_PSLLDQ_2(self):
''' Instruction PSLLDQ_2
Groups: sse2
0x80701c2: pslldq xmm0, -1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x080701c2] = 'f'
mem[0x080701c3] = '\x0f'
mem[0x080701c4] = 's'
mem[0x080701c5] = '\xf8'
mem[0x080701c6] = '\xff'
cpu.EIP = 0x80701c2
cpu.XMM0 = 0x0
cpu.execute()
self.assertEqual(mem[0x80701c2], 'f')
self.assertEqual(mem[0x80701c3], '\x0f')
self.assertEqual(mem[0x80701c4], 's')
self.assertEqual(mem[0x80701c5], '\xf8')
self.assertEqual(mem[0x80701c6], '\xff')
self.assertEqual(cpu.EIP, 134676935)
self.assertEqual(cpu.XMM0, 0)
def test_PSRLDQ_1(self):
''' Instruction PSRLDQ_1
Groups: sse2
0x807948d: psrldq xmm0, -1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079490] = '\xd8'
mem[0x08079491] = '\xff'
mem[0x0807948d] = 'f'
mem[0x0807948e] = '\x0f'
mem[0x0807948f] = 's'
cpu.EIP = 0x807948d
cpu.XMM0 = 0x0
cpu.execute()
self.assertEqual(mem[0x8079490], '\xd8')
self.assertEqual(mem[0x8079491], '\xff')
self.assertEqual(mem[0x807948d], 'f')
self.assertEqual(mem[0x807948e], '\x0f')
self.assertEqual(mem[0x807948f], 's')
self.assertEqual(cpu.EIP, 134714514)
self.assertEqual(cpu.XMM0, 0)
def test_PSRLDQ_2(self):
''' Instruction PSRLDQ_2
Groups: sse2
0x8079488: psrldq xmm0, 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079488] = 'f'
mem[0x08079489] = '\x0f'
mem[0x0807948a] = 's'
mem[0x0807948b] = '\xd8'
mem[0x0807948c] = '\x04'
cpu.EIP = 0x8079488
cpu.XMM0 = 0x0
cpu.execute()
self.assertEqual(mem[0x8079488], 'f')
self.assertEqual(mem[0x8079489], '\x0f')
self.assertEqual(mem[0x807948a], 's')
self.assertEqual(mem[0x807948b], '\xd8')
self.assertEqual(mem[0x807948c], '\x04')
self.assertEqual(cpu.EIP, 134714509)
self.assertEqual(cpu.XMM0, 0)
def test_PSRLQ_1(self):
''' Instruction PSRLQ_1
Groups: sse2
0x80702c5: psrlq xmm0, xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x080702c8] = '\xc1'
mem[0x080702c5] = 'f'
mem[0x080702c6] = '\x0f'
mem[0x080702c7] = '\xd3'
cpu.EIP = 0x80702c5
cpu.XMM0 = 0x80f1fc0001e18501
cpu.XMM1 = 0x0
cpu.execute()
self.assertEqual(mem[0x80702c8], '\xc1')
self.assertEqual(mem[0x80702c5], 'f')
self.assertEqual(mem[0x80702c6], '\x0f')
self.assertEqual(mem[0x80702c7], '\xd3')
self.assertEqual(cpu.EIP, 134677193)
self.assertEqual(cpu.XMM0, 9291484583203800321)
self.assertEqual(cpu.XMM1, 0)
def test_PSRLQ_2(self):
''' Instruction PSRLQ_2
Groups: sse2
0x80702c9: psrlq xmm0, xmmword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x01'
mem[0xffffb601] = '\x85'
mem[0xffffb602] = '\xe1'
mem[0xffffb603] = '\x01'
mem[0xffffb604] = '\x00'
mem[0xffffb605] = '\xfc'
mem[0xffffb606] = '\xf1'
mem[0xffffb607] = '\x80'
mem[0xffffb608] = '\x00'
mem[0x080702c9] = 'f'
mem[0x080702ca] = '\x0f'
mem[0x080702cb] = '\xd3'
mem[0x080702cc] = 'E'
mem[0x080702cd] = '\x00'
mem[0xffffb60b] = '\x00'
mem[0xffffb60d] = '\x00'
mem[0xffffb60e] = '\x00'
mem[0xffffb609] = '\x00'
mem[0xffffb60f] = '\x00'
mem[0xffffb60a] = '\x00'
mem[0xffffb60c] = '\x00'
cpu.EIP = 0x80702c9
cpu.XMM0 = 0x80f1fc0001e18501
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x01')
self.assertEqual(mem[0xffffb601], '\x85')
self.assertEqual(mem[0xffffb602], '\xe1')
self.assertEqual(mem[0xffffb603], '\x01')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\xfc')
self.assertEqual(mem[0xffffb606], '\xf1')
self.assertEqual(mem[0xffffb607], '\x80')
self.assertEqual(mem[0xffffb608], '\x00')
self.assertEqual(mem[0x80702c9], 'f')
self.assertEqual(mem[0x80702ca], '\x0f')
self.assertEqual(mem[0x80702cb], '\xd3')
self.assertEqual(mem[0x80702cc], 'E')
self.assertEqual(mem[0x80702cd], '\x00')
self.assertEqual(mem[0xffffb60e], '\x00')
self.assertEqual(mem[0xffffb60d], '\x00')
self.assertEqual(mem[0xffffb60b], '\x00')
self.assertEqual(mem[0xffffb609], '\x00')
self.assertEqual(mem[0xffffb60f], '\x00')
self.assertEqual(mem[0xffffb60a], '\x00')
self.assertEqual(mem[0xffffb60c], '\x00')
self.assertEqual(cpu.EIP, 134677198)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_PSRLQ_3(self):
''' Instruction PSRLQ_3
Groups: sse2
0x80702ce: psrlq xmm0, 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x080702d0] = 's'
mem[0x080702d1] = '\xd0'
mem[0x080702d2] = '\x04'
mem[0x080702ce] = 'f'
mem[0x080702cf] = '\x0f'
cpu.EIP = 0x80702ce
cpu.XMM0 = 0x0
cpu.execute()
self.assertEqual(mem[0x80702d0], 's')
self.assertEqual(mem[0x80702d1], '\xd0')
self.assertEqual(mem[0x80702d2], '\x04')
self.assertEqual(mem[0x80702ce], 'f')
self.assertEqual(mem[0x80702cf], '\x0f')
self.assertEqual(cpu.EIP, 134677203)
self.assertEqual(cpu.XMM0, 0)
def test_PSRLQ_4(self):
''' Instruction PSRLQ_4
Groups: sse2
0x80702d3: psrlq xmm0, -1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x080702d3] = 'f'
mem[0x080702d4] = '\x0f'
mem[0x080702d5] = 's'
mem[0x080702d6] = '\xd0'
mem[0x080702d7] = '\xff'
cpu.EIP = 0x80702d3
cpu.XMM0 = 0x0
cpu.execute()
self.assertEqual(mem[0x80702d3], 'f')
self.assertEqual(mem[0x80702d4], '\x0f')
self.assertEqual(mem[0x80702d5], 's')
self.assertEqual(mem[0x80702d6], '\xd0')
self.assertEqual(mem[0x80702d7], '\xff')
self.assertEqual(cpu.EIP, 134677208)
self.assertEqual(cpu.XMM0, 0)
def test_PSUBB_1(self):
''' Instruction PSUBB_1
Groups: sse2
0x805bb96: psubb xmm0, xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x0805bb98] = '\xf8'
mem[0x0805bb99] = '\xc1'
mem[0x0805bb96] = 'f'
mem[0x0805bb97] = '\x0f'
cpu.EIP = 0x805bb96
cpu.XMM0 = 0x0
cpu.XMM1 = 0x0
cpu.execute()
self.assertEqual(mem[0x805bb98], '\xf8')
self.assertEqual(mem[0x805bb99], '\xc1')
self.assertEqual(mem[0x805bb96], 'f')
self.assertEqual(mem[0x805bb97], '\x0f')
self.assertEqual(cpu.EIP, 134593434)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.XMM1, 0)
def test_PSUBB_2(self):
''' Instruction PSUBB_2
Groups: sse2
0x805bb9a: psubb xmm0, xmmword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0xffffb604] = '\x00'
mem[0xffffb605] = '\x00'
mem[0xffffb606] = '\x00'
mem[0xffffb607] = '\x00'
mem[0xffffb608] = '\x00'
mem[0xffffb609] = '\x00'
mem[0xffffb60a] = '\x00'
mem[0xffffb60b] = '\x00'
mem[0xffffb60c] = '\x00'
mem[0xffffb60d] = '\x00'
mem[0xffffb60e] = '\x00'
mem[0xffffb60f] = '\x00'
mem[0x0805bb9a] = 'f'
mem[0x0805bb9b] = '\x0f'
mem[0x0805bb9c] = '\xf8'
mem[0x0805bb9d] = 'E'
mem[0x0805bb9e] = '\x00'
cpu.EIP = 0x805bb9a
cpu.XMM0 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\x00')
self.assertEqual(mem[0xffffb606], '\x00')
self.assertEqual(mem[0xffffb607], '\x00')
self.assertEqual(mem[0xffffb608], '\x00')
self.assertEqual(mem[0xffffb609], '\x00')
self.assertEqual(mem[0xffffb60a], '\x00')
self.assertEqual(mem[0xffffb60b], '\x00')
self.assertEqual(mem[0xffffb60c], '\x00')
self.assertEqual(mem[0xffffb60d], '\x00')
self.assertEqual(mem[0xffffb60e], '\x00')
self.assertEqual(mem[0xffffb60f], '\x00')
self.assertEqual(mem[0x805bb9a], 'f')
self.assertEqual(mem[0x805bb9b], '\x0f')
self.assertEqual(mem[0x805bb9c], '\xf8')
self.assertEqual(mem[0x805bb9d], 'E')
self.assertEqual(mem[0x805bb9e], '\x00')
self.assertEqual(cpu.EIP, 134593439)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_PTEST_1(self):
''' Instruction PTEST_1
Groups: sse41
0x80702df: ptest xmm0, xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x080702e0] = '\x0f'
mem[0x080702e1] = '8'
mem[0x080702e2] = '\x17'
mem[0x080702e3] = '\xc1'
mem[0x080702df] = 'f'
cpu.EIP = 0x80702df
cpu.XMM0 = 0x0
cpu.XMM1 = 0x0
cpu.PF = False
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x80702e0], '\x0f')
self.assertEqual(mem[0x80702e1], '8')
self.assertEqual(mem[0x80702e2], '\x17')
self.assertEqual(mem[0x80702e3], '\xc1')
self.assertEqual(mem[0x80702df], 'f')
self.assertEqual(cpu.EIP, 134677220)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.XMM1, 0)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.SF, False)
def test_PTEST_2(self):
''' Instruction PTEST_2
Groups: sse41
0x80702e4: ptest xmm0, xmmword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x85'
mem[0xffffb602] = '\xe1'
mem[0xffffb603] = '\x01'
mem[0xffffb604] = '\x00'
mem[0xffffb605] = '\xfc'
mem[0xffffb606] = '\xf1'
mem[0xffffb607] = '\x80'
mem[0xffffb608] = '\x00'
mem[0xffffb609] = '\x00'
mem[0xffffb60a] = '\x00'
mem[0xffffb60b] = '\x00'
mem[0xffffb60c] = '\x00'
mem[0xffffb60d] = '\x00'
mem[0xffffb60e] = '\x00'
mem[0xffffb60f] = '\x00'
mem[0x080702e4] = 'f'
mem[0x080702e5] = '\x0f'
mem[0x080702e6] = '8'
mem[0x080702e7] = '\x17'
mem[0x080702e8] = 'E'
mem[0x080702e9] = '\x00'
cpu.EIP = 0x80702e4
cpu.XMM0 = 0x0
cpu.EBP = 0xffffb600
cpu.PF = False
cpu.AF = False
cpu.OF = False
cpu.ZF = True
cpu.CF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x85')
self.assertEqual(mem[0xffffb602], '\xe1')
self.assertEqual(mem[0xffffb603], '\x01')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\xfc')
self.assertEqual(mem[0xffffb606], '\xf1')
self.assertEqual(mem[0xffffb607], '\x80')
self.assertEqual(mem[0xffffb608], '\x00')
self.assertEqual(mem[0xffffb609], '\x00')
self.assertEqual(mem[0xffffb60a], '\x00')
self.assertEqual(mem[0xffffb60b], '\x00')
self.assertEqual(mem[0xffffb60c], '\x00')
self.assertEqual(mem[0xffffb60d], '\x00')
self.assertEqual(mem[0xffffb60e], '\x00')
self.assertEqual(mem[0xffffb60f], '\x00')
self.assertEqual(mem[0x80702e4], 'f')
self.assertEqual(mem[0x80702e5], '\x0f')
self.assertEqual(mem[0x80702e6], '8')
self.assertEqual(mem[0x80702e7], '\x17')
self.assertEqual(mem[0x80702e8], 'E')
self.assertEqual(mem[0x80702e9], '\x00')
self.assertEqual(cpu.EIP, 134677226)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_PUNPCKLBW_1(self):
''' Instruction PUNPCKLBW_1
Groups: sse2
0x8079382: punpcklbw xmm0, xmmword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x01'
mem[0xffffb601] = '\x00'
mem[0x08079382] = 'f'
mem[0x08079383] = '\x0f'
mem[0x08079384] = '`'
mem[0x08079385] = 'E'
mem[0x08079386] = '\x00'
mem[0xffffb607] = '\x80'
mem[0xffffb608] = '\x00'
mem[0xffffb609] = '\x00'
mem[0xffffb606] = '\xf1'
mem[0xffffb60b] = '\x00'
mem[0xffffb60c] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb60e] = '\x00'
mem[0xffffb60d] = '\x00'
mem[0xffffb603] = '\x00'
mem[0xffffb604] = '\x00'
mem[0xffffb60f] = '\x00'
mem[0xffffb60a] = '\x00'
mem[0xffffb605] = '\xfc'
cpu.EIP = 0x8079382
cpu.XMM0 = 0x8000f100fc00000000000000010001
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x01')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0x8079382], 'f')
self.assertEqual(mem[0x8079383], '\x0f')
self.assertEqual(mem[0x8079384], '`')
self.assertEqual(mem[0x8079385], 'E')
self.assertEqual(mem[0x8079386], '\x00')
self.assertEqual(mem[0xffffb607], '\x80')
self.assertEqual(mem[0xffffb608], '\x00')
self.assertEqual(mem[0xffffb609], '\x00')
self.assertEqual(mem[0xffffb60a], '\x00')
self.assertEqual(mem[0xffffb60b], '\x00')
self.assertEqual(mem[0xffffb60c], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb60e], '\x00')
self.assertEqual(mem[0xffffb60d], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0xffffb606], '\xf1')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb60f], '\x00')
self.assertEqual(mem[0xffffb605], '\xfc')
self.assertEqual(cpu.EIP, 134714247)
self.assertEqual(cpu.XMM0, 170146071599173934259238432326383829249)
self.assertEqual(cpu.EBP, 4294948352)
def test_PUNPCKLBW_2(self):
''' Instruction PUNPCKLBW_2
Groups: sse2
0x807937e: punpcklbw xmm0, xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079380] = '`'
mem[0x08079381] = '\xc1'
mem[0x0807937e] = 'f'
mem[0x0807937f] = '\x0f'
cpu.EIP = 0x807937e
cpu.XMM0 = 0x80f1fc0000000101
cpu.XMM1 = 0x0
cpu.execute()
self.assertEqual(mem[0x8079380], '`')
self.assertEqual(mem[0x8079381], '\xc1')
self.assertEqual(mem[0x807937e], 'f')
self.assertEqual(mem[0x807937f], '\x0f')
self.assertEqual(cpu.EIP, 134714242)
self.assertEqual(cpu.XMM0, 664633092184273180700150126258225153)
self.assertEqual(cpu.XMM1, 0)
def test_PUNPCKLDQ_1(self):
''' Instruction PUNPCKLDQ_1
Groups: sse2
0x804d60e: punpckldq xmm0, xmmword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0xffffb604] = '\x00'
mem[0xffffb605] = '\x00'
mem[0xffffb606] = '\x00'
mem[0xffffb607] = '\x00'
mem[0xffffb608] = '\x00'
mem[0xffffb609] = '\x00'
mem[0xffffb60a] = '\x00'
mem[0xffffb60b] = '\x00'
mem[0xffffb60c] = '\x00'
mem[0xffffb60d] = '\x00'
mem[0x0804d60e] = 'f'
mem[0x0804d60f] = '\x0f'
mem[0x0804d610] = 'b'
mem[0x0804d611] = 'E'
mem[0x0804d612] = '\x00'
mem[0xffffb60e] = '\x00'
mem[0xffffb60f] = '\x00'
cpu.EIP = 0x804d60e
cpu.XMM0 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\x00')
self.assertEqual(mem[0xffffb606], '\x00')
self.assertEqual(mem[0xffffb607], '\x00')
self.assertEqual(mem[0xffffb608], '\x00')
self.assertEqual(mem[0xffffb609], '\x00')
self.assertEqual(mem[0xffffb60a], '\x00')
self.assertEqual(mem[0xffffb60b], '\x00')
self.assertEqual(mem[0xffffb60c], '\x00')
self.assertEqual(mem[0xffffb60d], '\x00')
self.assertEqual(mem[0x804d60e], 'f')
self.assertEqual(mem[0x804d60f], '\x0f')
self.assertEqual(mem[0x804d610], 'b')
self.assertEqual(mem[0x804d611], 'E')
self.assertEqual(mem[0x804d612], '\x00')
self.assertEqual(mem[0xffffb60e], '\x00')
self.assertEqual(mem[0xffffb60f], '\x00')
self.assertEqual(cpu.EIP, 134534675)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_PUNPCKLDQ_2(self):
''' Instruction PUNPCKLDQ_2
Groups: sse2
0x804d60a: punpckldq xmm0, xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x0804d60a] = 'f'
mem[0x0804d60b] = '\x0f'
mem[0x0804d60c] = 'b'
mem[0x0804d60d] = '\xc1'
cpu.EIP = 0x804d60a
cpu.XMM0 = 0x0
cpu.XMM1 = 0x0
cpu.execute()
self.assertEqual(mem[0x804d60a], 'f')
self.assertEqual(mem[0x804d60b], '\x0f')
self.assertEqual(mem[0x804d60c], 'b')
self.assertEqual(mem[0x804d60d], '\xc1')
self.assertEqual(cpu.EIP, 134534670)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.XMM1, 0)
def test_PUNPCKLQDQ_1(self):
''' Instruction PUNPCKLQDQ_1
Groups: sse2
0x8056673: punpcklqdq xmm0, xmmword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08056000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\xff'
mem[0xffffb601] = '\xff'
mem[0xffffb602] = '\xff'
mem[0xffffb603] = '\xff'
mem[0xffffb604] = '\x00'
mem[0xffffb605] = '\x00'
mem[0xffffb606] = '\x00'
mem[0xffffb607] = '\x00'
mem[0xffffb608] = '\x00'
mem[0xffffb609] = '\x00'
mem[0xffffb60a] = '\x00'
mem[0xffffb60b] = '\x00'
mem[0xffffb60c] = '\x00'
mem[0xffffb60d] = '\x00'
mem[0xffffb60e] = '\x00'
mem[0xffffb60f] = '\x00'
mem[0x08056673] = 'f'
mem[0x08056674] = '\x0f'
mem[0x08056675] = 'l'
mem[0x08056676] = 'E'
mem[0x08056677] = '\x00'
cpu.EIP = 0x8056673
cpu.XMM0 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\xff')
self.assertEqual(mem[0xffffb601], '\xff')
self.assertEqual(mem[0xffffb602], '\xff')
self.assertEqual(mem[0xffffb603], '\xff')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\x00')
self.assertEqual(mem[0xffffb606], '\x00')
self.assertEqual(mem[0xffffb607], '\x00')
self.assertEqual(mem[0xffffb608], '\x00')
self.assertEqual(mem[0xffffb609], '\x00')
self.assertEqual(mem[0xffffb60a], '\x00')
self.assertEqual(mem[0xffffb60b], '\x00')
self.assertEqual(mem[0xffffb60c], '\x00')
self.assertEqual(mem[0xffffb60d], '\x00')
self.assertEqual(mem[0xffffb60e], '\x00')
self.assertEqual(mem[0xffffb60f], '\x00')
self.assertEqual(mem[0x8056673], 'f')
self.assertEqual(mem[0x8056674], '\x0f')
self.assertEqual(mem[0x8056675], 'l')
self.assertEqual(mem[0x8056676], 'E')
self.assertEqual(mem[0x8056677], '\x00')
self.assertEqual(cpu.EIP, 134571640)
self.assertEqual(cpu.XMM0, 79228162495817593519834398720)
self.assertEqual(cpu.EBP, 4294948352)
def test_PUNPCKLQDQ_2(self):
''' Instruction PUNPCKLQDQ_2
Groups: sse2
0x805666f: punpcklqdq xmm0, xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08056000, 0x1000, 'rwx')
mem[0x08056670] = '\x0f'
mem[0x08056671] = 'l'
mem[0x08056672] = '\xc1'
mem[0x0805666f] = 'f'
cpu.EIP = 0x805666f
cpu.XMM0 = 0x0
cpu.XMM1 = 0x0
cpu.execute()
self.assertEqual(mem[0x8056670], '\x0f')
self.assertEqual(mem[0x8056671], 'l')
self.assertEqual(mem[0x8056672], '\xc1')
self.assertEqual(mem[0x805666f], 'f')
self.assertEqual(cpu.EIP, 134571635)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.XMM1, 0)
def test_PUNPCKLWD_1(self):
''' Instruction PUNPCKLWD_1
Groups: sse2
0x805985b: punpcklwd xmm0, xmmword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0xffffb604] = '\x00'
mem[0xffffb605] = '\x00'
mem[0xffffb606] = '\x00'
mem[0xffffb607] = '\x00'
mem[0xffffb608] = '\x00'
mem[0xffffb609] = '\x00'
mem[0xffffb60a] = '\x00'
mem[0xffffb60b] = '\x00'
mem[0xffffb60c] = '\x00'
mem[0xffffb60d] = '\x00'
mem[0xffffb60e] = '\x00'
mem[0xffffb60f] = '\x00'
mem[0x0805985b] = 'f'
mem[0x0805985c] = '\x0f'
mem[0x0805985d] = 'a'
mem[0x0805985e] = 'E'
mem[0x0805985f] = '\x00'
cpu.EIP = 0x805985b
cpu.XMM0 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\x00')
self.assertEqual(mem[0xffffb606], '\x00')
self.assertEqual(mem[0xffffb607], '\x00')
self.assertEqual(mem[0xffffb608], '\x00')
self.assertEqual(mem[0xffffb609], '\x00')
self.assertEqual(mem[0xffffb60a], '\x00')
self.assertEqual(mem[0xffffb60b], '\x00')
self.assertEqual(mem[0xffffb60c], '\x00')
self.assertEqual(mem[0xffffb60d], '\x00')
self.assertEqual(mem[0xffffb60e], '\x00')
self.assertEqual(mem[0xffffb60f], '\x00')
self.assertEqual(mem[0x805985b], 'f')
self.assertEqual(mem[0x805985c], '\x0f')
self.assertEqual(mem[0x805985d], 'a')
self.assertEqual(mem[0x805985e], 'E')
self.assertEqual(mem[0x805985f], '\x00')
self.assertEqual(cpu.EIP, 134584416)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_PUNPCKLWD_2(self):
''' Instruction PUNPCKLWD_2
Groups: sse2
0x8059857: punpcklwd xmm0, xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x08059858] = '\x0f'
mem[0x08059859] = 'a'
mem[0x0805985a] = '\xc1'
mem[0x08059857] = 'f'
cpu.EIP = 0x8059857
cpu.XMM0 = 0x0
cpu.XMM1 = 0x0
cpu.execute()
self.assertEqual(mem[0x8059858], '\x0f')
self.assertEqual(mem[0x8059859], 'a')
self.assertEqual(mem[0x805985a], '\xc1')
self.assertEqual(mem[0x8059857], 'f')
self.assertEqual(cpu.EIP, 134584411)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.XMM1, 0)
def test_PUSH_1(self):
''' Instruction PUSH_1
Groups: not64bitmode
0xf7febbf3: push esi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7feb000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7febbf3] = 'V'
mem[0xffffd3f4] = '8'
mem[0xffffd3f5] = '\xd9'
mem[0xffffd3f6] = '\xff'
mem[0xffffd3f7] = '\xf7'
mem[0xffffd3f8] = '\xe9'
mem[0xffffd3f9] = '\x81'
mem[0xffffd3fa] = '\x04'
mem[0xffffd3fb] = '\x08'
mem[0xffffd3fc] = 'L'
cpu.EIP = 0xf7febbf3
cpu.EBP = 0xffffd488
cpu.ESI = 0xf7ffdc28
cpu.ESP = 0xffffd3f8
cpu.execute()
self.assertEqual(mem[0xf7febbf3], 'V')
self.assertEqual(mem[0xffffd3f4], '(')
self.assertEqual(mem[0xffffd3f5], '\xdc')
self.assertEqual(mem[0xffffd3f6], '\xff')
self.assertEqual(mem[0xffffd3f7], '\xf7')
self.assertEqual(mem[0xffffd3f8], '\xe9')
self.assertEqual(mem[0xffffd3f9], '\x81')
self.assertEqual(mem[0xffffd3fa], '\x04')
self.assertEqual(mem[0xffffd3fb], '\x08')
self.assertEqual(mem[0xffffd3fc], 'L')
self.assertEqual(cpu.EIP, 4160666612)
self.assertEqual(cpu.EBP, 4294956168)
self.assertEqual(cpu.ESI, 4160740392)
self.assertEqual(cpu.ESP, 4294956020)
def test_PUSH_10(self):
''' Instruction PUSH_10
Groups: not64bitmode
0xf7fe4c87: push ebx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd2e0] = 'l'
mem[0xffffd2e1] = '\x8a'
mem[0xffffd2e2] = '\xe1'
mem[0xffffd2e3] = '\xf7'
mem[0xffffd2e4] = '\x01'
mem[0xf7fe4c87] = 'S'
mem[0xffffd2dc] = '\x00'
mem[0xffffd2dd] = '\xd0'
mem[0xffffd2de] = '\xff'
mem[0xffffd2df] = '\xf7'
cpu.EIP = 0xf7fe4c87
cpu.EBP = 0xf7fdab18
cpu.EBX = 0xf7ffd000
cpu.ESP = 0xffffd2e0
cpu.execute()
self.assertEqual(mem[0xffffd2e0], 'l')
self.assertEqual(mem[0xffffd2e1], '\x8a')
self.assertEqual(mem[0xffffd2e2], '\xe1')
self.assertEqual(mem[0xffffd2e3], '\xf7')
self.assertEqual(mem[0xffffd2e4], '\x01')
self.assertEqual(mem[0xf7fe4c87], 'S')
self.assertEqual(mem[0xffffd2dc], '\x00')
self.assertEqual(mem[0xffffd2dd], '\xd0')
self.assertEqual(mem[0xffffd2de], '\xff')
self.assertEqual(mem[0xffffd2df], '\xf7')
self.assertEqual(cpu.EIP, 4160638088)
self.assertEqual(cpu.EBP, 4160596760)
self.assertEqual(cpu.EBX, 4160737280)
self.assertEqual(cpu.ESP, 4294955740)
def test_PUSH_11(self):
''' Instruction PUSH_11
Groups: not64bitmode
0xf7fe4c87: push ebx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd2e0] = '\x88'
mem[0xffffd2e1] = 'v'
mem[0xffffd2e2] = '\xe1'
mem[0xffffd2e3] = '\xf7'
mem[0xffffd2e4] = '\x01'
mem[0xf7fe4c87] = 'S'
mem[0xffffd2dc] = '\x00'
mem[0xffffd2dd] = '\xd0'
mem[0xffffd2de] = '\xff'
mem[0xffffd2df] = '\xf7'
cpu.EIP = 0xf7fe4c87
cpu.EBP = 0xf7fdab18
cpu.EBX = 0xf7ffd000
cpu.ESP = 0xffffd2e0
cpu.execute()
self.assertEqual(mem[0xffffd2e0], '\x88')
self.assertEqual(mem[0xffffd2e1], 'v')
self.assertEqual(mem[0xffffd2e2], '\xe1')
self.assertEqual(mem[0xffffd2e3], '\xf7')
self.assertEqual(mem[0xffffd2e4], '\x01')
self.assertEqual(mem[0xf7fe4c87], 'S')
self.assertEqual(mem[0xffffd2dc], '\x00')
self.assertEqual(mem[0xffffd2dd], '\xd0')
self.assertEqual(mem[0xffffd2de], '\xff')
self.assertEqual(mem[0xffffd2df], '\xf7')
self.assertEqual(cpu.EIP, 4160638088)
self.assertEqual(cpu.EBP, 4160596760)
self.assertEqual(cpu.EBX, 4160737280)
self.assertEqual(cpu.ESP, 4294955740)
def test_PUSH_12(self):
''' Instruction PUSH_12
Groups: not64bitmode
0xf7fe4e15: push ebx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd370] = '\xb4'
mem[0xffffd371] = '\xd4'
mem[0xffffd372] = '\xff'
mem[0xffffd373] = '\xff'
mem[0xffffd374] = '\x10'
mem[0xf7fe4e15] = 'S'
mem[0xffffd36c] = '\xf5'
mem[0xffffd36d] = '\x8a'
mem[0xffffd36e] = '\xfe'
mem[0xffffd36f] = '\xf7'
cpu.EIP = 0xf7fe4e15
cpu.EBP = 0xffffd438
cpu.EBX = 0xf7ffd000
cpu.ESP = 0xffffd370
cpu.execute()
self.assertEqual(mem[0xffffd370], '\xb4')
self.assertEqual(mem[0xffffd371], '\xd4')
self.assertEqual(mem[0xffffd372], '\xff')
self.assertEqual(mem[0xffffd373], '\xff')
self.assertEqual(mem[0xffffd374], '\x10')
self.assertEqual(mem[0xf7fe4e15], 'S')
self.assertEqual(mem[0xffffd36c], '\x00')
self.assertEqual(mem[0xffffd36d], '\xd0')
self.assertEqual(mem[0xffffd36e], '\xff')
self.assertEqual(mem[0xffffd36f], '\xf7')
self.assertEqual(cpu.EIP, 4160638486)
self.assertEqual(cpu.EBP, 4294956088)
self.assertEqual(cpu.EBX, 4160737280)
self.assertEqual(cpu.ESP, 4294955884)
def test_PUSH_13(self):
''' Instruction PUSH_13
Groups: not64bitmode
0xf7fe5670: push ebp
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd440] = '\x10'
mem[0xf7fe5670] = 'U'
mem[0xffffd438] = '\xf8'
mem[0xffffd439] = '\xd4'
mem[0xffffd43a] = '\xff'
mem[0xffffd43b] = '\xff'
mem[0xffffd43c] = '\xf8'
mem[0xffffd43d] = 'r'
mem[0xffffd43e] = '\xfe'
mem[0xffffd43f] = '\xf7'
cpu.EIP = 0xf7fe5670
cpu.EBP = 0xffffd4f8
cpu.ESP = 0xffffd43c
cpu.execute()
self.assertEqual(mem[0xffffd440], '\x10')
self.assertEqual(mem[0xf7fe5670], 'U')
self.assertEqual(mem[0xffffd438], '\xf8')
self.assertEqual(mem[0xffffd439], '\xd4')
self.assertEqual(mem[0xffffd43a], '\xff')
self.assertEqual(mem[0xffffd43b], '\xff')
self.assertEqual(mem[0xffffd43c], '\xf8')
self.assertEqual(mem[0xffffd43d], 'r')
self.assertEqual(mem[0xffffd43e], '\xfe')
self.assertEqual(mem[0xffffd43f], '\xf7')
self.assertEqual(cpu.EIP, 4160640625)
self.assertEqual(cpu.EBP, 4294956280)
self.assertEqual(cpu.ESP, 4294956088)
def test_PUSH_14(self):
''' Instruction PUSH_14
Groups: not64bitmode
0xf7fe5670: push ebp
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd440] = '\x10'
mem[0xf7fe5670] = 'U'
mem[0xffffd438] = '\xf8'
mem[0xffffd439] = '\xd4'
mem[0xffffd43a] = '\xff'
mem[0xffffd43b] = '\xff'
mem[0xffffd43c] = '\xf8'
mem[0xffffd43d] = 'r'
mem[0xffffd43e] = '\xfe'
mem[0xffffd43f] = '\xf7'
cpu.EIP = 0xf7fe5670
cpu.EBP = 0xffffd4f8
cpu.ESP = 0xffffd43c
cpu.execute()
self.assertEqual(mem[0xffffd440], '\x10')
self.assertEqual(mem[0xf7fe5670], 'U')
self.assertEqual(mem[0xffffd438], '\xf8')
self.assertEqual(mem[0xffffd439], '\xd4')
self.assertEqual(mem[0xffffd43a], '\xff')
self.assertEqual(mem[0xffffd43b], '\xff')
self.assertEqual(mem[0xffffd43c], '\xf8')
self.assertEqual(mem[0xffffd43d], 'r')
self.assertEqual(mem[0xffffd43e], '\xfe')
self.assertEqual(mem[0xffffd43f], '\xf7')
self.assertEqual(cpu.EIP, 4160640625)
self.assertEqual(cpu.EBP, 4294956280)
self.assertEqual(cpu.ESP, 4294956088)
def test_PUSH_15(self):
''' Instruction PUSH_15
Groups: not64bitmode
0xf7fe4c84: push esi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd2e0] = '\xa4'
mem[0xffffd2e1] = '\x81'
mem[0xffffd2e2] = '\x04'
mem[0xffffd2e3] = '\x08'
mem[0xf7fe4c84] = 'V'
mem[0xffffd2e5] = '\x00'
mem[0xffffd2e6] = '\x00'
mem[0xffffd2e7] = '\x00'
mem[0xffffd2e8] = '\x18'
mem[0xffffd2e4] = '\x01'
cpu.EIP = 0xf7fe4c84
cpu.EBP = 0xf7fdab18
cpu.ESI = 0xf7e17d20
cpu.ESP = 0xffffd2e4
cpu.execute()
self.assertEqual(mem[0xffffd2e0], ' ')
self.assertEqual(mem[0xffffd2e1], '}')
self.assertEqual(mem[0xffffd2e2], '\xe1')
self.assertEqual(mem[0xffffd2e3], '\xf7')
self.assertEqual(mem[0xf7fe4c84], 'V')
self.assertEqual(mem[0xffffd2e5], '\x00')
self.assertEqual(mem[0xffffd2e6], '\x00')
self.assertEqual(mem[0xffffd2e7], '\x00')
self.assertEqual(mem[0xffffd2e8], '\x18')
self.assertEqual(mem[0xffffd2e4], '\x01')
self.assertEqual(cpu.EIP, 4160638085)
self.assertEqual(cpu.EBP, 4160596760)
self.assertEqual(cpu.ESI, 4158749984)
self.assertEqual(cpu.ESP, 4294955744)
def test_PUSH_16(self):
''' Instruction PUSH_16
Groups: not64bitmode
0xf7fe4c81: push edi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe4c81] = 'W'
mem[0xffffd2e4] = '\x01'
mem[0xffffd2e5] = '\x00'
mem[0xffffd2e6] = '\x00'
mem[0xffffd2e7] = '\x00'
mem[0xffffd2e8] = '\x18'
mem[0xffffd2e9] = '\xab'
mem[0xffffd2ea] = '\xfd'
mem[0xffffd2eb] = '\xf7'
mem[0xffffd2ec] = '\xf4'
cpu.EIP = 0xf7fe4c81
cpu.EDI = 0x1
cpu.EBP = 0xf7fdab18
cpu.ESP = 0xffffd2e8
cpu.execute()
self.assertEqual(mem[0xf7fe4c81], 'W')
self.assertEqual(mem[0xffffd2e4], '\x01')
self.assertEqual(mem[0xffffd2e5], '\x00')
self.assertEqual(mem[0xffffd2e6], '\x00')
self.assertEqual(mem[0xffffd2e7], '\x00')
self.assertEqual(mem[0xffffd2e8], '\x18')
self.assertEqual(mem[0xffffd2e9], '\xab')
self.assertEqual(mem[0xffffd2ea], '\xfd')
self.assertEqual(mem[0xffffd2eb], '\xf7')
self.assertEqual(mem[0xffffd2ec], '\xf4')
self.assertEqual(cpu.EIP, 4160638082)
self.assertEqual(cpu.EDI, 1)
self.assertEqual(cpu.EBP, 4160596760)
self.assertEqual(cpu.ESP, 4294955748)
def test_PUSH_17(self):
''' Instruction PUSH_17
Groups: not64bitmode
0x80482da: push edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd6a4] = '\xb0'
mem[0xffffd6a5] = '\xd6'
mem[0xffffd6a6] = '\xff'
mem[0xffffd6a7] = '\xff'
mem[0xffffd6a8] = '\xac'
mem[0xffffd6a9] = '\xd6'
mem[0xffffd6aa] = '\xff'
mem[0xffffd6ab] = '\xff'
mem[0xffffd6ac] = '\x1c'
mem[0x080482da] = 'R'
cpu.EIP = 0x80482da
cpu.EDX = 0xf7feb160
cpu.EBP = 0x0
cpu.ESP = 0xffffd6a8
cpu.execute()
self.assertEqual(mem[0xffffd6a4], '`')
self.assertEqual(mem[0xffffd6a5], '\xb1')
self.assertEqual(mem[0xffffd6a6], '\xfe')
self.assertEqual(mem[0xffffd6a7], '\xf7')
self.assertEqual(mem[0xffffd6a8], '\xac')
self.assertEqual(mem[0xffffd6a9], '\xd6')
self.assertEqual(mem[0xffffd6aa], '\xff')
self.assertEqual(mem[0xffffd6ab], '\xff')
self.assertEqual(mem[0xffffd6ac], '\x1c')
self.assertEqual(mem[0x80482da], 'R')
self.assertEqual(cpu.EIP, 134513371)
self.assertEqual(cpu.EDX, 4160663904)
self.assertEqual(cpu.EBP, 0)
self.assertEqual(cpu.ESP, 4294956708)
def test_PUSH_18(self):
''' Instruction PUSH_18
Groups: not64bitmode
0xf7fe4c84: push esi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd2e0] = '\xb8'
mem[0xffffd2e1] = 'j'
mem[0xffffd2e2] = '\xe1'
mem[0xffffd2e3] = '\xf7'
mem[0xf7fe4c84] = 'V'
mem[0xffffd2e5] = '\x00'
mem[0xffffd2e6] = '\x00'
mem[0xffffd2e7] = '\x00'
mem[0xffffd2e8] = '\x18'
mem[0xffffd2e4] = '\x01'
cpu.EIP = 0xf7fe4c84
cpu.EBP = 0xf7fdab18
cpu.ESI = 0xf7e16df0
cpu.ESP = 0xffffd2e4
cpu.execute()
self.assertEqual(mem[0xffffd2e0], '\xf0')
self.assertEqual(mem[0xffffd2e1], 'm')
self.assertEqual(mem[0xffffd2e2], '\xe1')
self.assertEqual(mem[0xffffd2e3], '\xf7')
self.assertEqual(mem[0xf7fe4c84], 'V')
self.assertEqual(mem[0xffffd2e5], '\x00')
self.assertEqual(mem[0xffffd2e6], '\x00')
self.assertEqual(mem[0xffffd2e7], '\x00')
self.assertEqual(mem[0xffffd2e8], '\x18')
self.assertEqual(mem[0xffffd2e4], '\x01')
self.assertEqual(cpu.EIP, 4160638085)
self.assertEqual(cpu.EBP, 4160596760)
self.assertEqual(cpu.ESI, 4158746096)
self.assertEqual(cpu.ESP, 4294955744)
def test_PUSH_19(self):
''' Instruction PUSH_19
Groups: not64bitmode
0xf7f00d11: push esi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7f00000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7f00d11] = 'V'
mem[0xffffd5f4] = '\x00'
mem[0xffffd5f5] = '\x00'
mem[0xffffd5f6] = '\x00'
mem[0xffffd5f7] = '\x00'
mem[0xffffd5f8] = '\xb4'
mem[0xffffd5f9] = '\xd6'
mem[0xffffd5fa] = '\xff'
mem[0xffffd5fb] = '\xff'
mem[0xffffd5fc] = '\xac'
cpu.EIP = 0xf7f00d11
cpu.EBP = 0xffffd6c4
cpu.ESI = 0x3
cpu.ESP = 0xffffd5f8
cpu.execute()
self.assertEqual(mem[0xf7f00d11], 'V')
self.assertEqual(mem[0xffffd5f4], '\x03')
self.assertEqual(mem[0xffffd5f5], '\x00')
self.assertEqual(mem[0xffffd5f6], '\x00')
self.assertEqual(mem[0xffffd5f7], '\x00')
self.assertEqual(mem[0xffffd5f8], '\xb4')
self.assertEqual(mem[0xffffd5f9], '\xd6')
self.assertEqual(mem[0xffffd5fa], '\xff')
self.assertEqual(mem[0xffffd5fb], '\xff')
self.assertEqual(mem[0xffffd5fc], '\xac')
self.assertEqual(cpu.EIP, 4159704338)
self.assertEqual(cpu.EBP, 4294956740)
self.assertEqual(cpu.ESI, 3)
self.assertEqual(cpu.ESP, 4294956532)
def test_PUSH_2(self):
''' Instruction PUSH_2
Groups: not64bitmode
0xf7fe5673: push edi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe5673] = 'W'
mem[0xffffd434] = '\x06'
mem[0xffffd435] = '\x00'
mem[0xffffd436] = '\x00'
mem[0xffffd437] = '\x00'
mem[0xffffd438] = '\xf8'
mem[0xffffd439] = '\xd4'
mem[0xffffd43a] = '\xff'
mem[0xffffd43b] = '\xff'
mem[0xffffd43c] = '\xf8'
cpu.EIP = 0xf7fe5673
cpu.EDI = 0x6
cpu.EBP = 0xffffd438
cpu.ESP = 0xffffd438
cpu.execute()
self.assertEqual(mem[0xf7fe5673], 'W')
self.assertEqual(mem[0xffffd434], '\x06')
self.assertEqual(mem[0xffffd435], '\x00')
self.assertEqual(mem[0xffffd436], '\x00')
self.assertEqual(mem[0xffffd437], '\x00')
self.assertEqual(mem[0xffffd438], '\xf8')
self.assertEqual(mem[0xffffd439], '\xd4')
self.assertEqual(mem[0xffffd43a], '\xff')
self.assertEqual(mem[0xffffd43b], '\xff')
self.assertEqual(mem[0xffffd43c], '\xf8')
self.assertEqual(cpu.EIP, 4160640628)
self.assertEqual(cpu.EDI, 6)
self.assertEqual(cpu.EBP, 4294956088)
self.assertEqual(cpu.ESP, 4294956084)
def test_PUSH_20(self):
''' Instruction PUSH_20
Groups: not64bitmode
0xf7fe4c81: push edi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe4c81] = 'W'
mem[0xffffd2e4] = '\x01'
mem[0xffffd2e5] = '\x00'
mem[0xffffd2e6] = '\x00'
mem[0xffffd2e7] = '\x00'
mem[0xffffd2e8] = '\x18'
mem[0xffffd2e9] = '\xab'
mem[0xffffd2ea] = '\xfd'
mem[0xffffd2eb] = '\xf7'
mem[0xffffd2ec] = '\xf4'
cpu.EIP = 0xf7fe4c81
cpu.EDI = 0x1
cpu.EBP = 0xf7fdab18
cpu.ESP = 0xffffd2e8
cpu.execute()
self.assertEqual(mem[0xf7fe4c81], 'W')
self.assertEqual(mem[0xffffd2e4], '\x01')
self.assertEqual(mem[0xffffd2e5], '\x00')
self.assertEqual(mem[0xffffd2e6], '\x00')
self.assertEqual(mem[0xffffd2e7], '\x00')
self.assertEqual(mem[0xffffd2e8], '\x18')
self.assertEqual(mem[0xffffd2e9], '\xab')
self.assertEqual(mem[0xffffd2ea], '\xfd')
self.assertEqual(mem[0xffffd2eb], '\xf7')
self.assertEqual(mem[0xffffd2ec], '\xf4')
self.assertEqual(cpu.EIP, 4160638082)
self.assertEqual(cpu.EDI, 1)
self.assertEqual(cpu.EBP, 4160596760)
self.assertEqual(cpu.ESP, 4294955748)
def test_PUSH_21(self):
''' Instruction PUSH_21
Groups: not64bitmode
0xf7fe4e15: push ebx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd370] = '\xb4'
mem[0xffffd371] = '\xd4'
mem[0xffffd372] = '\xff'
mem[0xffffd373] = '\xff'
mem[0xffffd374] = '\x10'
mem[0xf7fe4e15] = 'S'
mem[0xffffd36c] = '\x00'
mem[0xffffd36d] = '\xd0'
mem[0xffffd36e] = '\xff'
mem[0xffffd36f] = '\xf7'
cpu.EIP = 0xf7fe4e15
cpu.EBP = 0xffffd438
cpu.EBX = 0xf7ffd000
cpu.ESP = 0xffffd370
cpu.execute()
self.assertEqual(mem[0xffffd370], '\xb4')
self.assertEqual(mem[0xffffd371], '\xd4')
self.assertEqual(mem[0xffffd372], '\xff')
self.assertEqual(mem[0xffffd373], '\xff')
self.assertEqual(mem[0xffffd374], '\x10')
self.assertEqual(mem[0xf7fe4e15], 'S')
self.assertEqual(mem[0xffffd36c], '\x00')
self.assertEqual(mem[0xffffd36d], '\xd0')
self.assertEqual(mem[0xffffd36e], '\xff')
self.assertEqual(mem[0xffffd36f], '\xf7')
self.assertEqual(cpu.EIP, 4160638486)
self.assertEqual(cpu.EBP, 4294956088)
self.assertEqual(cpu.EBX, 4160737280)
self.assertEqual(cpu.ESP, 4294955884)
def test_PUSH_3(self):
''' Instruction PUSH_3
Groups: not64bitmode
0xf7fec093: push edi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fec093] = 'W'
mem[0xffffd484] = '\x00'
mem[0xffffd485] = '\x00'
mem[0xffffd486] = '\x00'
mem[0xffffd487] = '\x00'
mem[0xffffd488] = '\x00'
mem[0xffffd489] = '\x00'
mem[0xffffd48a] = '\x00'
mem[0xffffd48b] = '\x00'
mem[0xffffd48c] = '9'
cpu.EIP = 0xf7fec093
cpu.EDI = 0x0
cpu.EBP = 0xffffd488
cpu.ESP = 0xffffd488
cpu.execute()
self.assertEqual(mem[0xf7fec093], 'W')
self.assertEqual(mem[0xffffd484], '\x00')
self.assertEqual(mem[0xffffd485], '\x00')
self.assertEqual(mem[0xffffd486], '\x00')
self.assertEqual(mem[0xffffd487], '\x00')
self.assertEqual(mem[0xffffd488], '\x00')
self.assertEqual(mem[0xffffd489], '\x00')
self.assertEqual(mem[0xffffd48a], '\x00')
self.assertEqual(mem[0xffffd48b], '\x00')
self.assertEqual(mem[0xffffd48c], '9')
self.assertEqual(cpu.EIP, 4160667796)
self.assertEqual(cpu.EDI, 0)
self.assertEqual(cpu.EBP, 4294956168)
self.assertEqual(cpu.ESP, 4294956164)
def test_PUSH_4(self):
''' Instruction PUSH_4
Groups: not64bitmode
0xf7fe4e10: push ebp
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd380] = '\xe8'
mem[0xf7fe4e10] = 'U'
mem[0xffffd378] = '8'
mem[0xffffd379] = '\xd4'
mem[0xffffd37a] = '\xff'
mem[0xffffd37b] = '\xff'
mem[0xffffd37c] = 'z'
mem[0xffffd37d] = 'W'
mem[0xffffd37e] = '\xfe'
mem[0xffffd37f] = '\xf7'
cpu.EIP = 0xf7fe4e10
cpu.EBP = 0xffffd438
cpu.ESP = 0xffffd37c
cpu.execute()
self.assertEqual(mem[0xffffd380], '\xe8')
self.assertEqual(mem[0xf7fe4e10], 'U')
self.assertEqual(mem[0xffffd378], '8')
self.assertEqual(mem[0xffffd379], '\xd4')
self.assertEqual(mem[0xffffd37a], '\xff')
self.assertEqual(mem[0xffffd37b], '\xff')
self.assertEqual(mem[0xffffd37c], 'z')
self.assertEqual(mem[0xffffd37d], 'W')
self.assertEqual(mem[0xffffd37e], '\xfe')
self.assertEqual(mem[0xffffd37f], '\xf7')
self.assertEqual(cpu.EIP, 4160638481)
self.assertEqual(cpu.EBP, 4294956088)
self.assertEqual(cpu.ESP, 4294955896)
def test_PUSH_5(self):
''' Instruction PUSH_5
Groups: not64bitmode
0xf7fe5673: push edi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe5673] = 'W'
mem[0xffffd434] = '\x06'
mem[0xffffd435] = '\x00'
mem[0xffffd436] = '\x00'
mem[0xffffd437] = '\x00'
mem[0xffffd438] = '\xf8'
mem[0xffffd439] = '\xd4'
mem[0xffffd43a] = '\xff'
mem[0xffffd43b] = '\xff'
mem[0xffffd43c] = '\xf8'
cpu.EIP = 0xf7fe5673
cpu.EDI = 0x6
cpu.EBP = 0xffffd438
cpu.ESP = 0xffffd438
cpu.execute()
self.assertEqual(mem[0xf7fe5673], 'W')
self.assertEqual(mem[0xffffd434], '\x06')
self.assertEqual(mem[0xffffd435], '\x00')
self.assertEqual(mem[0xffffd436], '\x00')
self.assertEqual(mem[0xffffd437], '\x00')
self.assertEqual(mem[0xffffd438], '\xf8')
self.assertEqual(mem[0xffffd439], '\xd4')
self.assertEqual(mem[0xffffd43a], '\xff')
self.assertEqual(mem[0xffffd43b], '\xff')
self.assertEqual(mem[0xffffd43c], '\xf8')
self.assertEqual(cpu.EIP, 4160640628)
self.assertEqual(cpu.EDI, 6)
self.assertEqual(cpu.EBP, 4294956088)
self.assertEqual(cpu.ESP, 4294956084)
def test_PUSH_6(self):
''' Instruction PUSH_6
Groups: not64bitmode
0xf7febbf3: push esi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7feb000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7febbf3] = 'V'
mem[0xffffd3f4] = '\x03'
mem[0xffffd3f5] = '\x00'
mem[0xffffd3f6] = '\x00'
mem[0xffffd3f7] = '\x00'
mem[0xffffd3f8] = 'I'
mem[0xffffd3f9] = '\x80'
mem[0xffffd3fa] = '\xe2'
mem[0xffffd3fb] = '\xf7'
mem[0xffffd3fc] = 'L'
cpu.EIP = 0xf7febbf3
cpu.EBP = 0xffffd488
cpu.ESI = 0xf7ffd938
cpu.ESP = 0xffffd3f8
cpu.execute()
self.assertEqual(mem[0xf7febbf3], 'V')
self.assertEqual(mem[0xffffd3f4], '8')
self.assertEqual(mem[0xffffd3f5], '\xd9')
self.assertEqual(mem[0xffffd3f6], '\xff')
self.assertEqual(mem[0xffffd3f7], '\xf7')
self.assertEqual(mem[0xffffd3f8], 'I')
self.assertEqual(mem[0xffffd3f9], '\x80')
self.assertEqual(mem[0xffffd3fa], '\xe2')
self.assertEqual(mem[0xffffd3fb], '\xf7')
self.assertEqual(mem[0xffffd3fc], 'L')
self.assertEqual(cpu.EIP, 4160666612)
self.assertEqual(cpu.EBP, 4294956168)
self.assertEqual(cpu.ESI, 4160739640)
self.assertEqual(cpu.ESP, 4294956020)
def test_PUSH_7(self):
''' Instruction PUSH_7
Groups: not64bitmode
0xf7fe6b50: push ebp
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd440] = '\xf0'
mem[0xf7fe6b50] = 'U'
mem[0xffffd438] = '\xf8'
mem[0xffffd439] = '\xd4'
mem[0xffffd43a] = '\xff'
mem[0xffffd43b] = '\xff'
mem[0xffffd43c] = '\xab'
mem[0xffffd43d] = 'p'
mem[0xffffd43e] = '\xfe'
mem[0xffffd43f] = '\xf7'
cpu.EIP = 0xf7fe6b50
cpu.EBP = 0xffffd4f8
cpu.ESP = 0xffffd43c
cpu.execute()
self.assertEqual(mem[0xffffd440], '\xf0')
self.assertEqual(mem[0xf7fe6b50], 'U')
self.assertEqual(mem[0xffffd438], '\xf8')
self.assertEqual(mem[0xffffd439], '\xd4')
self.assertEqual(mem[0xffffd43a], '\xff')
self.assertEqual(mem[0xffffd43b], '\xff')
self.assertEqual(mem[0xffffd43c], '\xab')
self.assertEqual(mem[0xffffd43d], 'p')
self.assertEqual(mem[0xffffd43e], '\xfe')
self.assertEqual(mem[0xffffd43f], '\xf7')
self.assertEqual(cpu.EIP, 4160645969)
self.assertEqual(cpu.EBP, 4294956280)
self.assertEqual(cpu.ESP, 4294956088)
def test_PUSH_8(self):
''' Instruction PUSH_8
Groups: not64bitmode
0xf7ff41a0: push ebx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7ff41a0] = 'S'
mem[0xffffd040] = '\xf0'
mem[0xffffd038] = '\x00'
mem[0xffffd039] = '\xd0'
mem[0xffffd03a] = '\xff'
mem[0xffffd03b] = '\xf7'
mem[0xffffd03c] = '\x94'
mem[0xffffd03d] = '\x12'
mem[0xffffd03e] = '\xfe'
mem[0xffffd03f] = '\xf7'
cpu.EIP = 0xf7ff41a0
cpu.EBP = 0xffffd088
cpu.EBX = 0xf7ffd000
cpu.ESP = 0xffffd03c
cpu.execute()
self.assertEqual(mem[0xf7ff41a0], 'S')
self.assertEqual(mem[0xffffd040], '\xf0')
self.assertEqual(mem[0xffffd038], '\x00')
self.assertEqual(mem[0xffffd039], '\xd0')
self.assertEqual(mem[0xffffd03a], '\xff')
self.assertEqual(mem[0xffffd03b], '\xf7')
self.assertEqual(mem[0xffffd03c], '\x94')
self.assertEqual(mem[0xffffd03d], '\x12')
self.assertEqual(mem[0xffffd03e], '\xfe')
self.assertEqual(mem[0xffffd03f], '\xf7')
self.assertEqual(cpu.EIP, 4160700833)
self.assertEqual(cpu.EBP, 4294955144)
self.assertEqual(cpu.EBX, 4160737280)
self.assertEqual(cpu.ESP, 4294955064)
def test_PUSH_9(self):
''' Instruction PUSH_9
Groups: not64bitmode
0xf7fe4e15: push ebx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd370] = '\xb4'
mem[0xffffd371] = '\xd4'
mem[0xffffd372] = '\xff'
mem[0xffffd373] = '\xff'
mem[0xffffd374] = '\x10'
mem[0xf7fe4e15] = 'S'
mem[0xffffd36c] = '\x00'
mem[0xffffd36d] = '\xd0'
mem[0xffffd36e] = '\xff'
mem[0xffffd36f] = '\xf7'
cpu.EIP = 0xf7fe4e15
cpu.EBP = 0xffffd438
cpu.EBX = 0xf7ffd000
cpu.ESP = 0xffffd370
cpu.execute()
self.assertEqual(mem[0xffffd370], '\xb4')
self.assertEqual(mem[0xffffd371], '\xd4')
self.assertEqual(mem[0xffffd372], '\xff')
self.assertEqual(mem[0xffffd373], '\xff')
self.assertEqual(mem[0xffffd374], '\x10')
self.assertEqual(mem[0xf7fe4e15], 'S')
self.assertEqual(mem[0xffffd36c], '\x00')
self.assertEqual(mem[0xffffd36d], '\xd0')
self.assertEqual(mem[0xffffd36e], '\xff')
self.assertEqual(mem[0xffffd36f], '\xf7')
self.assertEqual(cpu.EIP, 4160638486)
self.assertEqual(cpu.EBP, 4294956088)
self.assertEqual(cpu.EBX, 4160737280)
self.assertEqual(cpu.ESP, 4294955884)
def test_PXOR_1(self):
''' Instruction PXOR_1
Groups: sse2
0x8059a6a: pxor xmm0, xmmword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\xec'
mem[0xffffb601] = '\x03'
mem[0xffffb602] = '\x03'
mem[0xffffb603] = 'x'
mem[0xffffb604] = '\x00'
mem[0xffffb605] = '\x00'
mem[0xffffb606] = '\x00'
mem[0xffffb607] = '\x00'
mem[0xffffb608] = '\x00'
mem[0xffffb609] = '\x00'
mem[0x08059a6a] = 'f'
mem[0x08059a6b] = '\x0f'
mem[0x08059a6c] = '\xef'
mem[0x08059a6d] = 'E'
mem[0x08059a6e] = '\x00'
mem[0xffffb60d] = '\x00'
mem[0xffffb60e] = '\x00'
mem[0xffffb60b] = '\x00'
mem[0xffffb60f] = '\x00'
mem[0xffffb60a] = '\x00'
mem[0xffffb60c] = '\x00'
cpu.EIP = 0x8059a6a
cpu.XMM0 = 0x1e00
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\xec')
self.assertEqual(mem[0xffffb601], '\x03')
self.assertEqual(mem[0xffffb602], '\x03')
self.assertEqual(mem[0xffffb603], 'x')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\x00')
self.assertEqual(mem[0xffffb606], '\x00')
self.assertEqual(mem[0xffffb607], '\x00')
self.assertEqual(mem[0xffffb608], '\x00')
self.assertEqual(mem[0xffffb609], '\x00')
self.assertEqual(mem[0xffffb60a], '\x00')
self.assertEqual(mem[0xffffb60b], '\x00')
self.assertEqual(mem[0xffffb60c], '\x00')
self.assertEqual(mem[0xffffb60d], '\x00')
self.assertEqual(mem[0xffffb60e], '\x00')
self.assertEqual(mem[0xffffb60f], '\x00')
self.assertEqual(mem[0x8059a6c], '\xef')
self.assertEqual(mem[0x8059a6e], '\x00')
self.assertEqual(mem[0x8059a6b], '\x0f')
self.assertEqual(mem[0x8059a6a], 'f')
self.assertEqual(mem[0x8059a6d], 'E')
self.assertEqual(cpu.EIP, 134584943)
self.assertEqual(cpu.XMM0, 2013470188)
self.assertEqual(cpu.EBP, 4294948352)
def test_PXOR_2(self):
''' Instruction PXOR_2
Groups: sse2
0x8059a66: pxor xmm0, xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x08059a68] = '\xef'
mem[0x08059a69] = '\xc1'
mem[0x08059a66] = 'f'
mem[0x08059a67] = '\x0f'
cpu.EIP = 0x8059a66
cpu.XMM0 = 0x1e00
cpu.XMM1 = 0x0
cpu.execute()
self.assertEqual(mem[0x8059a68], '\xef')
self.assertEqual(mem[0x8059a69], '\xc1')
self.assertEqual(mem[0x8059a66], 'f')
self.assertEqual(mem[0x8059a67], '\x0f')
self.assertEqual(cpu.EIP, 134584938)
self.assertEqual(cpu.XMM0, 7680)
self.assertEqual(cpu.XMM1, 0)
def test_RET_1(self):
''' Instruction RET_1
Groups: ret, not64bitmode
0xf7ff4256: ret
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd2f0] = '\xc4'
mem[0xf7ff4256] = '\xc3'
mem[0xffffd2e8] = '\x00'
mem[0xffffd2e9] = '\xd0'
mem[0xffffd2ea] = '\xff'
mem[0xffffd2eb] = '\xf7'
mem[0xffffd2ec] = '\x86'
mem[0xffffd2ed] = '\x13'
mem[0xffffd2ee] = '\xff'
mem[0xffffd2ef] = '\xf7'
cpu.EIP = 0xf7ff4256
cpu.EBP = 0xf7fdb1c4
cpu.ESP = 0xffffd2ec
cpu.execute()
self.assertEqual(mem[0xffffd2f0], '\xc4')
self.assertEqual(mem[0xf7ff4256], '\xc3')
self.assertEqual(mem[0xffffd2e8], '\x00')
self.assertEqual(mem[0xffffd2e9], '\xd0')
self.assertEqual(mem[0xffffd2ea], '\xff')
self.assertEqual(mem[0xffffd2eb], '\xf7')
self.assertEqual(mem[0xffffd2ec], '\x86')
self.assertEqual(mem[0xffffd2ed], '\x13')
self.assertEqual(mem[0xffffd2ee], '\xff')
self.assertEqual(mem[0xffffd2ef], '\xf7')
self.assertEqual(cpu.EIP, 4160689030)
self.assertEqual(cpu.EBP, 4160598468)
self.assertEqual(cpu.ESP, 4294955760)
def test_RET_10(self):
''' Instruction RET_10
Groups: ret, not64bitmode
0xf7fe57ef: ret 0x14
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd440] = '\x10'
mem[0xf7fe57ef] = '\xc2'
mem[0xf7fe57f0] = '\x14'
mem[0xf7fe57f1] = '\x00'
mem[0xffffd438] = '\xf8'
mem[0xffffd439] = '\xd4'
mem[0xffffd43a] = '\xff'
mem[0xffffd43b] = '\xff'
mem[0xffffd43c] = '\xf8'
mem[0xffffd43d] = 'r'
mem[0xffffd43e] = '\xfe'
mem[0xffffd43f] = '\xf7'
cpu.EIP = 0xf7fe57ef
cpu.EBP = 0xffffd4f8
cpu.ESP = 0xffffd43c
cpu.execute()
self.assertEqual(mem[0xffffd440], '\x10')
self.assertEqual(mem[0xf7fe57ef], '\xc2')
self.assertEqual(mem[0xf7fe57f0], '\x14')
self.assertEqual(mem[0xf7fe57f1], '\x00')
self.assertEqual(mem[0xffffd438], '\xf8')
self.assertEqual(mem[0xffffd439], '\xd4')
self.assertEqual(mem[0xffffd43a], '\xff')
self.assertEqual(mem[0xffffd43b], '\xff')
self.assertEqual(mem[0xffffd43c], '\xf8')
self.assertEqual(mem[0xffffd43d], 'r')
self.assertEqual(mem[0xffffd43e], '\xfe')
self.assertEqual(mem[0xffffd43f], '\xf7')
self.assertEqual(cpu.EIP, 4160647928)
self.assertEqual(cpu.EBP, 4294956280)
self.assertEqual(cpu.ESP, 4294956116)
def test_RET_11(self):
''' Instruction RET_11
Groups: ret, not64bitmode
0xf7ff476b: ret
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd2b0] = 'a'
mem[0xf7ff476b] = '\xc3'
mem[0xffffd2a8] = '\xc0'
mem[0xffffd2a9] = '\xd4'
mem[0xffffd2aa] = '\xff'
mem[0xffffd2ab] = '\xff'
mem[0xffffd2ac] = '\x97'
mem[0xffffd2ad] = 'L'
mem[0xffffd2ae] = '\xfe'
mem[0xffffd2af] = '\xf7'
cpu.EIP = 0xf7ff476b
cpu.EBP = 0xf7fdab18
cpu.ESP = 0xffffd2ac
cpu.execute()
self.assertEqual(mem[0xffffd2b0], 'a')
self.assertEqual(mem[0xffffd2ab], '\xff')
self.assertEqual(mem[0xffffd2a8], '\xc0')
self.assertEqual(mem[0xffffd2a9], '\xd4')
self.assertEqual(mem[0xffffd2aa], '\xff')
self.assertEqual(mem[0xf7ff476b], '\xc3')
self.assertEqual(mem[0xffffd2ac], '\x97')
self.assertEqual(mem[0xffffd2ad], 'L')
self.assertEqual(mem[0xffffd2ae], '\xfe')
self.assertEqual(mem[0xffffd2af], '\xf7')
self.assertEqual(cpu.EIP, 4160638103)
self.assertEqual(cpu.EBP, 4160596760)
self.assertEqual(cpu.ESP, 4294955696)
def test_RET_12(self):
''' Instruction RET_12
Groups: ret, not64bitmode
0xf7fe4fe5: ret
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd380] = '\xe8'
mem[0xf7fe4fe5] = '\xc3'
mem[0xffffd378] = '8'
mem[0xffffd379] = '\xd4'
mem[0xffffd37a] = '\xff'
mem[0xffffd37b] = '\xff'
mem[0xffffd37c] = 'z'
mem[0xffffd37d] = 'W'
mem[0xffffd37e] = '\xfe'
mem[0xffffd37f] = '\xf7'
cpu.EIP = 0xf7fe4fe5
cpu.EBP = 0xffffd438
cpu.ESP = 0xffffd37c
cpu.execute()
self.assertEqual(mem[0xffffd380], '\xe8')
self.assertEqual(mem[0xf7fe4fe5], '\xc3')
self.assertEqual(mem[0xffffd378], '8')
self.assertEqual(mem[0xffffd379], '\xd4')
self.assertEqual(mem[0xffffd37a], '\xff')
self.assertEqual(mem[0xffffd37b], '\xff')
self.assertEqual(mem[0xffffd37c], 'z')
self.assertEqual(mem[0xffffd37d], 'W')
self.assertEqual(mem[0xffffd37e], '\xfe')
self.assertEqual(mem[0xffffd37f], '\xf7')
self.assertEqual(cpu.EIP, 4160640890)
self.assertEqual(cpu.EBP, 4294956088)
self.assertEqual(cpu.ESP, 4294955904)
def test_RET_13(self):
''' Instruction RET_13
Groups: ret, not64bitmode
0xf7fdcf15: ret
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fdc000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd500] = '\x00'
mem[0xf7fdcf15] = '\xc3'
mem[0xffffd4f8] = '\x18'
mem[0xffffd4f9] = '\xab'
mem[0xffffd4fa] = '\xfd'
mem[0xffffd4fb] = '\xf7'
mem[0xffffd4fc] = '9'
mem[0xffffd4fd] = '\xf1'
mem[0xffffd4fe] = '\xfd'
mem[0xffffd4ff] = '\xf7'
cpu.EIP = 0xf7fdcf15
cpu.EBP = 0xffffd5c8
cpu.ESP = 0xffffd4fc
cpu.execute()
self.assertEqual(mem[0xffffd500], '\x00')
self.assertEqual(mem[0xf7fdcf15], '\xc3')
self.assertEqual(mem[0xffffd4f8], '\x18')
self.assertEqual(mem[0xffffd4f9], '\xab')
self.assertEqual(mem[0xffffd4fa], '\xfd')
self.assertEqual(mem[0xffffd4fb], '\xf7')
self.assertEqual(mem[0xffffd4fc], '9')
self.assertEqual(mem[0xffffd4fd], '\xf1')
self.assertEqual(mem[0xffffd4fe], '\xfd')
self.assertEqual(mem[0xffffd4ff], '\xf7')
self.assertEqual(cpu.EIP, 4160614713)
self.assertEqual(cpu.EBP, 4294956488)
self.assertEqual(cpu.ESP, 4294956288)
def test_RET_14(self):
''' Instruction RET_14
Groups: ret, not64bitmode
0xf7ff476b: ret
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd380] = '\xe8'
mem[0xffffd37b] = '\xff'
mem[0xffffd378] = '8'
mem[0xffffd379] = '\xd4'
mem[0xffffd37a] = '\xff'
mem[0xf7ff476b] = '\xc3'
mem[0xffffd37c] = '\x91'
mem[0xffffd37d] = 'V'
mem[0xffffd37e] = '\xfe'
mem[0xffffd37f] = '\xf7'
cpu.EIP = 0xf7ff476b
cpu.EBP = 0xffffd438
cpu.ESP = 0xffffd37c
cpu.execute()
self.assertEqual(mem[0xffffd380], '\xe8')
self.assertEqual(mem[0xffffd37b], '\xff')
self.assertEqual(mem[0xffffd378], '8')
self.assertEqual(mem[0xffffd379], '\xd4')
self.assertEqual(mem[0xffffd37a], '\xff')
self.assertEqual(mem[0xf7ff476b], '\xc3')
self.assertEqual(mem[0xffffd37c], '\x91')
self.assertEqual(mem[0xffffd37d], 'V')
self.assertEqual(mem[0xffffd37e], '\xfe')
self.assertEqual(mem[0xffffd37f], '\xf7')
self.assertEqual(cpu.EIP, 4160640657)
self.assertEqual(cpu.EBP, 4294956088)
self.assertEqual(cpu.ESP, 4294955904)
def test_RET_15(self):
''' Instruction RET_15
Groups: ret, not64bitmode
0xf7fe4fe5: ret
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd380] = '\xe8'
mem[0xf7fe4fe5] = '\xc3'
mem[0xffffd378] = '8'
mem[0xffffd379] = '\xd4'
mem[0xffffd37a] = '\xff'
mem[0xffffd37b] = '\xff'
mem[0xffffd37c] = 'z'
mem[0xffffd37d] = 'W'
mem[0xffffd37e] = '\xfe'
mem[0xffffd37f] = '\xf7'
cpu.EIP = 0xf7fe4fe5
cpu.EBP = 0xffffd438
cpu.ESP = 0xffffd37c
cpu.execute()
self.assertEqual(mem[0xffffd380], '\xe8')
self.assertEqual(mem[0xf7fe4fe5], '\xc3')
self.assertEqual(mem[0xffffd378], '8')
self.assertEqual(mem[0xffffd379], '\xd4')
self.assertEqual(mem[0xffffd37a], '\xff')
self.assertEqual(mem[0xffffd37b], '\xff')
self.assertEqual(mem[0xffffd37c], 'z')
self.assertEqual(mem[0xffffd37d], 'W')
self.assertEqual(mem[0xffffd37e], '\xfe')
self.assertEqual(mem[0xffffd37f], '\xf7')
self.assertEqual(cpu.EIP, 4160640890)
self.assertEqual(cpu.EBP, 4294956088)
self.assertEqual(cpu.ESP, 4294955904)
def test_RET_16(self):
''' Instruction RET_16
Groups: ret, not64bitmode
0xf7fe57ef: ret 0x14
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd440] = '\x10'
mem[0xf7fe57ef] = '\xc2'
mem[0xf7fe57f0] = '\x14'
mem[0xf7fe57f1] = '\x00'
mem[0xffffd438] = '\xf8'
mem[0xffffd439] = '\xd4'
mem[0xffffd43a] = '\xff'
mem[0xffffd43b] = '\xff'
mem[0xffffd43c] = '\xf8'
mem[0xffffd43d] = 'r'
mem[0xffffd43e] = '\xfe'
mem[0xffffd43f] = '\xf7'
cpu.EIP = 0xf7fe57ef
cpu.EBP = 0xffffd4f8
cpu.ESP = 0xffffd43c
cpu.execute()
self.assertEqual(mem[0xffffd440], '\x10')
self.assertEqual(mem[0xf7fe57ef], '\xc2')
self.assertEqual(mem[0xf7fe57f0], '\x14')
self.assertEqual(mem[0xf7fe57f1], '\x00')
self.assertEqual(mem[0xffffd438], '\xf8')
self.assertEqual(mem[0xffffd439], '\xd4')
self.assertEqual(mem[0xffffd43a], '\xff')
self.assertEqual(mem[0xffffd43b], '\xff')
self.assertEqual(mem[0xffffd43c], '\xf8')
self.assertEqual(mem[0xffffd43d], 'r')
self.assertEqual(mem[0xffffd43e], '\xfe')
self.assertEqual(mem[0xffffd43f], '\xf7')
self.assertEqual(cpu.EIP, 4160647928)
self.assertEqual(cpu.EBP, 4294956280)
self.assertEqual(cpu.ESP, 4294956116)
def test_RET_17(self):
''' Instruction RET_17
Groups: ret, not64bitmode
0xf7fe4d3a: ret
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd2f0] = '\xc4'
mem[0xf7fe4d3a] = '\xc3'
mem[0xffffd2e8] = '\x18'
mem[0xffffd2e9] = '\xab'
mem[0xffffd2ea] = '\xfd'
mem[0xffffd2eb] = '\xf7'
mem[0xffffd2ec] = '\xf4'
mem[0xffffd2ed] = 'T'
mem[0xffffd2ee] = '\xfe'
mem[0xffffd2ef] = '\xf7'
cpu.EIP = 0xf7fe4d3a
cpu.EBP = 0xf7fdab18
cpu.ESP = 0xffffd2ec
cpu.execute()
self.assertEqual(mem[0xffffd2f0], '\xc4')
self.assertEqual(mem[0xf7fe4d3a], '\xc3')
self.assertEqual(mem[0xffffd2e8], '\x18')
self.assertEqual(mem[0xffffd2e9], '\xab')
self.assertEqual(mem[0xffffd2ea], '\xfd')
self.assertEqual(mem[0xffffd2eb], '\xf7')
self.assertEqual(mem[0xffffd2ec], '\xf4')
self.assertEqual(mem[0xffffd2ed], 'T')
self.assertEqual(mem[0xffffd2ee], '\xfe')
self.assertEqual(mem[0xffffd2ef], '\xf7')
self.assertEqual(cpu.EIP, 4160640244)
self.assertEqual(cpu.EBP, 4160596760)
self.assertEqual(cpu.ESP, 4294955760)
def test_RET_18(self):
''' Instruction RET_18
Groups: ret, not64bitmode
0xf7fe4fe5: ret
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd380] = '\xe8'
mem[0xf7fe4fe5] = '\xc3'
mem[0xffffd378] = '8'
mem[0xffffd379] = '\xd4'
mem[0xffffd37a] = '\xff'
mem[0xffffd37b] = '\xff'
mem[0xffffd37c] = 'z'
mem[0xffffd37d] = 'W'
mem[0xffffd37e] = '\xfe'
mem[0xffffd37f] = '\xf7'
cpu.EIP = 0xf7fe4fe5
cpu.EBP = 0xffffd438
cpu.ESP = 0xffffd37c
cpu.execute()
self.assertEqual(mem[0xffffd380], '\xe8')
self.assertEqual(mem[0xf7fe4fe5], '\xc3')
self.assertEqual(mem[0xffffd378], '8')
self.assertEqual(mem[0xffffd379], '\xd4')
self.assertEqual(mem[0xffffd37a], '\xff')
self.assertEqual(mem[0xffffd37b], '\xff')
self.assertEqual(mem[0xffffd37c], 'z')
self.assertEqual(mem[0xffffd37d], 'W')
self.assertEqual(mem[0xffffd37e], '\xfe')
self.assertEqual(mem[0xffffd37f], '\xf7')
self.assertEqual(cpu.EIP, 4160640890)
self.assertEqual(cpu.EBP, 4294956088)
self.assertEqual(cpu.ESP, 4294955904)
def test_RET_19(self):
''' Instruction RET_19
Groups: ret, not64bitmode
0xf7ff39cc: ret
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd420] = '\x00'
mem[0xffffd41e] = '\xfe'
mem[0xffffd418] = '\x00'
mem[0xffffd419] = '\xd0'
mem[0xffffd41a] = '\xff'
mem[0xffffd41b] = '\xf7'
mem[0xf7ff39cc] = '\xc3'
mem[0xffffd41d] = 'k'
mem[0xffffd41c] = '\x9b'
mem[0xffffd41f] = '\xf7'
cpu.EIP = 0xf7ff39cc
cpu.EBP = 0xffffd438
cpu.ESP = 0xffffd41c
cpu.execute()
self.assertEqual(mem[0xffffd420], '\x00')
self.assertEqual(mem[0xffffd41e], '\xfe')
self.assertEqual(mem[0xffffd418], '\x00')
self.assertEqual(mem[0xffffd419], '\xd0')
self.assertEqual(mem[0xffffd41a], '\xff')
self.assertEqual(mem[0xffffd41b], '\xf7')
self.assertEqual(mem[0xf7ff39cc], '\xc3')
self.assertEqual(mem[0xffffd41d], 'k')
self.assertEqual(mem[0xffffd41c], '\x9b')
self.assertEqual(mem[0xffffd41f], '\xf7')
self.assertEqual(cpu.EIP, 4160646043)
self.assertEqual(cpu.EBP, 4294956088)
self.assertEqual(cpu.ESP, 4294956064)
def test_RET_2(self):
''' Instruction RET_2
Groups: ret, not64bitmode
0xf7ff3e76: ret
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd2b0] = '\x99'
mem[0xf7ff3e76] = '\xc3'
mem[0xffffd2a8] = '\xc0'
mem[0xffffd2a9] = '\xd4'
mem[0xffffd2aa] = '\xff'
mem[0xffffd2ab] = '\xff'
mem[0xffffd2ac] = '\x9d'
mem[0xffffd2ad] = 'M'
mem[0xffffd2ae] = '\xfe'
mem[0xffffd2af] = '\xf7'
cpu.EIP = 0xf7ff3e76
cpu.EBP = 0xf7fdabf8
cpu.ESP = 0xffffd2ac
cpu.execute()
self.assertEqual(mem[0xffffd2b0], '\x99')
self.assertEqual(mem[0xf7ff3e76], '\xc3')
self.assertEqual(mem[0xffffd2a8], '\xc0')
self.assertEqual(mem[0xffffd2a9], '\xd4')
self.assertEqual(mem[0xffffd2aa], '\xff')
self.assertEqual(mem[0xffffd2ab], '\xff')
self.assertEqual(mem[0xffffd2ac], '\x9d')
self.assertEqual(mem[0xffffd2ad], 'M')
self.assertEqual(mem[0xffffd2ae], '\xfe')
self.assertEqual(mem[0xffffd2af], '\xf7')
self.assertEqual(cpu.EIP, 4160638365)
self.assertEqual(cpu.EBP, 4160596984)
self.assertEqual(cpu.ESP, 4294955696)
def test_RET_20(self):
''' Instruction RET_20
Groups: ret, not64bitmode
0xf7ff476b: ret
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd380] = '\xe8'
mem[0xffffd37b] = '\xff'
mem[0xffffd378] = '8'
mem[0xffffd379] = '\xd4'
mem[0xffffd37a] = '\xff'
mem[0xf7ff476b] = '\xc3'
mem[0xffffd37c] = '\x91'
mem[0xffffd37d] = 'V'
mem[0xffffd37e] = '\xfe'
mem[0xffffd37f] = '\xf7'
cpu.EIP = 0xf7ff476b
cpu.EBP = 0xffffd438
cpu.ESP = 0xffffd37c
cpu.execute()
self.assertEqual(mem[0xffffd380], '\xe8')
self.assertEqual(mem[0xffffd37b], '\xff')
self.assertEqual(mem[0xffffd378], '8')
self.assertEqual(mem[0xffffd379], '\xd4')
self.assertEqual(mem[0xffffd37a], '\xff')
self.assertEqual(mem[0xf7ff476b], '\xc3')
self.assertEqual(mem[0xffffd37c], '\x91')
self.assertEqual(mem[0xffffd37d], 'V')
self.assertEqual(mem[0xffffd37e], '\xfe')
self.assertEqual(mem[0xffffd37f], '\xf7')
self.assertEqual(cpu.EIP, 4160640657)
self.assertEqual(cpu.EBP, 4294956088)
self.assertEqual(cpu.ESP, 4294955904)
def test_RET_21(self):
''' Instruction RET_21
Groups: ret, not64bitmode
0xf7fe4d3a: ret
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd2f0] = '\xc4'
mem[0xf7fe4d3a] = '\xc3'
mem[0xffffd2e8] = '\x18'
mem[0xffffd2e9] = '\xab'
mem[0xffffd2ea] = '\xfd'
mem[0xffffd2eb] = '\xf7'
mem[0xffffd2ec] = '\xf4'
mem[0xffffd2ed] = 'T'
mem[0xffffd2ee] = '\xfe'
mem[0xffffd2ef] = '\xf7'
cpu.EIP = 0xf7fe4d3a
cpu.EBP = 0xf7fdab18
cpu.ESP = 0xffffd2ec
cpu.execute()
self.assertEqual(mem[0xffffd2f0], '\xc4')
self.assertEqual(mem[0xf7fe4d3a], '\xc3')
self.assertEqual(mem[0xffffd2e8], '\x18')
self.assertEqual(mem[0xffffd2e9], '\xab')
self.assertEqual(mem[0xffffd2ea], '\xfd')
self.assertEqual(mem[0xffffd2eb], '\xf7')
self.assertEqual(mem[0xffffd2ec], '\xf4')
self.assertEqual(mem[0xffffd2ed], 'T')
self.assertEqual(mem[0xffffd2ee], '\xfe')
self.assertEqual(mem[0xffffd2ef], '\xf7')
self.assertEqual(cpu.EIP, 4160640244)
self.assertEqual(cpu.EBP, 4160596760)
self.assertEqual(cpu.ESP, 4294955760)
def test_RET_3(self):
''' Instruction RET_3
Groups: ret, not64bitmode
0xf7ff3e76: ret
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd2b0] = '4'
mem[0xf7ff3e76] = '\xc3'
mem[0xffffd2a8] = '\xc0'
mem[0xffffd2a9] = '\xd4'
mem[0xffffd2aa] = '\xff'
mem[0xffffd2ab] = '\xff'
mem[0xffffd2ac] = '\x9d'
mem[0xffffd2ad] = 'M'
mem[0xffffd2ae] = '\xfe'
mem[0xffffd2af] = '\xf7'
cpu.EIP = 0xf7ff3e76
cpu.EBP = 0xf7fdadb8
cpu.ESP = 0xffffd2ac
cpu.execute()
self.assertEqual(mem[0xffffd2b0], '4')
self.assertEqual(mem[0xf7ff3e76], '\xc3')
self.assertEqual(mem[0xffffd2a8], '\xc0')
self.assertEqual(mem[0xffffd2a9], '\xd4')
self.assertEqual(mem[0xffffd2aa], '\xff')
self.assertEqual(mem[0xffffd2ab], '\xff')
self.assertEqual(mem[0xffffd2ac], '\x9d')
self.assertEqual(mem[0xffffd2ad], 'M')
self.assertEqual(mem[0xffffd2ae], '\xfe')
self.assertEqual(mem[0xffffd2af], '\xf7')
self.assertEqual(cpu.EIP, 4160638365)
self.assertEqual(cpu.EBP, 4160597432)
self.assertEqual(cpu.ESP, 4294955696)
def test_RET_4(self):
''' Instruction RET_4
Groups: ret, not64bitmode
0xf7ff476b: ret
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd380] = '\xe8'
mem[0xffffd37b] = '\xff'
mem[0xffffd378] = '8'
mem[0xffffd379] = '\xd4'
mem[0xffffd37a] = '\xff'
mem[0xf7ff476b] = '\xc3'
mem[0xffffd37c] = '\x91'
mem[0xffffd37d] = 'V'
mem[0xffffd37e] = '\xfe'
mem[0xffffd37f] = '\xf7'
cpu.EIP = 0xf7ff476b
cpu.EBP = 0xffffd438
cpu.ESP = 0xffffd37c
cpu.execute()
self.assertEqual(mem[0xffffd380], '\xe8')
self.assertEqual(mem[0xffffd37b], '\xff')
self.assertEqual(mem[0xffffd378], '8')
self.assertEqual(mem[0xffffd379], '\xd4')
self.assertEqual(mem[0xffffd37a], '\xff')
self.assertEqual(mem[0xf7ff476b], '\xc3')
self.assertEqual(mem[0xffffd37c], '\x91')
self.assertEqual(mem[0xffffd37d], 'V')
self.assertEqual(mem[0xffffd37e], '\xfe')
self.assertEqual(mem[0xffffd37f], '\xf7')
self.assertEqual(cpu.EIP, 4160640657)
self.assertEqual(cpu.EBP, 4294956088)
self.assertEqual(cpu.ESP, 4294955904)
def test_RET_5(self):
''' Instruction RET_5
Groups: ret, not64bitmode
0xf7fe57ef: ret 0x14
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd440] = '\x10'
mem[0xf7fe57ef] = '\xc2'
mem[0xf7fe57f0] = '\x14'
mem[0xf7fe57f1] = '\x00'
mem[0xffffd438] = '\xf8'
mem[0xffffd439] = '\xd4'
mem[0xffffd43a] = '\xff'
mem[0xffffd43b] = '\xff'
mem[0xffffd43c] = '\xf8'
mem[0xffffd43d] = 'r'
mem[0xffffd43e] = '\xfe'
mem[0xffffd43f] = '\xf7'
cpu.EIP = 0xf7fe57ef
cpu.EBP = 0xffffd4f8
cpu.ESP = 0xffffd43c
cpu.execute()
self.assertEqual(mem[0xffffd440], '\x10')
self.assertEqual(mem[0xf7fe57ef], '\xc2')
self.assertEqual(mem[0xf7fe57f0], '\x14')
self.assertEqual(mem[0xf7fe57f1], '\x00')
self.assertEqual(mem[0xffffd438], '\xf8')
self.assertEqual(mem[0xffffd439], '\xd4')
self.assertEqual(mem[0xffffd43a], '\xff')
self.assertEqual(mem[0xffffd43b], '\xff')
self.assertEqual(mem[0xffffd43c], '\xf8')
self.assertEqual(mem[0xffffd43d], 'r')
self.assertEqual(mem[0xffffd43e], '\xfe')
self.assertEqual(mem[0xffffd43f], '\xf7')
self.assertEqual(cpu.EIP, 4160647928)
self.assertEqual(cpu.EBP, 4294956280)
self.assertEqual(cpu.ESP, 4294956116)
def test_RET_6(self):
''' Instruction RET_6
Groups: ret, not64bitmode
0xf7fe0776: ret
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe0000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd4d0] = '\xa0'
mem[0xf7fe0776] = '\xc3'
mem[0xffffd4c8] = 'x'
mem[0xffffd4c9] = '\xd8'
mem[0xffffd4ca] = '\xff'
mem[0xffffd4cb] = '\xf7'
mem[0xffffd4cc] = '\x97'
mem[0xffffd4cd] = '\xac'
mem[0xffffd4ce] = '\xfe'
mem[0xffffd4cf] = '\xf7'
cpu.EIP = 0xf7fe0776
cpu.EBP = 0xf7fe0740
cpu.ESP = 0xffffd4cc
cpu.execute()
self.assertEqual(mem[0xffffd4d0], '\xa0')
self.assertEqual(mem[0xf7fe0776], '\xc3')
self.assertEqual(mem[0xffffd4c8], 'x')
self.assertEqual(mem[0xffffd4c9], '\xd8')
self.assertEqual(mem[0xffffd4ca], '\xff')
self.assertEqual(mem[0xffffd4cb], '\xf7')
self.assertEqual(mem[0xffffd4cc], '\x97')
self.assertEqual(mem[0xffffd4cd], '\xac')
self.assertEqual(mem[0xffffd4ce], '\xfe')
self.assertEqual(mem[0xffffd4cf], '\xf7')
self.assertEqual(cpu.EIP, 4160662679)
self.assertEqual(cpu.EBP, 4160620352)
self.assertEqual(cpu.ESP, 4294956240)
def test_RET_7(self):
''' Instruction RET_7
Groups: ret, not64bitmode
0xf7ff476b: ret
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd2f0] = '\xc4'
mem[0xf7ff476b] = '\xc3'
mem[0xffffd2e8] = '\x18'
mem[0xffffd2e9] = '\xab'
mem[0xffffd2ea] = '\xfd'
mem[0xffffd2eb] = '\xf7'
mem[0xffffd2ec] = '4'
mem[0xffffd2ed] = 'N'
mem[0xffffd2ee] = '\xfe'
mem[0xffffd2ef] = '\xf7'
cpu.EIP = 0xf7ff476b
cpu.EBP = 0xffffd438
cpu.ESP = 0xffffd2ec
cpu.execute()
self.assertEqual(mem[0xffffd2f0], '\xc4')
self.assertEqual(mem[0xffffd2eb], '\xf7')
self.assertEqual(mem[0xffffd2e8], '\x18')
self.assertEqual(mem[0xffffd2e9], '\xab')
self.assertEqual(mem[0xffffd2ea], '\xfd')
self.assertEqual(mem[0xf7ff476b], '\xc3')
self.assertEqual(mem[0xffffd2ec], '4')
self.assertEqual(mem[0xffffd2ed], 'N')
self.assertEqual(mem[0xffffd2ee], '\xfe')
self.assertEqual(mem[0xffffd2ef], '\xf7')
self.assertEqual(cpu.EIP, 4160638516)
self.assertEqual(cpu.EBP, 4294956088)
self.assertEqual(cpu.ESP, 4294955760)
def test_RET_8(self):
''' Instruction RET_8
Groups: ret, not64bitmode
0xf7ff476b: ret
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd2b0] = 'a'
mem[0xf7ff476b] = '\xc3'
mem[0xffffd2a8] = '\xc0'
mem[0xffffd2a9] = '\xd4'
mem[0xffffd2aa] = '\xff'
mem[0xffffd2ab] = '\xff'
mem[0xffffd2ac] = '\x97'
mem[0xffffd2ad] = 'L'
mem[0xffffd2ae] = '\xfe'
mem[0xffffd2af] = '\xf7'
cpu.EIP = 0xf7ff476b
cpu.EBP = 0xf7fdab18
cpu.ESP = 0xffffd2ac
cpu.execute()
self.assertEqual(mem[0xffffd2b0], 'a')
self.assertEqual(mem[0xffffd2ab], '\xff')
self.assertEqual(mem[0xffffd2a8], '\xc0')
self.assertEqual(mem[0xffffd2a9], '\xd4')
self.assertEqual(mem[0xffffd2aa], '\xff')
self.assertEqual(mem[0xf7ff476b], '\xc3')
self.assertEqual(mem[0xffffd2ac], '\x97')
self.assertEqual(mem[0xffffd2ad], 'L')
self.assertEqual(mem[0xffffd2ae], '\xfe')
self.assertEqual(mem[0xffffd2af], '\xf7')
self.assertEqual(cpu.EIP, 4160638103)
self.assertEqual(cpu.EBP, 4160596760)
self.assertEqual(cpu.ESP, 4294955696)
def test_RET_9(self):
''' Instruction RET_9
Groups: ret, not64bitmode
0xf7ff476b: ret
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xffffd2b0] = 'a'
mem[0xf7ff476b] = '\xc3'
mem[0xffffd2a8] = '\xc0'
mem[0xffffd2a9] = '\xd4'
mem[0xffffd2aa] = '\xff'
mem[0xffffd2ab] = '\xff'
mem[0xffffd2ac] = '\x97'
mem[0xffffd2ad] = 'L'
mem[0xffffd2ae] = '\xfe'
mem[0xffffd2af] = '\xf7'
cpu.EIP = 0xf7ff476b
cpu.EBP = 0xf7fdab18
cpu.ESP = 0xffffd2ac
cpu.execute()
self.assertEqual(mem[0xffffd2b0], 'a')
self.assertEqual(mem[0xffffd2ab], '\xff')
self.assertEqual(mem[0xffffd2a8], '\xc0')
self.assertEqual(mem[0xffffd2a9], '\xd4')
self.assertEqual(mem[0xffffd2aa], '\xff')
self.assertEqual(mem[0xf7ff476b], '\xc3')
self.assertEqual(mem[0xffffd2ac], '\x97')
self.assertEqual(mem[0xffffd2ad], 'L')
self.assertEqual(mem[0xffffd2ae], '\xfe')
self.assertEqual(mem[0xffffd2af], '\xf7')
self.assertEqual(cpu.EIP, 4160638103)
self.assertEqual(cpu.EBP, 4160596760)
self.assertEqual(cpu.ESP, 4294955696)
def test_ROL_1(self):
''' Instruction ROL_1
Groups:
0xf7e43469: rol ecx, 9
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e43000, 0x1000, 'rwx')
mem[0xf7e43469] = '\xc1'
mem[0xf7e4346a] = '\xc1'
mem[0xf7e4346b] = '\t'
cpu.EIP = 0xf7e43469
cpu.CF = False
cpu.OF = False
cpu.ECX = 0x57e6423c
cpu.execute()
self.assertEqual(mem[0xf7e43469], '\xc1')
self.assertEqual(mem[0xf7e4346a], '\xc1')
self.assertEqual(mem[0xf7e4346b], '\t')
self.assertEqual(cpu.EIP, 4158927980)
self.assertEqual(cpu.ECX, 3431233711)
def test_ROL_10(self):
''' Instruction ROL_10
Groups:
0x8059a07: rol byte ptr [ebp], 0xff
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x08059a08] = 'E'
mem[0x08059a09] = '\x00'
mem[0x08059a0a] = '\xff'
mem[0xffffb600] = '0'
mem[0x08059a07] = '\xc0'
cpu.EIP = 0x8059a07
cpu.EBP = 0xffffb600
cpu.CF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8059a08], 'E')
self.assertEqual(mem[0x8059a09], '\x00')
self.assertEqual(mem[0x8059a0a], '\xff')
self.assertEqual(mem[0xffffb600], '\x18')
self.assertEqual(mem[0x8059a07], '\xc0')
self.assertEqual(cpu.EIP, 134584843)
self.assertEqual(cpu.EBP, 4294948352)
def test_ROL_11(self):
''' Instruction ROL_11
Groups:
0x8059a21: rol dword ptr [ebp], -1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '|'
mem[0x08059a21] = '\xc1'
mem[0x08059a22] = 'E'
mem[0x08059a23] = '\x00'
mem[0x08059a24] = '\xff'
mem[0xffffb601] = '`'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '<'
cpu.EIP = 0x8059a21
cpu.EBP = 0xffffb600
cpu.CF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '>')
self.assertEqual(mem[0x8059a21], '\xc1')
self.assertEqual(mem[0x8059a22], 'E')
self.assertEqual(mem[0x8059a23], '\x00')
self.assertEqual(mem[0x8059a24], '\xff')
self.assertEqual(mem[0xffffb601], '0')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x1e')
self.assertEqual(cpu.EIP, 134584869)
self.assertEqual(cpu.EBP, 4294948352)
def test_ROL_12(self):
''' Instruction ROL_12
Groups:
0x8059a15: rol dword ptr [ebp], 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\xc0'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = 'x'
mem[0xffffb603] = '\xf8'
mem[0x08059a15] = '\xc1'
mem[0x08059a16] = 'E'
mem[0x08059a17] = '\x00'
mem[0x08059a18] = '\x04'
cpu.EIP = 0x8059a15
cpu.EBP = 0xffffb600
cpu.CF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x0f')
self.assertEqual(mem[0xffffb601], '\x0c')
self.assertEqual(mem[0xffffb602], '\x80')
self.assertEqual(mem[0xffffb603], '\x87')
self.assertEqual(mem[0x8059a15], '\xc1')
self.assertEqual(mem[0x8059a16], 'E')
self.assertEqual(mem[0x8059a17], '\x00')
self.assertEqual(mem[0x8059a18], '\x04')
self.assertEqual(cpu.EIP, 134584857)
self.assertEqual(cpu.EBP, 4294948352)
def test_ROL_13(self):
''' Instruction ROL_13
Groups:
0x80599e0: rol ecx, 1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x080599e0] = '\xd1'
mem[0x080599e1] = '\xc1'
cpu.EIP = 0x80599e0
cpu.CF = False
cpu.OF = False
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0x80599e0], '\xd1')
self.assertEqual(mem[0x80599e1], '\xc1')
self.assertEqual(cpu.EIP, 134584802)
self.assertEqual(cpu.ECX, 0)
def test_ROL_14(self):
''' Instruction ROL_14
Groups:
0x8059a03: rol byte ptr [ebp], 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x03'
mem[0x08059a03] = '\xc0'
mem[0x08059a04] = 'E'
mem[0x08059a05] = '\x00'
mem[0x08059a06] = '\x04'
cpu.EIP = 0x8059a03
cpu.EBP = 0xffffb600
cpu.CF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '0')
self.assertEqual(mem[0x8059a03], '\xc0')
self.assertEqual(mem[0x8059a04], 'E')
self.assertEqual(mem[0x8059a05], '\x00')
self.assertEqual(mem[0x8059a06], '\x04')
self.assertEqual(cpu.EIP, 134584839)
self.assertEqual(cpu.EBP, 4294948352)
def test_ROL_15(self):
''' Instruction ROL_15
Groups:
0x80599e5: rol word ptr [ebp], 1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0x080599e5] = 'f'
mem[0x080599e6] = '\xd1'
mem[0x080599e7] = 'E'
mem[0x080599e8] = '\x00'
cpu.EIP = 0x80599e5
cpu.EBP = 0xffffb600
cpu.CF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0x80599e5], 'f')
self.assertEqual(mem[0x80599e6], '\xd1')
self.assertEqual(mem[0x80599e7], 'E')
self.assertEqual(mem[0x80599e8], '\x00')
self.assertEqual(cpu.EIP, 134584809)
self.assertEqual(cpu.EBP, 4294948352)
def test_ROL_16(self):
''' Instruction ROL_16
Groups:
0x80599db: rol cl, 1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x080599db] = '\xd0'
mem[0x080599dc] = '\xc1'
cpu.EIP = 0x80599db
cpu.CF = False
cpu.OF = False
cpu.CL = 0x0
cpu.execute()
self.assertEqual(mem[0x80599db], '\xd0')
self.assertEqual(mem[0x80599dc], '\xc1')
self.assertEqual(cpu.EIP, 134584797)
self.assertEqual(cpu.CL, 0)
def test_ROL_17(self):
''' Instruction ROL_17
Groups:
0xf7e43479: rol ecx, 9
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e43000, 0x1000, 'rwx')
mem[0xf7e43479] = '\xc1'
mem[0xf7e4347a] = '\xc1'
mem[0xf7e4347b] = '\t'
cpu.EIP = 0xf7e43479
cpu.CF = False
cpu.OF = False
cpu.ECX = 0x5ffb7eae
cpu.execute()
self.assertEqual(mem[0xf7e43479], '\xc1')
self.assertEqual(mem[0xf7e4347a], '\xc1')
self.assertEqual(mem[0xf7e4347b], '\t')
self.assertEqual(cpu.EIP, 4158927996)
self.assertEqual(cpu.ECX, 4143799487)
def test_ROL_18(self):
''' Instruction ROL_18
Groups:
0x8059a19: rol dword ptr [ebp], -1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x0f'
mem[0xffffb601] = '\x0c'
mem[0xffffb602] = '\x80'
mem[0xffffb603] = '\x87'
mem[0x08059a19] = '\xc1'
mem[0x08059a1a] = 'E'
mem[0x08059a1b] = '\x00'
mem[0x08059a1c] = '\xff'
cpu.EIP = 0x8059a19
cpu.EBP = 0xffffb600
cpu.CF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x07')
self.assertEqual(mem[0xffffb601], '\x06')
self.assertEqual(mem[0xffffb602], '\xc0')
self.assertEqual(mem[0xffffb603], '\xc3')
self.assertEqual(mem[0x8059a19], '\xc1')
self.assertEqual(mem[0x8059a1a], 'E')
self.assertEqual(mem[0x8059a1b], '\x00')
self.assertEqual(mem[0x8059a1c], '\xff')
self.assertEqual(cpu.EIP, 134584861)
self.assertEqual(cpu.EBP, 4294948352)
def test_ROL_19(self):
''' Instruction ROL_19
Groups:
0x80599f2: rol cl, 0xff
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x080599f2] = '\xc0'
mem[0x080599f3] = '\xc1'
mem[0x080599f4] = '\xff'
cpu.EIP = 0x80599f2
cpu.CF = False
cpu.OF = False
cpu.CL = 0x0
cpu.execute()
self.assertEqual(mem[0x80599f2], '\xc0')
self.assertEqual(mem[0x80599f3], '\xc1')
self.assertEqual(mem[0x80599f4], '\xff')
self.assertEqual(cpu.EIP, 134584821)
self.assertEqual(cpu.CL, 0)
def test_ROL_2(self):
''' Instruction ROL_2
Groups:
0x80599ef: rol cl, 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x080599f0] = '\xc1'
mem[0x080599f1] = '\x04'
mem[0x080599ef] = '\xc0'
cpu.EIP = 0x80599ef
cpu.CF = True
cpu.OF = False
cpu.CL = 0x0
cpu.execute()
self.assertEqual(mem[0x80599f0], '\xc1')
self.assertEqual(mem[0x80599f1], '\x04')
self.assertEqual(mem[0x80599ef], '\xc0')
self.assertEqual(cpu.EIP, 134584818)
self.assertEqual(cpu.CL, 0)
def test_ROL_20(self):
''' Instruction ROL_20
Groups:
0x8059a1d: rol dword ptr [ebp], 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x08059a20] = '\x04'
mem[0xffffb600] = '\x07'
mem[0xffffb602] = '\xc0'
mem[0xffffb603] = '\xc3'
mem[0xffffb601] = '\x06'
mem[0x08059a1d] = '\xc1'
mem[0x08059a1e] = 'E'
mem[0x08059a1f] = '\x00'
cpu.EIP = 0x8059a1d
cpu.EBP = 0xffffb600
cpu.CF = True
cpu.OF = True
cpu.execute()
self.assertEqual(mem[0x8059a20], '\x04')
self.assertEqual(mem[0xffffb600], '|')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '<')
self.assertEqual(mem[0xffffb601], '`')
self.assertEqual(mem[0x8059a1d], '\xc1')
self.assertEqual(mem[0x8059a1e], 'E')
self.assertEqual(mem[0x8059a1f], '\x00')
self.assertEqual(cpu.EIP, 134584865)
self.assertEqual(cpu.EBP, 4294948352)
def test_ROL_21(self):
''' Instruction ROL_21
Groups:
0x80599e2: rol byte ptr [ebp], 1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0x080599e2] = '\xd0'
mem[0x080599e3] = 'E'
mem[0x080599e4] = '\x00'
cpu.EIP = 0x80599e2
cpu.EBP = 0xffffb600
cpu.CF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0x80599e2], '\xd0')
self.assertEqual(mem[0x80599e3], 'E')
self.assertEqual(mem[0x80599e4], '\x00')
self.assertEqual(cpu.EIP, 134584805)
self.assertEqual(cpu.EBP, 4294948352)
def test_ROL_3(self):
''' Instruction ROL_3
Groups:
0x80599ec: rol dword ptr [ebp], 1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x01'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '<'
mem[0xffffb603] = '\xfc'
mem[0x080599ec] = '\xd1'
mem[0x080599ed] = 'E'
mem[0x080599ee] = '\x00'
cpu.EIP = 0x80599ec
cpu.EBP = 0xffffb600
cpu.CF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x03')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], 'x')
self.assertEqual(mem[0xffffb603], '\xf8')
self.assertEqual(mem[0x80599ec], '\xd1')
self.assertEqual(mem[0x80599ed], 'E')
self.assertEqual(mem[0x80599ee], '\x00')
self.assertEqual(cpu.EIP, 134584815)
self.assertEqual(cpu.EBP, 4294948352)
def test_ROL_4(self):
''' Instruction ROL_4
Groups:
0x8059a00: rol ecx, -1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x08059a00] = '\xc1'
mem[0x08059a01] = '\xc1'
mem[0x08059a02] = '\xff'
cpu.EIP = 0x8059a00
cpu.CF = False
cpu.OF = False
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0x8059a00], '\xc1')
self.assertEqual(mem[0x8059a01], '\xc1')
self.assertEqual(mem[0x8059a02], '\xff')
self.assertEqual(cpu.EIP, 134584835)
self.assertEqual(cpu.ECX, 0)
def test_ROL_5(self):
''' Instruction ROL_5
Groups:
0x80599f9: rol cx, -1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x080599f9] = 'f'
mem[0x080599fa] = '\xc1'
mem[0x080599fb] = '\xc1'
mem[0x080599fc] = '\xff'
cpu.EIP = 0x80599f9
cpu.CX = 0x0
cpu.CF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x80599f9], 'f')
self.assertEqual(mem[0x80599fa], '\xc1')
self.assertEqual(mem[0x80599fb], '\xc1')
self.assertEqual(mem[0x80599fc], '\xff')
self.assertEqual(cpu.EIP, 134584829)
self.assertEqual(cpu.CX, 0)
def test_ROL_6(self):
''' Instruction ROL_6
Groups:
0x80599fd: rol ecx, 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x080599fd] = '\xc1'
mem[0x080599fe] = '\xc1'
mem[0x080599ff] = '\x04'
cpu.EIP = 0x80599fd
cpu.CF = False
cpu.OF = False
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0x80599fd], '\xc1')
self.assertEqual(mem[0x80599fe], '\xc1')
self.assertEqual(mem[0x80599ff], '\x04')
self.assertEqual(cpu.EIP, 134584832)
self.assertEqual(cpu.ECX, 0)
def test_ROL_7(self):
''' Instruction ROL_7
Groups:
0x80599dd: rol cx, 1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x080599dd] = 'f'
mem[0x080599de] = '\xd1'
mem[0x080599df] = '\xc1'
cpu.EIP = 0x80599dd
cpu.CX = 0x0
cpu.CF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x80599dd], 'f')
self.assertEqual(mem[0x80599de], '\xd1')
self.assertEqual(mem[0x80599df], '\xc1')
self.assertEqual(cpu.EIP, 134584800)
self.assertEqual(cpu.CX, 0)
def test_ROL_8(self):
''' Instruction ROL_8
Groups:
0x8059a0b: rol word ptr [ebp], 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x18'
mem[0xffffb601] = '\x00'
mem[0x08059a0b] = 'f'
mem[0x08059a0c] = '\xc1'
mem[0x08059a0d] = 'E'
mem[0x08059a0e] = '\x00'
mem[0x08059a0f] = '\x04'
cpu.EIP = 0x8059a0b
cpu.EBP = 0xffffb600
cpu.CF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x80')
self.assertEqual(mem[0xffffb601], '\x01')
self.assertEqual(mem[0x8059a0b], 'f')
self.assertEqual(mem[0x8059a0c], '\xc1')
self.assertEqual(mem[0x8059a0d], 'E')
self.assertEqual(mem[0x8059a0e], '\x00')
self.assertEqual(mem[0x8059a0f], '\x04')
self.assertEqual(cpu.EIP, 134584848)
self.assertEqual(cpu.EBP, 4294948352)
def test_ROL_9(self):
''' Instruction ROL_9
Groups:
0xf7e484bc: rol edx, 9
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e48000, 0x1000, 'rwx')
mem[0xf7e484bc] = '\xc1'
mem[0xf7e484bd] = '\xc2'
mem[0xf7e484be] = '\t'
cpu.EIP = 0xf7e484bc
cpu.EDX = 0x5fe7257c
cpu.CF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xf7e484bc], '\xc1')
self.assertEqual(mem[0xf7e484bd], '\xc2')
self.assertEqual(mem[0xf7e484be], '\t')
self.assertEqual(cpu.EIP, 4158948543)
self.assertEqual(cpu.EDX, 3461019839)
def test_ROR_1(self):
''' Instruction ROR_1
Groups:
0x805b9c6: ror byte ptr [ebp], 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x0805b9c8] = '\x00'
mem[0x0805b9c9] = '\x04'
mem[0x0805b9c6] = '\xc0'
mem[0xffffb600] = '\x0f'
mem[0x0805b9c7] = 'M'
cpu.EIP = 0x805b9c6
cpu.EBP = 0xffffb600
cpu.CF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x805b9c8], '\x00')
self.assertEqual(mem[0x805b9c9], '\x04')
self.assertEqual(mem[0xffffb600], '\xf0')
self.assertEqual(mem[0x805b9c6], '\xc0')
self.assertEqual(mem[0x805b9c7], 'M')
self.assertEqual(cpu.EIP, 134592970)
self.assertEqual(cpu.EBP, 4294948352)
def test_ROR_10(self):
''' Instruction ROR_10
Groups:
0x805b9a3: ror ecx, 1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x0805b9a3] = '\xd1'
mem[0x0805b9a4] = '\xc9'
cpu.EIP = 0x805b9a3
cpu.CF = False
cpu.OF = True
cpu.ECX = 0x78036403
cpu.execute()
self.assertEqual(mem[0x805b9a3], '\xd1')
self.assertEqual(mem[0x805b9a4], '\xc9')
self.assertEqual(cpu.EIP, 134592933)
self.assertEqual(cpu.ECX, 3154227713)
def test_ROR_11(self):
''' Instruction ROR_11
Groups:
0x805b9d8: ror dword ptr [ebp], 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x1c'
mem[0xffffb601] = ' '
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x80'
mem[0x0805b9d8] = '\xc1'
mem[0x0805b9d9] = 'M'
mem[0x0805b9da] = '\x00'
mem[0x0805b9db] = '\x04'
cpu.EIP = 0x805b9d8
cpu.EBP = 0xffffb600
cpu.CF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x01')
self.assertEqual(mem[0xffffb601], '\x02')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\xc8')
self.assertEqual(mem[0x805b9d8], '\xc1')
self.assertEqual(mem[0x805b9d9], 'M')
self.assertEqual(mem[0x805b9da], '\x00')
self.assertEqual(mem[0x805b9db], '\x04')
self.assertEqual(cpu.EIP, 134592988)
self.assertEqual(cpu.EBP, 4294948352)
def test_ROR_12(self):
''' Instruction ROR_12
Groups:
0x805b9a8: ror word ptr [ebp], 1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '|'
mem[0xffffb601] = '\x00'
mem[0x0805b9a8] = 'f'
mem[0x0805b9a9] = '\xd1'
mem[0x0805b9aa] = 'M'
mem[0x0805b9ab] = '\x00'
cpu.EIP = 0x805b9a8
cpu.EBP = 0xffffb600
cpu.CF = False
cpu.OF = True
cpu.execute()
self.assertEqual(mem[0xffffb600], '>')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0x805b9a8], 'f')
self.assertEqual(mem[0x805b9a9], '\xd1')
self.assertEqual(mem[0x805b9aa], 'M')
self.assertEqual(mem[0x805b9ab], '\x00')
self.assertEqual(cpu.EIP, 134592940)
self.assertEqual(cpu.EBP, 4294948352)
def test_ROR_13(self):
''' Instruction ROR_13
Groups:
0x805b9ac: ror dword ptr [ebp], 1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '>'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x0805b9ac] = '\xd1'
mem[0x0805b9ad] = 'M'
mem[0x0805b9ae] = '\x00'
cpu.EIP = 0x805b9ac
cpu.EBP = 0xffffb600
cpu.CF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x1f')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x805b9ac], '\xd1')
self.assertEqual(mem[0x805b9ad], 'M')
self.assertEqual(mem[0x805b9ae], '\x00')
self.assertEqual(cpu.EIP, 134592943)
self.assertEqual(cpu.EBP, 4294948352)
def test_ROR_14(self):
''' Instruction ROR_14
Groups:
0x805b9e4: ror dword ptr [ebp], -1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '@'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '9'
mem[0x0805b9e4] = '\xc1'
mem[0x0805b9e5] = 'M'
mem[0x0805b9e6] = '\x00'
mem[0x0805b9e7] = '\xff'
cpu.EIP = 0x805b9e4
cpu.EBP = 0xffffb600
cpu.CF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x80')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], 'r')
self.assertEqual(mem[0x805b9e4], '\xc1')
self.assertEqual(mem[0x805b9e5], 'M')
self.assertEqual(mem[0x805b9e6], '\x00')
self.assertEqual(mem[0x805b9e7], '\xff')
self.assertEqual(cpu.EIP, 134593000)
self.assertEqual(cpu.EBP, 4294948352)
def test_ROR_15(self):
''' Instruction ROR_15
Groups:
0x805b9af: ror dword ptr [ebp], 1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x1f'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x0805b9af] = '\xd1'
mem[0x0805b9b0] = 'M'
mem[0x0805b9b1] = '\x00'
cpu.EIP = 0x805b9af
cpu.EBP = 0xffffb600
cpu.CF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x0f')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x80')
self.assertEqual(mem[0x805b9af], '\xd1')
self.assertEqual(mem[0x805b9b0], 'M')
self.assertEqual(mem[0x805b9b1], '\x00')
self.assertEqual(cpu.EIP, 134592946)
self.assertEqual(cpu.EBP, 4294948352)
def test_ROR_16(self):
''' Instruction ROR_16
Groups:
0x805b9ca: ror byte ptr [ebp], 0xff
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\xf0'
mem[0x0805b9ca] = '\xc0'
mem[0x0805b9cb] = 'M'
mem[0x0805b9cc] = '\x00'
mem[0x0805b9cd] = '\xff'
cpu.EIP = 0x805b9ca
cpu.EBP = 0xffffb600
cpu.CF = True
cpu.OF = True
cpu.execute()
self.assertEqual(mem[0xffffb600], '\xe1')
self.assertEqual(mem[0x805b9ca], '\xc0')
self.assertEqual(mem[0x805b9cb], 'M')
self.assertEqual(mem[0x805b9cc], '\x00')
self.assertEqual(mem[0x805b9cd], '\xff')
self.assertEqual(cpu.EIP, 134592974)
self.assertEqual(cpu.EBP, 4294948352)
def test_ROR_17(self):
''' Instruction ROR_17
Groups:
0x805b9dc: ror dword ptr [ebp], -1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x01'
mem[0xffffb601] = '\x02'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\xc8'
mem[0x0805b9dc] = '\xc1'
mem[0x0805b9dd] = 'M'
mem[0x0805b9de] = '\x00'
mem[0x0805b9df] = '\xff'
cpu.EIP = 0x805b9dc
cpu.EBP = 0xffffb600
cpu.CF = True
cpu.OF = True
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x03')
self.assertEqual(mem[0xffffb601], '\x04')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x90')
self.assertEqual(mem[0x805b9dc], '\xc1')
self.assertEqual(mem[0x805b9dd], 'M')
self.assertEqual(mem[0x805b9de], '\x00')
self.assertEqual(mem[0x805b9df], '\xff')
self.assertEqual(cpu.EIP, 134592992)
self.assertEqual(cpu.EBP, 4294948352)
def test_ROR_18(self):
''' Instruction ROR_18
Groups:
0x805b9bc: ror cx, -1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x0805b9bc] = 'f'
mem[0x0805b9bd] = '\xc1'
mem[0x0805b9be] = '\xc9'
mem[0x0805b9bf] = '\xff'
cpu.EIP = 0x805b9bc
cpu.CX = 0xb22
cpu.CF = False
cpu.OF = True
cpu.execute()
self.assertEqual(mem[0x805b9bc], 'f')
self.assertEqual(mem[0x805b9bd], '\xc1')
self.assertEqual(mem[0x805b9be], '\xc9')
self.assertEqual(mem[0x805b9bf], '\xff')
self.assertEqual(cpu.EIP, 134592960)
self.assertEqual(cpu.CX, 5700)
def test_ROR_19(self):
''' Instruction ROR_19
Groups:
0x805b9d3: ror word ptr [ebp], -1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x0e'
mem[0xffffb601] = '\x10'
mem[0x0805b9d3] = 'f'
mem[0x0805b9d4] = '\xc1'
mem[0x0805b9d5] = 'M'
mem[0x0805b9d6] = '\x00'
mem[0x0805b9d7] = '\xff'
cpu.EIP = 0x805b9d3
cpu.EBP = 0xffffb600
cpu.CF = False
cpu.OF = True
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x1c')
self.assertEqual(mem[0xffffb601], ' ')
self.assertEqual(mem[0x805b9d3], 'f')
self.assertEqual(mem[0x805b9d4], '\xc1')
self.assertEqual(mem[0x805b9d5], 'M')
self.assertEqual(mem[0x805b9d6], '\x00')
self.assertEqual(mem[0x805b9d7], '\xff')
self.assertEqual(cpu.EIP, 134592984)
self.assertEqual(cpu.EBP, 4294948352)
def test_ROR_2(self):
''' Instruction ROR_2
Groups:
0x805b9ce: ror word ptr [ebp], 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\xe1'
mem[0xffffb601] = '\x00'
mem[0x0805b9ce] = 'f'
mem[0x0805b9cf] = '\xc1'
mem[0x0805b9d0] = 'M'
mem[0x0805b9d1] = '\x00'
mem[0x0805b9d2] = '\x04'
cpu.EIP = 0x805b9ce
cpu.EBP = 0xffffb600
cpu.CF = True
cpu.OF = True
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x0e')
self.assertEqual(mem[0xffffb601], '\x10')
self.assertEqual(mem[0x805b9ce], 'f')
self.assertEqual(mem[0x805b9cf], '\xc1')
self.assertEqual(mem[0x805b9d0], 'M')
self.assertEqual(mem[0x805b9d1], '\x00')
self.assertEqual(mem[0x805b9d2], '\x04')
self.assertEqual(cpu.EIP, 134592979)
self.assertEqual(cpu.EBP, 4294948352)
def test_ROR_20(self):
''' Instruction ROR_20
Groups:
0x805b9b2: ror cl, 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x0805b9b2] = '\xc0'
mem[0x0805b9b3] = '\xc9'
mem[0x0805b9b4] = '\x04'
cpu.EIP = 0x805b9b2
cpu.CF = True
cpu.OF = True
cpu.CL = 0x1
cpu.execute()
self.assertEqual(mem[0x805b9b2], '\xc0')
self.assertEqual(mem[0x805b9b3], '\xc9')
self.assertEqual(mem[0x805b9b4], '\x04')
self.assertEqual(cpu.EIP, 134592949)
self.assertEqual(cpu.CL, 16)
def test_ROR_21(self):
''' Instruction ROR_21
Groups:
0x805b9a5: ror byte ptr [ebp], 1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\xf8'
mem[0x0805b9a5] = '\xd0'
mem[0x0805b9a6] = 'M'
mem[0x0805b9a7] = '\x00'
cpu.EIP = 0x805b9a5
cpu.EBP = 0xffffb600
cpu.CF = True
cpu.OF = True
cpu.execute()
self.assertEqual(mem[0xffffb600], '|')
self.assertEqual(mem[0x805b9a5], '\xd0')
self.assertEqual(mem[0x805b9a6], 'M')
self.assertEqual(mem[0x805b9a7], '\x00')
self.assertEqual(cpu.EIP, 134592936)
self.assertEqual(cpu.EBP, 4294948352)
def test_ROR_3(self):
''' Instruction ROR_3
Groups:
0x805b9c0: ror ecx, 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x0805b9c0] = '\xc1'
mem[0x0805b9c1] = '\xc9'
mem[0x0805b9c2] = '\x04'
cpu.EIP = 0x805b9c0
cpu.CF = False
cpu.OF = False
cpu.ECX = 0xbc011644
cpu.execute()
self.assertEqual(mem[0x805b9c0], '\xc1')
self.assertEqual(mem[0x805b9c1], '\xc9')
self.assertEqual(mem[0x805b9c2], '\x04')
self.assertEqual(cpu.EIP, 134592963)
self.assertEqual(cpu.ECX, 1270878564)
def test_ROR_4(self):
''' Instruction ROR_4
Groups:
0x805b9b5: ror cl, 0xff
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x0805b9b5] = '\xc0'
mem[0x0805b9b6] = '\xc9'
mem[0x0805b9b7] = '\xff'
cpu.EIP = 0x805b9b5
cpu.CF = False
cpu.OF = True
cpu.CL = 0x10
cpu.execute()
self.assertEqual(mem[0x805b9b5], '\xc0')
self.assertEqual(mem[0x805b9b6], '\xc9')
self.assertEqual(mem[0x805b9b7], '\xff')
self.assertEqual(cpu.EIP, 134592952)
self.assertEqual(cpu.CL, 32)
def test_ROR_5(self):
''' Instruction ROR_5
Groups:
0x805b9b8: ror cx, 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x0805b9b8] = 'f'
mem[0x0805b9b9] = '\xc1'
mem[0x0805b9ba] = '\xc9'
mem[0x0805b9bb] = '\x04'
cpu.EIP = 0x805b9b8
cpu.CX = 0xb220
cpu.CF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x805b9b8], 'f')
self.assertEqual(mem[0x805b9b9], '\xc1')
self.assertEqual(mem[0x805b9ba], '\xc9')
self.assertEqual(mem[0x805b9bb], '\x04')
self.assertEqual(cpu.EIP, 134592956)
self.assertEqual(cpu.CX, 2850)
def test_ROR_6(self):
''' Instruction ROR_6
Groups:
0x805b9c3: ror ecx, -1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x0805b9c3] = '\xc1'
mem[0x0805b9c4] = '\xc9'
mem[0x0805b9c5] = '\xff'
cpu.EIP = 0x805b9c3
cpu.CF = False
cpu.OF = True
cpu.ECX = 0x4bc01164
cpu.execute()
self.assertEqual(mem[0x805b9c3], '\xc1')
self.assertEqual(mem[0x805b9c4], '\xc9')
self.assertEqual(mem[0x805b9c5], '\xff')
self.assertEqual(cpu.EIP, 134592966)
self.assertEqual(cpu.ECX, 2541757128)
def test_ROR_7(self):
''' Instruction ROR_7
Groups:
0x805b9e0: ror dword ptr [ebp], 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x0805b9e0] = '\xc1'
mem[0x0805b9e1] = 'M'
mem[0x0805b9e2] = '\x00'
mem[0x0805b9e3] = '\x04'
mem[0xffffb600] = '\x03'
mem[0xffffb601] = '\x04'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x90'
cpu.EIP = 0x805b9e0
cpu.EBP = 0xffffb600
cpu.CF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x805b9e0], '\xc1')
self.assertEqual(mem[0x805b9e1], 'M')
self.assertEqual(mem[0x805b9e2], '\x00')
self.assertEqual(mem[0x805b9e3], '\x04')
self.assertEqual(mem[0xffffb600], '@')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '9')
self.assertEqual(cpu.EIP, 134592996)
self.assertEqual(cpu.EBP, 4294948352)
def test_ROR_8(self):
''' Instruction ROR_8
Groups:
0x805b99e: ror cl, 1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x0805b99e] = '\xd0'
mem[0x0805b99f] = '\xc9'
cpu.EIP = 0x805b99e
cpu.CF = False
cpu.OF = False
cpu.CL = 0xc
cpu.execute()
self.assertEqual(mem[0x805b99e], '\xd0')
self.assertEqual(mem[0x805b99f], '\xc9')
self.assertEqual(cpu.EIP, 134592928)
self.assertEqual(cpu.CL, 6)
def test_ROR_9(self):
''' Instruction ROR_9
Groups:
0x805b9a0: ror cx, 1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x0805b9a0] = 'f'
mem[0x0805b9a1] = '\xd1'
mem[0x0805b9a2] = '\xc9'
cpu.EIP = 0x805b9a0
cpu.CX = 0xc806
cpu.CF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x805b9a0], 'f')
self.assertEqual(mem[0x805b9a1], '\xd1')
self.assertEqual(mem[0x805b9a2], '\xc9')
self.assertEqual(cpu.EIP, 134592931)
self.assertEqual(cpu.CX, 25603)
def test_SAHF_1(self):
''' Instruction SAHF_1
Groups:
0x807b5a9: sahf
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b5a9] = '\x9e'
cpu.EIP = 0x807b5a9
cpu.AF = True
cpu.AH = 0xd7
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x807b5a9], '\x9e')
self.assertEqual(cpu.EIP, 134722986)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.AH, 215)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, True)
def test_SAHF_10(self):
''' Instruction SAHF_10
Groups:
0x807ab2f: sahf
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807ab2f] = '\x9e'
cpu.EIP = 0x807ab2f
cpu.AF = False
cpu.AH = 0xd7
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x807ab2f], '\x9e')
self.assertEqual(cpu.EIP, 134720304)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.AH, 215)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, True)
def test_SAHF_11(self):
''' Instruction SAHF_11
Groups:
0x807b032: sahf
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b032] = '\x9e'
cpu.EIP = 0x807b032
cpu.AF = False
cpu.AH = 0x42
cpu.ZF = False
cpu.CF = True
cpu.PF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x807b032], '\x9e')
self.assertEqual(cpu.EIP, 134721587)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.AH, 66)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
def test_SAHF_12(self):
''' Instruction SAHF_12
Groups:
0x807b180: sahf
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b180] = '\x9e'
cpu.EIP = 0x807b180
cpu.AF = False
cpu.AH = 0x52
cpu.ZF = False
cpu.CF = True
cpu.PF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x807b180], '\x9e')
self.assertEqual(cpu.EIP, 134721921)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.AH, 82)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
def test_SAHF_13(self):
''' Instruction SAHF_13
Groups:
0x807a29d: sahf
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a29d] = '\x9e'
cpu.EIP = 0x807a29d
cpu.AF = False
cpu.AH = 0x87
cpu.ZF = False
cpu.CF = False
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x807a29d], '\x9e')
self.assertEqual(cpu.EIP, 134718110)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.AH, 135)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, True)
def test_SAHF_14(self):
''' Instruction SAHF_14
Groups:
0x807aec9: sahf
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807aec9] = '\x9e'
cpu.EIP = 0x807aec9
cpu.AF = False
cpu.AH = 0x3
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x807aec9], '\x9e')
self.assertEqual(cpu.EIP, 134721226)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.AH, 3)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
def test_SAHF_15(self):
''' Instruction SAHF_15
Groups:
0x807b328: sahf
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b328] = '\x9e'
cpu.EIP = 0x807b328
cpu.AF = False
cpu.AH = 0xc6
cpu.ZF = False
cpu.CF = True
cpu.PF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x807b328], '\x9e')
self.assertEqual(cpu.EIP, 134722345)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.AH, 198)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, True)
def test_SAHF_16(self):
''' Instruction SAHF_16
Groups:
0x807a58b: sahf
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a58b] = '\x9e'
cpu.EIP = 0x807a58b
cpu.AF = False
cpu.AH = 0x7
cpu.ZF = False
cpu.CF = False
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x807a58b], '\x9e')
self.assertEqual(cpu.EIP, 134718860)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.AH, 7)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_SAHF_17(self):
''' Instruction SAHF_17
Groups:
0x807ac87: sahf
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807ac87] = '\x9e'
cpu.EIP = 0x807ac87
cpu.AF = False
cpu.AH = 0x7
cpu.ZF = False
cpu.CF = False
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x807ac87], '\x9e')
self.assertEqual(cpu.EIP, 134720648)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.AH, 7)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_SAHF_18(self):
''' Instruction SAHF_18
Groups:
0x807b425: sahf
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b425] = '\x9e'
cpu.EIP = 0x807b425
cpu.AF = False
cpu.AH = 0x93
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x807b425], '\x9e')
self.assertEqual(cpu.EIP, 134722598)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.AH, 147)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, True)
def test_SAHF_19(self):
''' Instruction SAHF_19
Groups:
0x807baf9: sahf
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807baf9] = '\x9e'
cpu.EIP = 0x807baf9
cpu.AF = False
cpu.AH = 0x53
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x807baf9], '\x9e')
self.assertEqual(cpu.EIP, 134724346)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.AH, 83)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
def test_SAHF_2(self):
''' Instruction SAHF_2
Groups:
0x807b558: sahf
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807b558] = '\x9e'
cpu.EIP = 0x807b558
cpu.AF = False
cpu.AH = 0x96
cpu.ZF = False
cpu.CF = True
cpu.PF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x807b558], '\x9e')
self.assertEqual(cpu.EIP, 134722905)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.AH, 150)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, True)
def test_SAHF_20(self):
''' Instruction SAHF_20
Groups:
0x8079d2e: sahf
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079d2e] = '\x9e'
cpu.EIP = 0x8079d2e
cpu.AF = False
cpu.AH = 0xd6
cpu.ZF = False
cpu.CF = True
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x8079d2e], '\x9e')
self.assertEqual(cpu.EIP, 134716719)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.AH, 214)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, True)
def test_SAHF_21(self):
''' Instruction SAHF_21
Groups:
0x807a5c1: sahf
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a5c1] = '\x9e'
cpu.EIP = 0x807a5c1
cpu.AF = False
cpu.AH = 0x43
cpu.ZF = False
cpu.CF = False
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x807a5c1], '\x9e')
self.assertEqual(cpu.EIP, 134718914)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.AH, 67)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
def test_SAHF_3(self):
''' Instruction SAHF_3
Groups:
0x80798a2: sahf
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x080798a2] = '\x9e'
cpu.EIP = 0x80798a2
cpu.AF = True
cpu.AH = 0x2
cpu.ZF = False
cpu.CF = True
cpu.PF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x80798a2], '\x9e')
self.assertEqual(cpu.EIP, 134715555)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.AH, 2)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
def test_SAHF_4(self):
''' Instruction SAHF_4
Groups:
0x807aa96: sahf
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807aa96] = '\x9e'
cpu.EIP = 0x807aa96
cpu.AF = False
cpu.AH = 0x56
cpu.ZF = False
cpu.CF = True
cpu.PF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x807aa96], '\x9e')
self.assertEqual(cpu.EIP, 134720151)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.AH, 86)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_SAHF_5(self):
''' Instruction SAHF_5
Groups:
0x8079b23: sahf
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079b23] = '\x9e'
cpu.EIP = 0x8079b23
cpu.AF = False
cpu.AH = 0x13
cpu.ZF = False
cpu.CF = False
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x8079b23], '\x9e')
self.assertEqual(cpu.EIP, 134716196)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.AH, 19)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
def test_SAHF_6(self):
''' Instruction SAHF_6
Groups:
0x807bb41: sahf
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x0807bb41] = '\x9e'
cpu.EIP = 0x807bb41
cpu.AF = False
cpu.AH = 0x93
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x807bb41], '\x9e')
self.assertEqual(cpu.EIP, 134724418)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.AH, 147)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, True)
def test_SAHF_7(self):
''' Instruction SAHF_7
Groups:
0x807ab81: sahf
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807ab81] = '\x9e'
cpu.EIP = 0x807ab81
cpu.AF = False
cpu.AH = 0x17
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x807ab81], '\x9e')
self.assertEqual(cpu.EIP, 134720386)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.AH, 23)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_SAHF_8(self):
''' Instruction SAHF_8
Groups:
0x807a772: sahf
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a772] = '\x9e'
cpu.EIP = 0x807a772
cpu.AF = True
cpu.AH = 0xc2
cpu.ZF = False
cpu.CF = True
cpu.PF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x807a772], '\x9e')
self.assertEqual(cpu.EIP, 134719347)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.AH, 194)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, True)
def test_SAHF_9(self):
''' Instruction SAHF_9
Groups:
0x807a796: sahf
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x0807a796] = '\x9e'
cpu.EIP = 0x807a796
cpu.AF = False
cpu.AH = 0xd2
cpu.ZF = False
cpu.CF = True
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x807a796], '\x9e')
self.assertEqual(cpu.EIP, 134719383)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.AH, 210)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, True)
def test_SAR_1(self):
''' Instruction SAR_1
Groups:
0xf7fe54e1: sar eax, 2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e1] = '\xc1'
mem[0xf7fe54e2] = '\xf8'
mem[0xf7fe54e3] = '\x02'
cpu.EIP = 0xf7fe54e1
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0x1a48
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe54e1], '\xc1')
self.assertEqual(mem[0xf7fe54e2], '\xf8')
self.assertEqual(mem[0xf7fe54e3], '\x02')
self.assertEqual(cpu.EIP, 4160640228)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 1682)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
def test_SAR_10(self):
''' Instruction SAR_10
Groups:
0xf7fe54e1: sar eax, 2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e1] = '\xc1'
mem[0xf7fe54e2] = '\xf8'
mem[0xf7fe54e3] = '\x02'
cpu.EIP = 0xf7fe54e1
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0x172c
cpu.PF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe54e1], '\xc1')
self.assertEqual(mem[0xf7fe54e2], '\xf8')
self.assertEqual(mem[0xf7fe54e3], '\x02')
self.assertEqual(cpu.EIP, 4160640228)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 1483)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
def test_SAR_11(self):
''' Instruction SAR_11
Groups:
0x804d5ec: sar byte ptr [ebp], 0xff
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0x0804d5ec] = '\xc0'
mem[0x0804d5ed] = '}'
mem[0x0804d5ee] = '\x00'
mem[0x0804d5ef] = '\xff'
cpu.EIP = 0x804d5ec
cpu.OF = False
cpu.ZF = True
cpu.CF = False
cpu.EBP = 0xffffb600
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0x804d5ec], '\xc0')
self.assertEqual(mem[0x804d5ed], '}')
self.assertEqual(mem[0x804d5ee], '\x00')
self.assertEqual(mem[0x804d5ef], '\xff')
self.assertEqual(cpu.EIP, 134534640)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.SF, False)
def test_SAR_12(self):
''' Instruction SAR_12
Groups:
0xf7fe54e1: sar eax, 2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e1] = '\xc1'
mem[0xf7fe54e2] = '\xf8'
mem[0xf7fe54e3] = '\x02'
cpu.EIP = 0xf7fe54e1
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0x1e6c
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe54e1], '\xc1')
self.assertEqual(mem[0xf7fe54e2], '\xf8')
self.assertEqual(mem[0xf7fe54e3], '\x02')
self.assertEqual(cpu.EIP, 4160640228)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 1947)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
def test_SAR_13(self):
''' Instruction SAR_13
Groups:
0xf7fe54e1: sar eax, 2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e1] = '\xc1'
mem[0xf7fe54e2] = '\xf8'
mem[0xf7fe54e3] = '\x02'
cpu.EIP = 0xf7fe54e1
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0x2184
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe54e1], '\xc1')
self.assertEqual(mem[0xf7fe54e2], '\xf8')
self.assertEqual(mem[0xf7fe54e3], '\x02')
self.assertEqual(cpu.EIP, 4160640228)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 2145)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
def test_SAR_14(self):
''' Instruction SAR_14
Groups:
0xf7fe54e1: sar eax, 2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e1] = '\xc1'
mem[0xf7fe54e2] = '\xf8'
mem[0xf7fe54e3] = '\x02'
cpu.EIP = 0xf7fe54e1
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0x484
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe54e1], '\xc1')
self.assertEqual(mem[0xf7fe54e2], '\xf8')
self.assertEqual(mem[0xf7fe54e3], '\x02')
self.assertEqual(cpu.EIP, 4160640228)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 289)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_SAR_15(self):
''' Instruction SAR_15
Groups:
0x804d5c7: sar byte ptr [ebp], 1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x0804d5c8] = '}'
mem[0x0804d5c9] = '\x00'
mem[0xffffb600] = '\x00'
mem[0x0804d5c7] = '\xd0'
cpu.EIP = 0x804d5c7
cpu.OF = False
cpu.ZF = True
cpu.CF = False
cpu.EBP = 0xffffb600
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x804d5c8], '}')
self.assertEqual(mem[0x804d5c9], '\x00')
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0x804d5c7], '\xd0')
self.assertEqual(cpu.EIP, 134534602)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.SF, False)
def test_SAR_16(self):
''' Instruction SAR_16
Groups:
0xf7fe2131: sar edx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe2000, 0x1000, 'rwx')
mem[0xf7fe2131] = '\xd3'
mem[0xf7fe2132] = '\xfa'
cpu.EIP = 0xf7fe2131
cpu.EDX = 0x73516240
cpu.PF = True
cpu.CL = 0x18
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe2131], '\xd3')
self.assertEqual(mem[0xf7fe2132], '\xfa')
self.assertEqual(cpu.EIP, 4160626995)
self.assertEqual(cpu.EDX, 115)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.CL, 24)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_SAR_17(self):
''' Instruction SAR_17
Groups:
0xf7fe54e1: sar eax, 2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e1] = '\xc1'
mem[0xf7fe54e2] = '\xf8'
mem[0xf7fe54e3] = '\x02'
cpu.EIP = 0xf7fe54e1
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0x1944
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe54e1], '\xc1')
self.assertEqual(mem[0xf7fe54e2], '\xf8')
self.assertEqual(mem[0xf7fe54e3], '\x02')
self.assertEqual(cpu.EIP, 4160640228)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 1617)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
def test_SAR_18(self):
''' Instruction SAR_18
Groups:
0xf7fe54e1: sar eax, 2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e1] = '\xc1'
mem[0xf7fe54e2] = '\xf8'
mem[0xf7fe54e3] = '\x02'
cpu.EIP = 0xf7fe54e1
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0x13b4
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe54e1], '\xc1')
self.assertEqual(mem[0xf7fe54e2], '\xf8')
self.assertEqual(mem[0xf7fe54e3], '\x02')
self.assertEqual(cpu.EIP, 4160640228)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 1261)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_SAR_19(self):
''' Instruction SAR_19
Groups:
0xf7fe54e1: sar eax, 2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e1] = '\xc1'
mem[0xf7fe54e2] = '\xf8'
mem[0xf7fe54e3] = '\x02'
cpu.EIP = 0xf7fe54e1
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0xba4
cpu.PF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe54e1], '\xc1')
self.assertEqual(mem[0xf7fe54e2], '\xf8')
self.assertEqual(mem[0xf7fe54e3], '\x02')
self.assertEqual(cpu.EIP, 4160640228)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 745)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
def test_SAR_2(self):
''' Instruction SAR_2
Groups:
0xf7ff0800: sar esi, 1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff0800] = '\xd1'
mem[0xf7ff0801] = '\xfe'
cpu.EIP = 0xf7ff0800
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = False
cpu.ESI = 0x60b
cpu.execute()
self.assertEqual(mem[0xf7ff0800], '\xd1')
self.assertEqual(mem[0xf7ff0801], '\xfe')
self.assertEqual(cpu.EIP, 4160686082)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ESI, 773)
def test_SAR_20(self):
''' Instruction SAR_20
Groups:
0xf7fe54e1: sar eax, 2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e1] = '\xc1'
mem[0xf7fe54e2] = '\xf8'
mem[0xf7fe54e3] = '\x02'
cpu.EIP = 0xf7fe54e1
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0x370
cpu.PF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe54e1], '\xc1')
self.assertEqual(mem[0xf7fe54e2], '\xf8')
self.assertEqual(mem[0xf7fe54e3], '\x02')
self.assertEqual(cpu.EIP, 4160640228)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 220)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
def test_SAR_21(self):
''' Instruction SAR_21
Groups:
0xf7fe54e1: sar eax, 2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e1] = '\xc1'
mem[0xf7fe54e2] = '\xf8'
mem[0xf7fe54e3] = '\x02'
cpu.EIP = 0xf7fe54e1
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0x1584
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe54e1], '\xc1')
self.assertEqual(mem[0xf7fe54e2], '\xf8')
self.assertEqual(mem[0xf7fe54e3], '\x02')
self.assertEqual(cpu.EIP, 4160640228)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 1377)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
def test_SAR_3(self):
''' Instruction SAR_3
Groups:
0xf7fe54e1: sar eax, 2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e1] = '\xc1'
mem[0xf7fe54e2] = '\xf8'
mem[0xf7fe54e3] = '\x02'
cpu.EIP = 0xf7fe54e1
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0x225c
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe54e1], '\xc1')
self.assertEqual(mem[0xf7fe54e2], '\xf8')
self.assertEqual(mem[0xf7fe54e3], '\x02')
self.assertEqual(cpu.EIP, 4160640228)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 2199)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
def test_SAR_4(self):
''' Instruction SAR_4
Groups:
0xf7fe54e1: sar eax, 2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e1] = '\xc1'
mem[0xf7fe54e2] = '\xf8'
mem[0xf7fe54e3] = '\x02'
cpu.EIP = 0xf7fe54e1
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0x122c
cpu.PF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe54e1], '\xc1')
self.assertEqual(mem[0xf7fe54e2], '\xf8')
self.assertEqual(mem[0xf7fe54e3], '\x02')
self.assertEqual(cpu.EIP, 4160640228)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 1163)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_SAR_5(self):
''' Instruction SAR_5
Groups:
0xf7fe54e1: sar eax, 2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e1] = '\xc1'
mem[0xf7fe54e2] = '\xf8'
mem[0xf7fe54e3] = '\x02'
cpu.EIP = 0xf7fe54e1
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0x68
cpu.PF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe54e1], '\xc1')
self.assertEqual(mem[0xf7fe54e2], '\xf8')
self.assertEqual(mem[0xf7fe54e3], '\x02')
self.assertEqual(cpu.EIP, 4160640228)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 26)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
def test_SAR_6(self):
''' Instruction SAR_6
Groups:
0x804d5fe: sar dword ptr [ebp], -1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x0804d600] = '\x00'
mem[0x0804d601] = '\xff'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0x0804d5fe] = '\xc1'
mem[0x0804d5ff] = '}'
cpu.EIP = 0x804d5fe
cpu.OF = False
cpu.ZF = True
cpu.CF = False
cpu.EBP = 0xffffb600
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x804d600], '\x00')
self.assertEqual(mem[0x804d601], '\xff')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0x804d5fe], '\xc1')
self.assertEqual(mem[0x804d5ff], '}')
self.assertEqual(cpu.EIP, 134534658)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.SF, False)
def test_SAR_7(self):
''' Instruction SAR_7
Groups:
0xf7fe54e1: sar eax, 2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e1] = '\xc1'
mem[0xf7fe54e2] = '\xf8'
mem[0xf7fe54e3] = '\x02'
cpu.EIP = 0xf7fe54e1
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0x3c
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe54e1], '\xc1')
self.assertEqual(mem[0xf7fe54e2], '\xf8')
self.assertEqual(mem[0xf7fe54e3], '\x02')
self.assertEqual(cpu.EIP, 4160640228)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 15)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_SAR_8(self):
''' Instruction SAR_8
Groups:
0x804d5d4: sar cl, 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x0804d5d4] = '\xc0'
mem[0x0804d5d5] = '\xf9'
mem[0x0804d5d6] = '\x04'
cpu.EIP = 0x804d5d4
cpu.CL = 0x0
cpu.OF = False
cpu.ZF = True
cpu.CF = False
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x804d5d4], '\xc0')
self.assertEqual(mem[0x804d5d5], '\xf9')
self.assertEqual(mem[0x804d5d6], '\x04')
self.assertEqual(cpu.EIP, 134534615)
self.assertEqual(cpu.CL, 0)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_SAR_9(self):
''' Instruction SAR_9
Groups:
0xf7fe54e1: sar eax, 2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e1] = '\xc1'
mem[0xf7fe54e2] = '\xf8'
mem[0xf7fe54e3] = '\x02'
cpu.EIP = 0xf7fe54e1
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0x13d8
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe54e1], '\xc1')
self.assertEqual(mem[0xf7fe54e2], '\xf8')
self.assertEqual(mem[0xf7fe54e3], '\x02')
self.assertEqual(cpu.EIP, 4160640228)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 1270)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_SCASB_1(self):
''' Instruction SCASB_1
Groups:
0x8079346: scasb al, byte ptr es:[edi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0x0807f000, 0x1000, 'rwx')
mem[0x0807f049] = '\xd1'
mem[0x08079346] = '\xae'
cpu.SF = True
cpu.EIP = 0x8079346
cpu.PF = False
cpu.AF = False
cpu.DF = False
cpu.OF = False
cpu.ZF = False
cpu.EDI = 0x807f049
cpu.AL = 0x37
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0x807f049], '\xd1')
self.assertEqual(mem[0x8079346], '\xae')
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.EIP, 134714183)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.EDI, 134737994)
self.assertEqual(cpu.AL, 55)
self.assertEqual(cpu.CF, True)
def test_SCASD_1(self):
''' Instruction SCASD_1
Groups:
0x8079349: scasd eax, dword ptr es:[edi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0x0807f000, 0x1000, 'rwx')
mem[0x08079349] = '\xaf'
mem[0x0807f04c] = '\xed'
mem[0x0807f04d] = '\xd1'
mem[0x0807f04e] = '\x1e'
mem[0x0807f04f] = '\xed'
cpu.EIP = 0x8079349
cpu.EAX = 0x137
cpu.PF = False
cpu.AF = True
cpu.DF = False
cpu.OF = False
cpu.ZF = False
cpu.EDI = 0x807f04c
cpu.CF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x8079349], '\xaf')
self.assertEqual(mem[0x807f04c], '\xed')
self.assertEqual(mem[0x807f04d], '\xd1')
self.assertEqual(mem[0x807f04e], '\x1e')
self.assertEqual(mem[0x807f04f], '\xed')
self.assertEqual(cpu.EIP, 134714186)
self.assertEqual(cpu.EAX, 311)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.EDI, 134738000)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.SF, False)
def test_SCASW_1(self):
''' Instruction SCASW_1
Groups:
0x8079347: scasw ax, word ptr es:[edi]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0x0807f000, 0x1000, 'rwx')
mem[0x08079348] = '\xaf'
mem[0x0807f04a] = '\x1e'
mem[0x0807f04b] = '\xed'
mem[0x08079347] = 'f'
cpu.EIP = 0x8079347
cpu.AX = 0x137
cpu.PF = True
cpu.AF = False
cpu.DF = False
cpu.OF = False
cpu.ZF = False
cpu.EDI = 0x807f04a
cpu.CF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x8079348], '\xaf')
self.assertEqual(mem[0x807f04a], '\x1e')
self.assertEqual(mem[0x807f04b], '\xed')
self.assertEqual(mem[0x8079347], 'f')
self.assertEqual(cpu.EIP, 134714185)
self.assertEqual(cpu.AX, 311)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.EDI, 134737996)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.SF, False)
def test_SETAE_1(self):
''' Instruction SETAE_1
Groups:
0x8079477: setae cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079478] = '\x93'
mem[0x08079479] = '\xc1'
mem[0x08079477] = '\x0f'
cpu.EIP = 0x8079477
cpu.CF = False
cpu.CL = 0x85
cpu.execute()
self.assertEqual(mem[0x8079478], '\x93')
self.assertEqual(mem[0x8079479], '\xc1')
self.assertEqual(mem[0x8079477], '\x0f')
self.assertEqual(cpu.EIP, 134714490)
self.assertEqual(cpu.CL, 1)
def test_SETAE_2(self):
''' Instruction SETAE_2
Groups:
0x80701a7: setae cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x080701a8] = '\x93'
mem[0x080701a9] = '\xc1'
mem[0x080701a7] = '\x0f'
cpu.EIP = 0x80701a7
cpu.CF = False
cpu.CL = 0x0
cpu.execute()
self.assertEqual(mem[0x80701a8], '\x93')
self.assertEqual(mem[0x80701a9], '\xc1')
self.assertEqual(mem[0x80701a7], '\x0f')
self.assertEqual(cpu.EIP, 134676906)
self.assertEqual(cpu.CL, 1)
def test_SETAE_3(self):
''' Instruction SETAE_3
Groups:
0x807947a: setae byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0x0807947a] = '\x0f'
mem[0x0807947b] = '\x93'
mem[0x0807947c] = 'E'
mem[0x0807947d] = '\x00'
cpu.EIP = 0x807947a
cpu.EBP = 0xffffb600
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x01')
self.assertEqual(mem[0x807947a], '\x0f')
self.assertEqual(mem[0x807947b], '\x93')
self.assertEqual(mem[0x807947c], 'E')
self.assertEqual(mem[0x807947d], '\x00')
self.assertEqual(cpu.EIP, 134714494)
self.assertEqual(cpu.EBP, 4294948352)
def test_SETAE_4(self):
''' Instruction SETAE_4
Groups:
0x80794a6: setae cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x080794a8] = '\xc1'
mem[0x080794a6] = '\x0f'
mem[0x080794a7] = '\x93'
cpu.EIP = 0x80794a6
cpu.CF = False
cpu.CL = 0x0
cpu.execute()
self.assertEqual(mem[0x80794a8], '\xc1')
self.assertEqual(mem[0x80794a6], '\x0f')
self.assertEqual(mem[0x80794a7], '\x93')
self.assertEqual(cpu.EIP, 134714537)
self.assertEqual(cpu.CL, 1)
def test_SETAE_5(self):
''' Instruction SETAE_5
Groups:
0x80701aa: setae byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0x080701aa] = '\x0f'
mem[0x080701ab] = '\x93'
mem[0x080701ac] = 'E'
mem[0x080701ad] = '\x00'
cpu.EIP = 0x80701aa
cpu.EBP = 0xffffb600
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x01')
self.assertEqual(mem[0x80701aa], '\x0f')
self.assertEqual(mem[0x80701ab], '\x93')
self.assertEqual(mem[0x80701ac], 'E')
self.assertEqual(mem[0x80701ad], '\x00')
self.assertEqual(cpu.EIP, 134676910)
self.assertEqual(cpu.EBP, 4294948352)
def test_SETAE_6(self):
''' Instruction SETAE_6
Groups:
0x80794a9: setae byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0x080794a9] = '\x0f'
mem[0x080794aa] = '\x93'
mem[0x080794ab] = 'E'
mem[0x080794ac] = '\x00'
cpu.EIP = 0x80794a9
cpu.EBP = 0xffffb600
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x01')
self.assertEqual(mem[0x80794a9], '\x0f')
self.assertEqual(mem[0x80794aa], '\x93')
self.assertEqual(mem[0x80794ab], 'E')
self.assertEqual(mem[0x80794ac], '\x00')
self.assertEqual(cpu.EIP, 134714541)
self.assertEqual(cpu.EBP, 4294948352)
def test_SETA_1(self):
''' Instruction SETA_1
Groups:
0x8079342: seta byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '7'
mem[0x08079342] = '\x0f'
mem[0x08079343] = '\x97'
mem[0x08079344] = 'E'
mem[0x08079345] = '\x00'
cpu.EIP = 0x8079342
cpu.ZF = False
cpu.EBP = 0xffffb600
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x01')
self.assertEqual(mem[0x8079342], '\x0f')
self.assertEqual(mem[0x8079343], '\x97')
self.assertEqual(mem[0x8079344], 'E')
self.assertEqual(mem[0x8079345], '\x00')
self.assertEqual(cpu.EIP, 134714182)
self.assertEqual(cpu.EBP, 4294948352)
def test_SETA_2(self):
''' Instruction SETA_2
Groups:
0x8065f9b: seta cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem[0x08065f9b] = '\x0f'
mem[0x08065f9c] = '\x97'
mem[0x08065f9d] = '\xc1'
cpu.EIP = 0x8065f9b
cpu.ZF = False
cpu.CF = False
cpu.CL = 0x1
cpu.execute()
self.assertEqual(mem[0x8065f9b], '\x0f')
self.assertEqual(mem[0x8065f9c], '\x97')
self.assertEqual(mem[0x8065f9d], '\xc1')
self.assertEqual(cpu.EIP, 134635422)
self.assertEqual(cpu.CL, 1)
def test_SETA_3(self):
''' Instruction SETA_3
Groups:
0x8065f9e: seta byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x08065fa0] = 'E'
mem[0x08065fa1] = '\x00'
mem[0x08065f9e] = '\x0f'
mem[0xffffb600] = '\x01'
mem[0x08065f9f] = '\x97'
cpu.EIP = 0x8065f9e
cpu.ZF = False
cpu.EBP = 0xffffb600
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0x8065fa0], 'E')
self.assertEqual(mem[0x8065fa1], '\x00')
self.assertEqual(mem[0xffffb600], '\x01')
self.assertEqual(mem[0x8065f9e], '\x0f')
self.assertEqual(mem[0x8065f9f], '\x97')
self.assertEqual(cpu.EIP, 134635426)
self.assertEqual(cpu.EBP, 4294948352)
def test_SETA_4(self):
''' Instruction SETA_4
Groups:
0x807933f: seta cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079340] = '\x97'
mem[0x08079341] = '\xc1'
mem[0x0807933f] = '\x0f'
cpu.EIP = 0x807933f
cpu.ZF = False
cpu.CF = False
cpu.CL = 0x1f
cpu.execute()
self.assertEqual(mem[0x8079340], '\x97')
self.assertEqual(mem[0x8079341], '\xc1')
self.assertEqual(mem[0x807933f], '\x0f')
self.assertEqual(cpu.EIP, 134714178)
self.assertEqual(cpu.CL, 1)
def test_SETBE_1(self):
''' Instruction SETBE_1
Groups:
0xf7fe7263: setbe cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = False
cpu.CF = False
cpu.CL = 0x14
cpu.execute()
self.assertEqual(mem[0xf7fe7263], '\x0f')
self.assertEqual(mem[0xf7fe7264], '\x96')
self.assertEqual(mem[0xf7fe7265], '\xc1')
self.assertEqual(cpu.EIP, 4160647782)
self.assertEqual(cpu.CL, 0)
def test_SETBE_10(self):
''' Instruction SETBE_10
Groups:
0xf7fe7263: setbe cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = False
cpu.CF = False
cpu.CL = 0xf4
cpu.execute()
self.assertEqual(mem[0xf7fe7263], '\x0f')
self.assertEqual(mem[0xf7fe7264], '\x96')
self.assertEqual(mem[0xf7fe7265], '\xc1')
self.assertEqual(cpu.EIP, 4160647782)
self.assertEqual(cpu.CL, 0)
def test_SETBE_11(self):
''' Instruction SETBE_11
Groups:
0xf7fe7263: setbe cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = False
cpu.CF = False
cpu.CL = 0xa4
cpu.execute()
self.assertEqual(mem[0xf7fe7263], '\x0f')
self.assertEqual(mem[0xf7fe7264], '\x96')
self.assertEqual(mem[0xf7fe7265], '\xc1')
self.assertEqual(cpu.EIP, 4160647782)
self.assertEqual(cpu.CL, 0)
def test_SETBE_12(self):
''' Instruction SETBE_12
Groups:
0xf7fe7263: setbe cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = False
cpu.CF = False
cpu.CL = 0x74
cpu.execute()
self.assertEqual(mem[0xf7fe7263], '\x0f')
self.assertEqual(mem[0xf7fe7264], '\x96')
self.assertEqual(mem[0xf7fe7265], '\xc1')
self.assertEqual(cpu.EIP, 4160647782)
self.assertEqual(cpu.CL, 0)
def test_SETBE_13(self):
''' Instruction SETBE_13
Groups:
0xf7fe7263: setbe cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = False
cpu.CF = False
cpu.CL = 0xa4
cpu.execute()
self.assertEqual(mem[0xf7fe7263], '\x0f')
self.assertEqual(mem[0xf7fe7264], '\x96')
self.assertEqual(mem[0xf7fe7265], '\xc1')
self.assertEqual(cpu.EIP, 4160647782)
self.assertEqual(cpu.CL, 0)
def test_SETBE_14(self):
''' Instruction SETBE_14
Groups:
0x80701b8: setbe byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x080701b8] = '\x0f'
mem[0x080701b9] = '\x96'
mem[0x080701ba] = 'E'
mem[0x080701bb] = '\x00'
mem[0xffffb600] = '\x00'
cpu.EIP = 0x80701b8
cpu.ZF = True
cpu.EBP = 0xffffb600
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0x80701b8], '\x0f')
self.assertEqual(mem[0x80701b9], '\x96')
self.assertEqual(mem[0x80701ba], 'E')
self.assertEqual(mem[0x80701bb], '\x00')
self.assertEqual(mem[0xffffb600], '\x01')
self.assertEqual(cpu.EIP, 134676924)
self.assertEqual(cpu.EBP, 4294948352)
def test_SETBE_15(self):
''' Instruction SETBE_15
Groups:
0xf7fe7263: setbe cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = False
cpu.CF = False
cpu.CL = 0x94
cpu.execute()
self.assertEqual(mem[0xf7fe7263], '\x0f')
self.assertEqual(mem[0xf7fe7264], '\x96')
self.assertEqual(mem[0xf7fe7265], '\xc1')
self.assertEqual(cpu.EIP, 4160647782)
self.assertEqual(cpu.CL, 0)
def test_SETBE_16(self):
''' Instruction SETBE_16
Groups:
0xf7fe7263: setbe cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = False
cpu.CF = False
cpu.CL = 0x44
cpu.execute()
self.assertEqual(mem[0xf7fe7263], '\x0f')
self.assertEqual(mem[0xf7fe7264], '\x96')
self.assertEqual(mem[0xf7fe7265], '\xc1')
self.assertEqual(cpu.EIP, 4160647782)
self.assertEqual(cpu.CL, 0)
def test_SETBE_17(self):
''' Instruction SETBE_17
Groups:
0xf7fe7263: setbe cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = False
cpu.CF = False
cpu.CL = 0x74
cpu.execute()
self.assertEqual(mem[0xf7fe7263], '\x0f')
self.assertEqual(mem[0xf7fe7264], '\x96')
self.assertEqual(mem[0xf7fe7265], '\xc1')
self.assertEqual(cpu.EIP, 4160647782)
self.assertEqual(cpu.CL, 0)
def test_SETBE_18(self):
''' Instruction SETBE_18
Groups:
0xf7fe7263: setbe cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = False
cpu.CF = False
cpu.CL = 0x64
cpu.execute()
self.assertEqual(mem[0xf7fe7263], '\x0f')
self.assertEqual(mem[0xf7fe7264], '\x96')
self.assertEqual(mem[0xf7fe7265], '\xc1')
self.assertEqual(cpu.EIP, 4160647782)
self.assertEqual(cpu.CL, 0)
def test_SETBE_19(self):
''' Instruction SETBE_19
Groups:
0xf7fe7263: setbe cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = False
cpu.CF = False
cpu.CL = 0xa4
cpu.execute()
self.assertEqual(mem[0xf7fe7263], '\x0f')
self.assertEqual(mem[0xf7fe7264], '\x96')
self.assertEqual(mem[0xf7fe7265], '\xc1')
self.assertEqual(cpu.EIP, 4160647782)
self.assertEqual(cpu.CL, 0)
def test_SETBE_2(self):
''' Instruction SETBE_2
Groups:
0xf7fe7263: setbe cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = False
cpu.CF = False
cpu.CL = 0x34
cpu.execute()
self.assertEqual(mem[0xf7fe7263], '\x0f')
self.assertEqual(mem[0xf7fe7264], '\x96')
self.assertEqual(mem[0xf7fe7265], '\xc1')
self.assertEqual(cpu.EIP, 4160647782)
self.assertEqual(cpu.CL, 0)
def test_SETBE_20(self):
''' Instruction SETBE_20
Groups:
0xf7fe7263: setbe cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = False
cpu.CF = False
cpu.CL = 0x34
cpu.execute()
self.assertEqual(mem[0xf7fe7263], '\x0f')
self.assertEqual(mem[0xf7fe7264], '\x96')
self.assertEqual(mem[0xf7fe7265], '\xc1')
self.assertEqual(cpu.EIP, 4160647782)
self.assertEqual(cpu.CL, 0)
def test_SETBE_21(self):
''' Instruction SETBE_21
Groups:
0xf7fe7263: setbe cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = False
cpu.CF = False
cpu.CL = 0x54
cpu.execute()
self.assertEqual(mem[0xf7fe7263], '\x0f')
self.assertEqual(mem[0xf7fe7264], '\x96')
self.assertEqual(mem[0xf7fe7265], '\xc1')
self.assertEqual(cpu.EIP, 4160647782)
self.assertEqual(cpu.CL, 0)
def test_SETBE_3(self):
''' Instruction SETBE_3
Groups:
0xf7fe7f30: setbe cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7f30] = '\x0f'
mem[0xf7fe7f31] = '\x96'
mem[0xf7fe7f32] = '\xc1'
cpu.EIP = 0xf7fe7f30
cpu.ZF = False
cpu.CF = False
cpu.CL = 0x64
cpu.execute()
self.assertEqual(mem[0xf7fe7f30], '\x0f')
self.assertEqual(mem[0xf7fe7f31], '\x96')
self.assertEqual(mem[0xf7fe7f32], '\xc1')
self.assertEqual(cpu.EIP, 4160651059)
self.assertEqual(cpu.CL, 0)
def test_SETBE_4(self):
''' Instruction SETBE_4
Groups:
0xf7fe7263: setbe cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = False
cpu.CF = False
cpu.CL = 0x64
cpu.execute()
self.assertEqual(mem[0xf7fe7263], '\x0f')
self.assertEqual(mem[0xf7fe7264], '\x96')
self.assertEqual(mem[0xf7fe7265], '\xc1')
self.assertEqual(cpu.EIP, 4160647782)
self.assertEqual(cpu.CL, 0)
def test_SETBE_5(self):
''' Instruction SETBE_5
Groups:
0xf7fe7263: setbe cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = False
cpu.CF = False
cpu.CL = 0x44
cpu.execute()
self.assertEqual(mem[0xf7fe7263], '\x0f')
self.assertEqual(mem[0xf7fe7264], '\x96')
self.assertEqual(mem[0xf7fe7265], '\xc1')
self.assertEqual(cpu.EIP, 4160647782)
self.assertEqual(cpu.CL, 0)
def test_SETBE_6(self):
''' Instruction SETBE_6
Groups:
0xf7fe7263: setbe cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = False
cpu.CF = False
cpu.CL = 0x84
cpu.execute()
self.assertEqual(mem[0xf7fe7263], '\x0f')
self.assertEqual(mem[0xf7fe7264], '\x96')
self.assertEqual(mem[0xf7fe7265], '\xc1')
self.assertEqual(cpu.EIP, 4160647782)
self.assertEqual(cpu.CL, 0)
def test_SETBE_7(self):
''' Instruction SETBE_7
Groups:
0xf7fe7263: setbe cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = False
cpu.CF = False
cpu.CL = 0x14
cpu.execute()
self.assertEqual(mem[0xf7fe7263], '\x0f')
self.assertEqual(mem[0xf7fe7264], '\x96')
self.assertEqual(mem[0xf7fe7265], '\xc1')
self.assertEqual(cpu.EIP, 4160647782)
self.assertEqual(cpu.CL, 0)
def test_SETBE_8(self):
''' Instruction SETBE_8
Groups:
0xf7fe7263: setbe cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = False
cpu.CF = False
cpu.CL = 0x4c
cpu.execute()
self.assertEqual(mem[0xf7fe7263], '\x0f')
self.assertEqual(mem[0xf7fe7264], '\x96')
self.assertEqual(mem[0xf7fe7265], '\xc1')
self.assertEqual(cpu.EIP, 4160647782)
self.assertEqual(cpu.CL, 0)
def test_SETBE_9(self):
''' Instruction SETBE_9
Groups:
0xf7fe7263: setbe cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = False
cpu.CF = False
cpu.CL = 0xc4
cpu.execute()
self.assertEqual(mem[0xf7fe7263], '\x0f')
self.assertEqual(mem[0xf7fe7264], '\x96')
self.assertEqual(mem[0xf7fe7265], '\xc1')
self.assertEqual(cpu.EIP, 4160647782)
self.assertEqual(cpu.CL, 0)
def test_SETB_1(self):
''' Instruction SETB_1
Groups:
0x80701ae: setb cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x080701b0] = '\xc1'
mem[0x080701ae] = '\x0f'
mem[0x080701af] = '\x92'
cpu.EIP = 0x80701ae
cpu.CF = False
cpu.CL = 0x1
cpu.execute()
self.assertEqual(mem[0x80701b0], '\xc1')
self.assertEqual(mem[0x80701ae], '\x0f')
self.assertEqual(mem[0x80701af], '\x92')
self.assertEqual(cpu.EIP, 134676913)
self.assertEqual(cpu.CL, 0)
def test_SETB_2(self):
''' Instruction SETB_2
Groups:
0x8065fa9: setb cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem[0x08065fa9] = '\x0f'
mem[0x08065faa] = '\x92'
mem[0x08065fab] = '\xc1'
cpu.EIP = 0x8065fa9
cpu.CF = False
cpu.CL = 0x0
cpu.execute()
self.assertEqual(mem[0x8065fa9], '\x0f')
self.assertEqual(mem[0x8065faa], '\x92')
self.assertEqual(mem[0x8065fab], '\xc1')
self.assertEqual(cpu.EIP, 134635436)
self.assertEqual(cpu.CL, 0)
def test_SETB_3(self):
''' Instruction SETB_3
Groups:
0x8065fac: setb byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0x08065fac] = '\x0f'
mem[0x08065fad] = '\x92'
mem[0x08065fae] = 'E'
mem[0x08065faf] = '\x00'
cpu.EIP = 0x8065fac
cpu.EBP = 0xffffb600
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0x8065fac], '\x0f')
self.assertEqual(mem[0x8065fad], '\x92')
self.assertEqual(mem[0x8065fae], 'E')
self.assertEqual(mem[0x8065faf], '\x00')
self.assertEqual(cpu.EIP, 134635440)
self.assertEqual(cpu.EBP, 4294948352)
def test_SETB_4(self):
''' Instruction SETB_4
Groups:
0x8065fa2: setb cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem[0x08065fa2] = '\x0f'
mem[0x08065fa3] = '\x92'
mem[0x08065fa4] = '\xc1'
cpu.EIP = 0x8065fa2
cpu.CF = False
cpu.CL = 0x1
cpu.execute()
self.assertEqual(mem[0x8065fa2], '\x0f')
self.assertEqual(mem[0x8065fa3], '\x92')
self.assertEqual(mem[0x8065fa4], '\xc1')
self.assertEqual(cpu.EIP, 134635429)
self.assertEqual(cpu.CL, 0)
def test_SETB_5(self):
''' Instruction SETB_5
Groups:
0x8065fa5: setb byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x08065fa8] = '\x00'
mem[0xffffb600] = '\x01'
mem[0x08065fa5] = '\x0f'
mem[0x08065fa6] = '\x92'
mem[0x08065fa7] = 'E'
cpu.EIP = 0x8065fa5
cpu.EBP = 0xffffb600
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0x8065fa8], '\x00')
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0x8065fa5], '\x0f')
self.assertEqual(mem[0x8065fa6], '\x92')
self.assertEqual(mem[0x8065fa7], 'E')
self.assertEqual(cpu.EIP, 134635433)
self.assertEqual(cpu.EBP, 4294948352)
def test_SETB_6(self):
''' Instruction SETB_6
Groups:
0x80701b1: setb byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x01'
mem[0x080701b1] = '\x0f'
mem[0x080701b2] = '\x92'
mem[0x080701b3] = 'E'
mem[0x080701b4] = '\x00'
cpu.EIP = 0x80701b1
cpu.EBP = 0xffffb600
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0x80701b1], '\x0f')
self.assertEqual(mem[0x80701b2], '\x92')
self.assertEqual(mem[0x80701b3], 'E')
self.assertEqual(mem[0x80701b4], '\x00')
self.assertEqual(cpu.EIP, 134676917)
self.assertEqual(cpu.EBP, 4294948352)
def test_SETE_1(self):
''' Instruction SETE_1
Groups:
0xf7fe727a: sete cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe727a] = '\x0f'
mem[0xf7fe727b] = '\x94'
mem[0xf7fe727c] = '\xc1'
cpu.EIP = 0xf7fe727a
cpu.ZF = False
cpu.CL = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe727a], '\x0f')
self.assertEqual(mem[0xf7fe727b], '\x94')
self.assertEqual(mem[0xf7fe727c], '\xc1')
self.assertEqual(cpu.EIP, 4160647805)
self.assertEqual(cpu.CL, 0)
def test_SETE_10(self):
''' Instruction SETE_10
Groups:
0xf7fe7269: sete al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7269] = '\x0f'
mem[0xf7fe726a] = '\x94'
mem[0xf7fe726b] = '\xc0'
cpu.EIP = 0xf7fe7269
cpu.ZF = False
cpu.AL = 0xe3
cpu.execute()
self.assertEqual(mem[0xf7fe7269], '\x0f')
self.assertEqual(mem[0xf7fe726a], '\x94')
self.assertEqual(mem[0xf7fe726b], '\xc0')
self.assertEqual(cpu.EIP, 4160647788)
self.assertEqual(cpu.AL, 0)
def test_SETE_11(self):
''' Instruction SETE_11
Groups:
0xf7fe727a: sete cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe727a] = '\x0f'
mem[0xf7fe727b] = '\x94'
mem[0xf7fe727c] = '\xc1'
cpu.EIP = 0xf7fe727a
cpu.ZF = False
cpu.CL = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe727a], '\x0f')
self.assertEqual(mem[0xf7fe727b], '\x94')
self.assertEqual(mem[0xf7fe727c], '\xc1')
self.assertEqual(cpu.EIP, 4160647805)
self.assertEqual(cpu.CL, 0)
def test_SETE_12(self):
''' Instruction SETE_12
Groups:
0xf7fe7269: sete al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7269] = '\x0f'
mem[0xf7fe726a] = '\x94'
mem[0xf7fe726b] = '\xc0'
cpu.EIP = 0xf7fe7269
cpu.ZF = False
cpu.AL = 0xe3
cpu.execute()
self.assertEqual(mem[0xf7fe7269], '\x0f')
self.assertEqual(mem[0xf7fe726a], '\x94')
self.assertEqual(mem[0xf7fe726b], '\xc0')
self.assertEqual(cpu.EIP, 4160647788)
self.assertEqual(cpu.AL, 0)
def test_SETE_13(self):
''' Instruction SETE_13
Groups:
0xf7fe7290: sete al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7290] = '\x0f'
mem[0xf7fe7291] = '\x94'
mem[0xf7fe7292] = '\xc0'
cpu.EIP = 0xf7fe7290
cpu.ZF = False
cpu.AL = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe7290], '\x0f')
self.assertEqual(mem[0xf7fe7291], '\x94')
self.assertEqual(mem[0xf7fe7292], '\xc0')
self.assertEqual(cpu.EIP, 4160647827)
self.assertEqual(cpu.AL, 0)
def test_SETE_14(self):
''' Instruction SETE_14
Groups:
0xf7fe7269: sete al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7269] = '\x0f'
mem[0xf7fe726a] = '\x94'
mem[0xf7fe726b] = '\xc0'
cpu.EIP = 0xf7fe7269
cpu.ZF = False
cpu.AL = 0xe3
cpu.execute()
self.assertEqual(mem[0xf7fe7269], '\x0f')
self.assertEqual(mem[0xf7fe726a], '\x94')
self.assertEqual(mem[0xf7fe726b], '\xc0')
self.assertEqual(cpu.EIP, 4160647788)
self.assertEqual(cpu.AL, 0)
def test_SETE_15(self):
''' Instruction SETE_15
Groups:
0xf7fe7280: sete al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7280] = '\x0f'
mem[0xf7fe7281] = '\x94'
mem[0xf7fe7282] = '\xc0'
cpu.EIP = 0xf7fe7280
cpu.ZF = False
cpu.AL = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe7280], '\x0f')
self.assertEqual(mem[0xf7fe7281], '\x94')
self.assertEqual(mem[0xf7fe7282], '\xc0')
self.assertEqual(cpu.EIP, 4160647811)
self.assertEqual(cpu.AL, 0)
def test_SETE_16(self):
''' Instruction SETE_16
Groups:
0xf7fe4caf: sete al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cb0] = '\x94'
mem[0xf7fe4cb1] = '\xc0'
mem[0xf7fe4caf] = '\x0f'
cpu.EIP = 0xf7fe4caf
cpu.ZF = False
cpu.AL = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe4cb0], '\x94')
self.assertEqual(mem[0xf7fe4cb1], '\xc0')
self.assertEqual(mem[0xf7fe4caf], '\x0f')
self.assertEqual(cpu.EIP, 4160638130)
self.assertEqual(cpu.AL, 0)
def test_SETE_17(self):
''' Instruction SETE_17
Groups:
0xf7fe7290: sete al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7290] = '\x0f'
mem[0xf7fe7291] = '\x94'
mem[0xf7fe7292] = '\xc0'
cpu.EIP = 0xf7fe7290
cpu.ZF = False
cpu.AL = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe7290], '\x0f')
self.assertEqual(mem[0xf7fe7291], '\x94')
self.assertEqual(mem[0xf7fe7292], '\xc0')
self.assertEqual(cpu.EIP, 4160647827)
self.assertEqual(cpu.AL, 0)
def test_SETE_18(self):
''' Instruction SETE_18
Groups:
0xf7fe7290: sete al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7290] = '\x0f'
mem[0xf7fe7291] = '\x94'
mem[0xf7fe7292] = '\xc0'
cpu.EIP = 0xf7fe7290
cpu.ZF = False
cpu.AL = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe7290], '\x0f')
self.assertEqual(mem[0xf7fe7291], '\x94')
self.assertEqual(mem[0xf7fe7292], '\xc0')
self.assertEqual(cpu.EIP, 4160647827)
self.assertEqual(cpu.AL, 0)
def test_SETE_19(self):
''' Instruction SETE_19
Groups:
0xf7fe4caf: sete al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cb0] = '\x94'
mem[0xf7fe4cb1] = '\xc0'
mem[0xf7fe4caf] = '\x0f'
cpu.EIP = 0xf7fe4caf
cpu.ZF = False
cpu.AL = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe4cb0], '\x94')
self.assertEqual(mem[0xf7fe4cb1], '\xc0')
self.assertEqual(mem[0xf7fe4caf], '\x0f')
self.assertEqual(cpu.EIP, 4160638130)
self.assertEqual(cpu.AL, 0)
def test_SETE_2(self):
''' Instruction SETE_2
Groups:
0xf7fe7280: sete al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7280] = '\x0f'
mem[0xf7fe7281] = '\x94'
mem[0xf7fe7282] = '\xc0'
cpu.EIP = 0xf7fe7280
cpu.ZF = False
cpu.AL = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe7280], '\x0f')
self.assertEqual(mem[0xf7fe7281], '\x94')
self.assertEqual(mem[0xf7fe7282], '\xc0')
self.assertEqual(cpu.EIP, 4160647811)
self.assertEqual(cpu.AL, 0)
def test_SETE_20(self):
''' Instruction SETE_20
Groups:
0xf7fe7269: sete al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7269] = '\x0f'
mem[0xf7fe726a] = '\x94'
mem[0xf7fe726b] = '\xc0'
cpu.EIP = 0xf7fe7269
cpu.ZF = False
cpu.AL = 0xe3
cpu.execute()
self.assertEqual(mem[0xf7fe7269], '\x0f')
self.assertEqual(mem[0xf7fe726a], '\x94')
self.assertEqual(mem[0xf7fe726b], '\xc0')
self.assertEqual(cpu.EIP, 4160647788)
self.assertEqual(cpu.AL, 0)
def test_SETE_21(self):
''' Instruction SETE_21
Groups:
0xf7fe7290: sete al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7290] = '\x0f'
mem[0xf7fe7291] = '\x94'
mem[0xf7fe7292] = '\xc0'
cpu.EIP = 0xf7fe7290
cpu.ZF = False
cpu.AL = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe7290], '\x0f')
self.assertEqual(mem[0xf7fe7291], '\x94')
self.assertEqual(mem[0xf7fe7292], '\xc0')
self.assertEqual(cpu.EIP, 4160647827)
self.assertEqual(cpu.AL, 0)
def test_SETE_3(self):
''' Instruction SETE_3
Groups:
0xf7fe7269: sete al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7269] = '\x0f'
mem[0xf7fe726a] = '\x94'
mem[0xf7fe726b] = '\xc0'
cpu.EIP = 0xf7fe7269
cpu.ZF = False
cpu.AL = 0xe3
cpu.execute()
self.assertEqual(mem[0xf7fe7269], '\x0f')
self.assertEqual(mem[0xf7fe726a], '\x94')
self.assertEqual(mem[0xf7fe726b], '\xc0')
self.assertEqual(cpu.EIP, 4160647788)
self.assertEqual(cpu.AL, 0)
def test_SETE_4(self):
''' Instruction SETE_4
Groups:
0xf7fe4caf: sete al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cb0] = '\x94'
mem[0xf7fe4cb1] = '\xc0'
mem[0xf7fe4caf] = '\x0f'
cpu.EIP = 0xf7fe4caf
cpu.ZF = False
cpu.AL = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe4cb0], '\x94')
self.assertEqual(mem[0xf7fe4cb1], '\xc0')
self.assertEqual(mem[0xf7fe4caf], '\x0f')
self.assertEqual(cpu.EIP, 4160638130)
self.assertEqual(cpu.AL, 0)
def test_SETE_5(self):
''' Instruction SETE_5
Groups:
0xf7fe7280: sete al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7280] = '\x0f'
mem[0xf7fe7281] = '\x94'
mem[0xf7fe7282] = '\xc0'
cpu.EIP = 0xf7fe7280
cpu.ZF = False
cpu.AL = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe7280], '\x0f')
self.assertEqual(mem[0xf7fe7281], '\x94')
self.assertEqual(mem[0xf7fe7282], '\xc0')
self.assertEqual(cpu.EIP, 4160647811)
self.assertEqual(cpu.AL, 0)
def test_SETE_6(self):
''' Instruction SETE_6
Groups:
0xf7fe4caf: sete al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cb0] = '\x94'
mem[0xf7fe4cb1] = '\xc0'
mem[0xf7fe4caf] = '\x0f'
cpu.EIP = 0xf7fe4caf
cpu.ZF = False
cpu.AL = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe4cb0], '\x94')
self.assertEqual(mem[0xf7fe4cb1], '\xc0')
self.assertEqual(mem[0xf7fe4caf], '\x0f')
self.assertEqual(cpu.EIP, 4160638130)
self.assertEqual(cpu.AL, 0)
def test_SETE_7(self):
''' Instruction SETE_7
Groups:
0xf7fe7269: sete al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7269] = '\x0f'
mem[0xf7fe726a] = '\x94'
mem[0xf7fe726b] = '\xc0'
cpu.EIP = 0xf7fe7269
cpu.ZF = True
cpu.AL = 0xe4
cpu.execute()
self.assertEqual(mem[0xf7fe7269], '\x0f')
self.assertEqual(mem[0xf7fe726a], '\x94')
self.assertEqual(mem[0xf7fe726b], '\xc0')
self.assertEqual(cpu.EIP, 4160647788)
self.assertEqual(cpu.AL, 1)
def test_SETE_8(self):
''' Instruction SETE_8
Groups:
0xf7fe7290: sete al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7290] = '\x0f'
mem[0xf7fe7291] = '\x94'
mem[0xf7fe7292] = '\xc0'
cpu.EIP = 0xf7fe7290
cpu.ZF = False
cpu.AL = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe7290], '\x0f')
self.assertEqual(mem[0xf7fe7291], '\x94')
self.assertEqual(mem[0xf7fe7292], '\xc0')
self.assertEqual(cpu.EIP, 4160647827)
self.assertEqual(cpu.AL, 0)
def test_SETE_9(self):
''' Instruction SETE_9
Groups:
0xf7fe7280: sete al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7280] = '\x0f'
mem[0xf7fe7281] = '\x94'
mem[0xf7fe7282] = '\xc0'
cpu.EIP = 0xf7fe7280
cpu.ZF = False
cpu.AL = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe7280], '\x0f')
self.assertEqual(mem[0xf7fe7281], '\x94')
self.assertEqual(mem[0xf7fe7282], '\xc0')
self.assertEqual(cpu.EIP, 4160647811)
self.assertEqual(cpu.AL, 0)
def test_SETGE_1(self):
''' Instruction SETGE_1
Groups:
0x805b9eb: setge byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x80'
mem[0x0805b9eb] = '\x0f'
mem[0x0805b9ec] = '\x9d'
mem[0x0805b9ed] = 'E'
mem[0x0805b9ee] = '\x00'
cpu.EIP = 0x805b9eb
cpu.EBP = 0xffffb600
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x01')
self.assertEqual(mem[0x805b9eb], '\x0f')
self.assertEqual(mem[0x805b9ec], '\x9d')
self.assertEqual(mem[0x805b9ed], 'E')
self.assertEqual(mem[0x805b9ee], '\x00')
self.assertEqual(cpu.EIP, 134593007)
self.assertEqual(cpu.EBP, 4294948352)
def test_SETGE_2(self):
''' Instruction SETGE_2
Groups:
0x805b9e8: setge cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x0805b9e8] = '\x0f'
mem[0x0805b9e9] = '\x9d'
mem[0x0805b9ea] = '\xc1'
cpu.EIP = 0x805b9e8
cpu.SF = False
cpu.OF = False
cpu.CL = 0xc8
cpu.execute()
self.assertEqual(mem[0x805b9e8], '\x0f')
self.assertEqual(mem[0x805b9e9], '\x9d')
self.assertEqual(mem[0x805b9ea], '\xc1')
self.assertEqual(cpu.EIP, 134593003)
self.assertEqual(cpu.CL, 1)
def test_SETGE_3(self):
''' Instruction SETGE_3
Groups:
0x8070198: setge cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x08070198] = '\x0f'
mem[0x08070199] = '\x9d'
mem[0x0807019a] = '\xc1'
cpu.EIP = 0x8070198
cpu.SF = False
cpu.OF = False
cpu.CL = 0x1
cpu.execute()
self.assertEqual(mem[0x8070198], '\x0f')
self.assertEqual(mem[0x8070199], '\x9d')
self.assertEqual(mem[0x807019a], '\xc1')
self.assertEqual(cpu.EIP, 134676891)
self.assertEqual(cpu.CL, 1)
def test_SETGE_4(self):
''' Instruction SETGE_4
Groups:
0x807019b: setge byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x01'
mem[0x0807019b] = '\x0f'
mem[0x0807019c] = '\x9d'
mem[0x0807019d] = 'E'
mem[0x0807019e] = '\x00'
cpu.EIP = 0x807019b
cpu.EBP = 0xffffb600
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x01')
self.assertEqual(mem[0x807019b], '\x0f')
self.assertEqual(mem[0x807019c], '\x9d')
self.assertEqual(mem[0x807019d], 'E')
self.assertEqual(mem[0x807019e], '\x00')
self.assertEqual(cpu.EIP, 134676895)
self.assertEqual(cpu.EBP, 4294948352)
def test_SETG_1(self):
''' Instruction SETG_1
Groups:
0x8065f97: setg byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x08065f98] = '\x9f'
mem[0x08065f99] = 'E'
mem[0x08065f9a] = '\x00'
mem[0xffffb600] = '\x00'
mem[0x08065f97] = '\x0f'
cpu.EIP = 0x8065f97
cpu.ZF = False
cpu.EBP = 0xffffb600
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x8065f98], '\x9f')
self.assertEqual(mem[0x8065f99], 'E')
self.assertEqual(mem[0x8065f9a], '\x00')
self.assertEqual(mem[0xffffb600], '\x01')
self.assertEqual(mem[0x8065f97], '\x0f')
self.assertEqual(cpu.EIP, 134635419)
self.assertEqual(cpu.EBP, 4294948352)
def test_SETG_2(self):
''' Instruction SETG_2
Groups:
0x8065f68: setg cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem[0x08065f68] = '\x0f'
mem[0x08065f69] = '\x9f'
mem[0x08065f6a] = '\xc1'
cpu.EIP = 0x8065f68
cpu.ZF = False
cpu.SF = True
cpu.OF = False
cpu.CL = 0x3
cpu.execute()
self.assertEqual(mem[0x8065f68], '\x0f')
self.assertEqual(mem[0x8065f69], '\x9f')
self.assertEqual(mem[0x8065f6a], '\xc1')
self.assertEqual(cpu.EIP, 134635371)
self.assertEqual(cpu.CL, 0)
def test_SETG_3(self):
''' Instruction SETG_3
Groups:
0x8065f6b: setg byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = 'G'
mem[0x08065f6b] = '\x0f'
mem[0x08065f6c] = '\x9f'
mem[0x08065f6d] = 'E'
mem[0x08065f6e] = '\x00'
cpu.EIP = 0x8065f6b
cpu.ZF = False
cpu.EBP = 0xffffb600
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0x8065f6b], '\x0f')
self.assertEqual(mem[0x8065f6c], '\x9f')
self.assertEqual(mem[0x8065f6d], 'E')
self.assertEqual(mem[0x8065f6e], '\x00')
self.assertEqual(cpu.EIP, 134635375)
self.assertEqual(cpu.EBP, 4294948352)
def test_SETG_4(self):
''' Instruction SETG_4
Groups:
0x8065f94: setg cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem[0x08065f94] = '\x0f'
mem[0x08065f95] = '\x9f'
mem[0x08065f96] = '\xc1'
cpu.EIP = 0x8065f94
cpu.ZF = False
cpu.SF = False
cpu.OF = False
cpu.CL = 0x0
cpu.execute()
self.assertEqual(mem[0x8065f94], '\x0f')
self.assertEqual(mem[0x8065f95], '\x9f')
self.assertEqual(mem[0x8065f96], '\xc1')
self.assertEqual(cpu.EIP, 134635415)
self.assertEqual(cpu.CL, 1)
def test_SETLE_1(self):
''' Instruction SETLE_1
Groups:
0x805ba5d: setle cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x0805ba5d] = '\x0f'
mem[0x0805ba5e] = '\x9e'
mem[0x0805ba5f] = '\xc1'
cpu.EIP = 0x805ba5d
cpu.ZF = True
cpu.SF = False
cpu.OF = False
cpu.CL = 0x0
cpu.execute()
self.assertEqual(mem[0x805ba5d], '\x0f')
self.assertEqual(mem[0x805ba5e], '\x9e')
self.assertEqual(mem[0x805ba5f], '\xc1')
self.assertEqual(cpu.EIP, 134593120)
self.assertEqual(cpu.CL, 1)
def test_SETLE_2(self):
''' Instruction SETLE_2
Groups:
0x805ba60: setle byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x0805ba60] = '\x0f'
mem[0x0805ba61] = '\x9e'
mem[0x0805ba62] = 'E'
mem[0x0805ba63] = '\x00'
mem[0xffffb600] = '\x00'
cpu.EIP = 0x805ba60
cpu.ZF = True
cpu.EBP = 0xffffb600
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0x805ba60], '\x0f')
self.assertEqual(mem[0x805ba61], '\x9e')
self.assertEqual(mem[0x805ba62], 'E')
self.assertEqual(mem[0x805ba63], '\x00')
self.assertEqual(mem[0xffffb600], '\x01')
self.assertEqual(cpu.EIP, 134593124)
self.assertEqual(cpu.EBP, 4294948352)
def test_SETLE_3(self):
''' Instruction SETLE_3
Groups:
0x8079369: setle byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\xff'
mem[0x08079369] = '\x0f'
mem[0x0807936a] = '\x9e'
mem[0x0807936b] = 'E'
mem[0x0807936c] = '\x00'
cpu.EIP = 0x8079369
cpu.ZF = False
cpu.EBP = 0xffffb600
cpu.SF = True
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x01')
self.assertEqual(mem[0x8079369], '\x0f')
self.assertEqual(mem[0x807936a], '\x9e')
self.assertEqual(mem[0x807936b], 'E')
self.assertEqual(mem[0x807936c], '\x00')
self.assertEqual(cpu.EIP, 134714221)
self.assertEqual(cpu.EBP, 4294948352)
def test_SETLE_4(self):
''' Instruction SETLE_4
Groups:
0x8079366: setle cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079368] = '\xc1'
mem[0x08079366] = '\x0f'
mem[0x08079367] = '\x9e'
cpu.EIP = 0x8079366
cpu.ZF = False
cpu.SF = True
cpu.OF = False
cpu.CL = 0x0
cpu.execute()
self.assertEqual(mem[0x8079368], '\xc1')
self.assertEqual(mem[0x8079366], '\x0f')
self.assertEqual(mem[0x8079367], '\x9e')
self.assertEqual(cpu.EIP, 134714217)
self.assertEqual(cpu.CL, 1)
def test_SETL_1(self):
''' Instruction SETL_1
Groups:
0x80702db: setl byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x01'
mem[0x080702db] = '\x0f'
mem[0x080702dc] = '\x9c'
mem[0x080702dd] = 'E'
mem[0x080702de] = '\x00'
cpu.EIP = 0x80702db
cpu.EBP = 0xffffb600
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0x80702db], '\x0f')
self.assertEqual(mem[0x80702dc], '\x9c')
self.assertEqual(mem[0x80702dd], 'E')
self.assertEqual(mem[0x80702de], '\x00')
self.assertEqual(cpu.EIP, 134677215)
self.assertEqual(cpu.EBP, 4294948352)
def test_SETL_2(self):
''' Instruction SETL_2
Groups:
0x8065fb0: setl cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem[0x08065fb0] = '\x0f'
mem[0x08065fb1] = '\x9c'
mem[0x08065fb2] = '\xc1'
cpu.EIP = 0x8065fb0
cpu.SF = False
cpu.OF = False
cpu.CL = 0x0
cpu.execute()
self.assertEqual(mem[0x8065fb0], '\x0f')
self.assertEqual(mem[0x8065fb1], '\x9c')
self.assertEqual(mem[0x8065fb2], '\xc1')
self.assertEqual(cpu.EIP, 134635443)
self.assertEqual(cpu.CL, 0)
def test_SETL_3(self):
''' Instruction SETL_3
Groups:
0x80702d8: setl cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x080702d8] = '\x0f'
mem[0x080702d9] = '\x9c'
mem[0x080702da] = '\xc1'
cpu.EIP = 0x80702d8
cpu.SF = False
cpu.OF = False
cpu.CL = 0x0
cpu.execute()
self.assertEqual(mem[0x80702d8], '\x0f')
self.assertEqual(mem[0x80702d9], '\x9c')
self.assertEqual(mem[0x80702da], '\xc1')
self.assertEqual(cpu.EIP, 134677211)
self.assertEqual(cpu.CL, 0)
def test_SETL_4(self):
''' Instruction SETL_4
Groups:
0x8065fb3: setl byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0x08065fb3] = '\x0f'
mem[0x08065fb4] = '\x9c'
mem[0x08065fb5] = 'E'
mem[0x08065fb6] = '\x00'
cpu.EIP = 0x8065fb3
cpu.EBP = 0xffffb600
cpu.SF = False
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0x8065fb3], '\x0f')
self.assertEqual(mem[0x8065fb4], '\x9c')
self.assertEqual(mem[0x8065fb5], 'E')
self.assertEqual(mem[0x8065fb6], '\x00')
self.assertEqual(cpu.EIP, 134635447)
self.assertEqual(cpu.EBP, 4294948352)
def test_SETNE_1(self):
''' Instruction SETNE_1
Groups:
0xf7fe9c2f: setne dl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9c30] = '\x95'
mem[0xf7fe9c31] = '\xc2'
mem[0xf7fe9c2f] = '\x0f'
cpu.EIP = 0xf7fe9c2f
cpu.ZF = True
cpu.DL = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe9c30], '\x95')
self.assertEqual(mem[0xf7fe9c31], '\xc2')
self.assertEqual(mem[0xf7fe9c2f], '\x0f')
self.assertEqual(cpu.EIP, 4160658482)
self.assertEqual(cpu.DL, 0)
def test_SETNE_10(self):
''' Instruction SETNE_10
Groups:
0xf7fe42e2: setne cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe42e2] = '\x0f'
mem[0xf7fe42e3] = '\x95'
mem[0xf7fe42e4] = '\xc1'
cpu.EIP = 0xf7fe42e2
cpu.ZF = False
cpu.CL = 0x38
cpu.execute()
self.assertEqual(mem[0xf7fe42e2], '\x0f')
self.assertEqual(mem[0xf7fe42e3], '\x95')
self.assertEqual(mem[0xf7fe42e4], '\xc1')
self.assertEqual(cpu.EIP, 4160635621)
self.assertEqual(cpu.CL, 1)
def test_SETNE_11(self):
''' Instruction SETNE_11
Groups:
0xf7ff08d1: setne dl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff08d1] = '\x0f'
mem[0xf7ff08d2] = '\x95'
mem[0xf7ff08d3] = '\xc2'
cpu.EIP = 0xf7ff08d1
cpu.ZF = False
cpu.DL = 0x0
cpu.execute()
self.assertEqual(mem[0xf7ff08d1], '\x0f')
self.assertEqual(mem[0xf7ff08d2], '\x95')
self.assertEqual(mem[0xf7ff08d3], '\xc2')
self.assertEqual(cpu.EIP, 4160686292)
self.assertEqual(cpu.DL, 1)
def test_SETNE_12(self):
''' Instruction SETNE_12
Groups:
0x80701a0: setne cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x080701a0] = '\x0f'
mem[0x080701a1] = '\x95'
mem[0x080701a2] = '\xc1'
cpu.EIP = 0x80701a0
cpu.ZF = True
cpu.CL = 0x1
cpu.execute()
self.assertEqual(mem[0x80701a0], '\x0f')
self.assertEqual(mem[0x80701a1], '\x95')
self.assertEqual(mem[0x80701a2], '\xc1')
self.assertEqual(cpu.EIP, 134676899)
self.assertEqual(cpu.CL, 0)
def test_SETNE_13(self):
''' Instruction SETNE_13
Groups:
0xf7fdf397: setne al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fdf000, 0x1000, 'rwx')
mem[0xf7fdf398] = '\x95'
mem[0xf7fdf399] = '\xc0'
mem[0xf7fdf397] = '\x0f'
cpu.EIP = 0xf7fdf397
cpu.ZF = False
cpu.AL = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fdf398], '\x95')
self.assertEqual(mem[0xf7fdf399], '\xc0')
self.assertEqual(mem[0xf7fdf397], '\x0f')
self.assertEqual(cpu.EIP, 4160615322)
self.assertEqual(cpu.AL, 1)
def test_SETNE_14(self):
''' Instruction SETNE_14
Groups:
0xf7fe9c2f: setne dl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9c30] = '\x95'
mem[0xf7fe9c31] = '\xc2'
mem[0xf7fe9c2f] = '\x0f'
cpu.EIP = 0xf7fe9c2f
cpu.ZF = True
cpu.DL = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe9c30], '\x95')
self.assertEqual(mem[0xf7fe9c31], '\xc2')
self.assertEqual(mem[0xf7fe9c2f], '\x0f')
self.assertEqual(cpu.EIP, 4160658482)
self.assertEqual(cpu.DL, 0)
def test_SETNE_15(self):
''' Instruction SETNE_15
Groups:
0x807027e: setne cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x08070280] = '\xc1'
mem[0x0807027e] = '\x0f'
mem[0x0807027f] = '\x95'
cpu.EIP = 0x807027e
cpu.ZF = False
cpu.CL = 0xf8
cpu.execute()
self.assertEqual(mem[0x8070280], '\xc1')
self.assertEqual(mem[0x807027e], '\x0f')
self.assertEqual(mem[0x807027f], '\x95')
self.assertEqual(cpu.EIP, 134677121)
self.assertEqual(cpu.CL, 1)
def test_SETNE_16(self):
''' Instruction SETNE_16
Groups:
0xf7fe6c5c: setne al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe6c5c] = '\x0f'
mem[0xf7fe6c5d] = '\x95'
mem[0xf7fe6c5e] = '\xc0'
cpu.EIP = 0xf7fe6c5c
cpu.ZF = True
cpu.AL = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe6c5c], '\x0f')
self.assertEqual(mem[0xf7fe6c5d], '\x95')
self.assertEqual(mem[0xf7fe6c5e], '\xc0')
self.assertEqual(cpu.EIP, 4160646239)
self.assertEqual(cpu.AL, 0)
def test_SETNE_17(self):
''' Instruction SETNE_17
Groups:
0xf7fdf397: setne al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fdf000, 0x1000, 'rwx')
mem[0xf7fdf398] = '\x95'
mem[0xf7fdf399] = '\xc0'
mem[0xf7fdf397] = '\x0f'
cpu.EIP = 0xf7fdf397
cpu.ZF = False
cpu.AL = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fdf398], '\x95')
self.assertEqual(mem[0xf7fdf399], '\xc0')
self.assertEqual(mem[0xf7fdf397], '\x0f')
self.assertEqual(cpu.EIP, 4160615322)
self.assertEqual(cpu.AL, 1)
def test_SETNE_18(self):
''' Instruction SETNE_18
Groups:
0xf7fe6c5c: setne al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe6c5c] = '\x0f'
mem[0xf7fe6c5d] = '\x95'
mem[0xf7fe6c5e] = '\xc0'
cpu.EIP = 0xf7fe6c5c
cpu.ZF = True
cpu.AL = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe6c5c], '\x0f')
self.assertEqual(mem[0xf7fe6c5d], '\x95')
self.assertEqual(mem[0xf7fe6c5e], '\xc0')
self.assertEqual(cpu.EIP, 4160646239)
self.assertEqual(cpu.AL, 0)
def test_SETNE_19(self):
''' Instruction SETNE_19
Groups:
0xf7fe6c5c: setne al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe6c5c] = '\x0f'
mem[0xf7fe6c5d] = '\x95'
mem[0xf7fe6c5e] = '\xc0'
cpu.EIP = 0xf7fe6c5c
cpu.ZF = True
cpu.AL = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe6c5c], '\x0f')
self.assertEqual(mem[0xf7fe6c5d], '\x95')
self.assertEqual(mem[0xf7fe6c5e], '\xc0')
self.assertEqual(cpu.EIP, 4160646239)
self.assertEqual(cpu.AL, 0)
def test_SETNE_2(self):
''' Instruction SETNE_2
Groups:
0xf7fec53e: setne al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec540] = '\xc0'
mem[0xf7fec53e] = '\x0f'
mem[0xf7fec53f] = '\x95'
cpu.EIP = 0xf7fec53e
cpu.ZF = True
cpu.AL = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fec540], '\xc0')
self.assertEqual(mem[0xf7fec53e], '\x0f')
self.assertEqual(mem[0xf7fec53f], '\x95')
self.assertEqual(cpu.EIP, 4160668993)
self.assertEqual(cpu.AL, 0)
def test_SETNE_3(self):
''' Instruction SETNE_3
Groups:
0xf7fdf32a: setne al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fdf000, 0x1000, 'rwx')
mem[0xf7fdf32a] = '\x0f'
mem[0xf7fdf32b] = '\x95'
mem[0xf7fdf32c] = '\xc0'
cpu.EIP = 0xf7fdf32a
cpu.ZF = True
cpu.AL = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fdf32a], '\x0f')
self.assertEqual(mem[0xf7fdf32b], '\x95')
self.assertEqual(mem[0xf7fdf32c], '\xc0')
self.assertEqual(cpu.EIP, 4160615213)
self.assertEqual(cpu.AL, 0)
def test_SETNE_4(self):
''' Instruction SETNE_4
Groups:
0xf7fec53e: setne al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec540] = '\xc0'
mem[0xf7fec53e] = '\x0f'
mem[0xf7fec53f] = '\x95'
cpu.EIP = 0xf7fec53e
cpu.ZF = True
cpu.AL = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fec540], '\xc0')
self.assertEqual(mem[0xf7fec53e], '\x0f')
self.assertEqual(mem[0xf7fec53f], '\x95')
self.assertEqual(cpu.EIP, 4160668993)
self.assertEqual(cpu.AL, 0)
def test_SETNE_5(self):
''' Instruction SETNE_5
Groups:
0xf7fec53e: setne al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec540] = '\xc0'
mem[0xf7fec53e] = '\x0f'
mem[0xf7fec53f] = '\x95'
cpu.EIP = 0xf7fec53e
cpu.ZF = True
cpu.AL = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fec540], '\xc0')
self.assertEqual(mem[0xf7fec53e], '\x0f')
self.assertEqual(mem[0xf7fec53f], '\x95')
self.assertEqual(cpu.EIP, 4160668993)
self.assertEqual(cpu.AL, 0)
def test_SETNE_6(self):
''' Instruction SETNE_6
Groups:
0xf7fec53e: setne al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec540] = '\xc0'
mem[0xf7fec53e] = '\x0f'
mem[0xf7fec53f] = '\x95'
cpu.EIP = 0xf7fec53e
cpu.ZF = True
cpu.AL = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fec540], '\xc0')
self.assertEqual(mem[0xf7fec53e], '\x0f')
self.assertEqual(mem[0xf7fec53f], '\x95')
self.assertEqual(cpu.EIP, 4160668993)
self.assertEqual(cpu.AL, 0)
def test_SETNE_7(self):
''' Instruction SETNE_7
Groups:
0x80701a3: setne byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x01'
mem[0x080701a3] = '\x0f'
mem[0x080701a4] = '\x95'
mem[0x080701a5] = 'E'
mem[0x080701a6] = '\x00'
cpu.EIP = 0x80701a3
cpu.ZF = True
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0x80701a3], '\x0f')
self.assertEqual(mem[0x80701a4], '\x95')
self.assertEqual(mem[0x80701a5], 'E')
self.assertEqual(mem[0x80701a6], '\x00')
self.assertEqual(cpu.EIP, 134676903)
self.assertEqual(cpu.EBP, 4294948352)
def test_SETNE_8(self):
''' Instruction SETNE_8
Groups:
0xf7fe996f: setne al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9970] = '\x95'
mem[0xf7fe9971] = '\xc0'
mem[0xf7fe996f] = '\x0f'
cpu.EIP = 0xf7fe996f
cpu.ZF = False
cpu.AL = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe9970], '\x95')
self.assertEqual(mem[0xf7fe9971], '\xc0')
self.assertEqual(mem[0xf7fe996f], '\x0f')
self.assertEqual(cpu.EIP, 4160657778)
self.assertEqual(cpu.AL, 1)
def test_SETNE_9(self):
''' Instruction SETNE_9
Groups:
0x8070281: setne byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\xf8'
mem[0x08070281] = '\x0f'
mem[0x08070282] = '\x95'
mem[0x08070283] = 'E'
mem[0x08070284] = '\x00'
cpu.EIP = 0x8070281
cpu.ZF = False
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x01')
self.assertEqual(mem[0x8070281], '\x0f')
self.assertEqual(mem[0x8070282], '\x95')
self.assertEqual(mem[0x8070283], 'E')
self.assertEqual(mem[0x8070284], '\x00')
self.assertEqual(cpu.EIP, 134677125)
self.assertEqual(cpu.EBP, 4294948352)
def test_SETNO_1(self):
''' Instruction SETNO_1
Groups:
0x8070194: setno byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x01'
mem[0x08070194] = '\x0f'
mem[0x08070195] = '\x91'
mem[0x08070196] = 'E'
mem[0x08070197] = '\x00'
cpu.EIP = 0x8070194
cpu.EBP = 0xffffb600
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x01')
self.assertEqual(mem[0x8070194], '\x0f')
self.assertEqual(mem[0x8070195], '\x91')
self.assertEqual(mem[0x8070196], 'E')
self.assertEqual(mem[0x8070197], '\x00')
self.assertEqual(cpu.EIP, 134676888)
self.assertEqual(cpu.EBP, 4294948352)
def test_SETNO_2(self):
''' Instruction SETNO_2
Groups:
0x8070191: setno cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x08070191] = '\x0f'
mem[0x08070192] = '\x91'
mem[0x08070193] = '\xc1'
cpu.EIP = 0x8070191
cpu.OF = False
cpu.CL = 0x1
cpu.execute()
self.assertEqual(mem[0x8070191], '\x0f')
self.assertEqual(mem[0x8070192], '\x91')
self.assertEqual(mem[0x8070193], '\xc1')
self.assertEqual(cpu.EIP, 134676884)
self.assertEqual(cpu.CL, 1)
def test_SETNP_1(self):
''' Instruction SETNP_1
Groups:
0x807949f: setnp cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x080794a0] = '\x9b'
mem[0x080794a1] = '\xc1'
mem[0x0807949f] = '\x0f'
cpu.EIP = 0x807949f
cpu.PF = True
cpu.CL = 0x1
cpu.execute()
self.assertEqual(mem[0x80794a0], '\x9b')
self.assertEqual(mem[0x80794a1], '\xc1')
self.assertEqual(mem[0x807949f], '\x0f')
self.assertEqual(cpu.EIP, 134714530)
self.assertEqual(cpu.CL, 0)
def test_SETNP_2(self):
''' Instruction SETNP_2
Groups:
0x80794a2: setnp byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x7f'
mem[0x080794a2] = '\x0f'
mem[0x080794a3] = '\x9b'
mem[0x080794a4] = 'E'
mem[0x080794a5] = '\x00'
cpu.EIP = 0x80794a2
cpu.PF = True
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0x80794a2], '\x0f')
self.assertEqual(mem[0x80794a3], '\x9b')
self.assertEqual(mem[0x80794a4], 'E')
self.assertEqual(mem[0x80794a5], '\x00')
self.assertEqual(cpu.EIP, 134714534)
self.assertEqual(cpu.EBP, 4294948352)
def test_SETNP_3(self):
''' Instruction SETNP_3
Groups:
0x8070294: setnp cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x08070294] = '\x0f'
mem[0x08070295] = '\x9b'
mem[0x08070296] = '\xc1'
cpu.EIP = 0x8070294
cpu.PF = False
cpu.CL = 0x1
cpu.execute()
self.assertEqual(mem[0x8070294], '\x0f')
self.assertEqual(mem[0x8070295], '\x9b')
self.assertEqual(mem[0x8070296], '\xc1')
self.assertEqual(cpu.EIP, 134677143)
self.assertEqual(cpu.CL, 1)
def test_SETNP_4(self):
''' Instruction SETNP_4
Groups:
0x8070297: setnp byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x08070298] = '\x9b'
mem[0x08070299] = 'E'
mem[0x0807029a] = '\x00'
mem[0xffffb600] = '\x01'
mem[0x08070297] = '\x0f'
cpu.EIP = 0x8070297
cpu.PF = False
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0x8070298], '\x9b')
self.assertEqual(mem[0x8070299], 'E')
self.assertEqual(mem[0x807029a], '\x00')
self.assertEqual(mem[0xffffb600], '\x01')
self.assertEqual(mem[0x8070297], '\x0f')
self.assertEqual(cpu.EIP, 134677147)
self.assertEqual(cpu.EBP, 4294948352)
def test_SETNS_1(self):
''' Instruction SETNS_1
Groups:
0x8070290: setns byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x08070290] = '\x0f'
mem[0x08070291] = '\x99'
mem[0x08070292] = 'E'
mem[0x08070293] = '\x00'
mem[0xffffb600] = '\x01'
cpu.EIP = 0x8070290
cpu.EBP = 0xffffb600
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x8070290], '\x0f')
self.assertEqual(mem[0x8070291], '\x99')
self.assertEqual(mem[0x8070292], 'E')
self.assertEqual(mem[0x8070293], '\x00')
self.assertEqual(mem[0xffffb600], '\x01')
self.assertEqual(cpu.EIP, 134677140)
self.assertEqual(cpu.EBP, 4294948352)
def test_SETNS_2(self):
''' Instruction SETNS_2
Groups:
0x807028d: setns cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x0807028d] = '\x0f'
mem[0x0807028e] = '\x99'
mem[0x0807028f] = '\xc1'
cpu.EIP = 0x807028d
cpu.SF = False
cpu.CL = 0x1
cpu.execute()
self.assertEqual(mem[0x807028d], '\x0f')
self.assertEqual(mem[0x807028e], '\x99')
self.assertEqual(mem[0x807028f], '\xc1')
self.assertEqual(cpu.EIP, 134677136)
self.assertEqual(cpu.CL, 1)
def test_SETO_1(self):
''' Instruction SETO_1
Groups:
0x8065fb7: seto cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem[0x08065fb8] = '\x90'
mem[0x08065fb9] = '\xc1'
mem[0x08065fb7] = '\x0f'
cpu.EIP = 0x8065fb7
cpu.OF = False
cpu.CL = 0x0
cpu.execute()
self.assertEqual(mem[0x8065fb8], '\x90')
self.assertEqual(mem[0x8065fb9], '\xc1')
self.assertEqual(mem[0x8065fb7], '\x0f')
self.assertEqual(cpu.EIP, 134635450)
self.assertEqual(cpu.CL, 0)
def test_SETO_2(self):
''' Instruction SETO_2
Groups:
0x8065fba: seto byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0x08065fba] = '\x0f'
mem[0x08065fbb] = '\x90'
mem[0x08065fbc] = 'E'
mem[0x08065fbd] = '\x00'
cpu.EIP = 0x8065fba
cpu.EBP = 0xffffb600
cpu.OF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0x8065fba], '\x0f')
self.assertEqual(mem[0x8065fbb], '\x90')
self.assertEqual(mem[0x8065fbc], 'E')
self.assertEqual(mem[0x8065fbd], '\x00')
self.assertEqual(cpu.EIP, 134635454)
self.assertEqual(cpu.EBP, 4294948352)
def test_SETP_1(self):
''' Instruction SETP_1
Groups:
0x806b09d: setp cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0806b000, 0x1000, 'rwx')
mem[0x0806b09d] = '\x0f'
mem[0x0806b09e] = '\x9a'
mem[0x0806b09f] = '\xc1'
cpu.EIP = 0x806b09d
cpu.PF = True
cpu.CL = 0x0
cpu.execute()
self.assertEqual(mem[0x806b09d], '\x0f')
self.assertEqual(mem[0x806b09e], '\x9a')
self.assertEqual(mem[0x806b09f], '\xc1')
self.assertEqual(cpu.EIP, 134656160)
self.assertEqual(cpu.CL, 1)
def test_SETP_2(self):
''' Instruction SETP_2
Groups:
0x8079481: setp byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x01'
mem[0x08079481] = '\x0f'
mem[0x08079482] = '\x9a'
mem[0x08079483] = 'E'
mem[0x08079484] = '\x00'
cpu.EIP = 0x8079481
cpu.PF = True
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x01')
self.assertEqual(mem[0x8079481], '\x0f')
self.assertEqual(mem[0x8079482], '\x9a')
self.assertEqual(mem[0x8079483], 'E')
self.assertEqual(mem[0x8079484], '\x00')
self.assertEqual(cpu.EIP, 134714501)
self.assertEqual(cpu.EBP, 4294948352)
def test_SETP_3(self):
''' Instruction SETP_3
Groups:
0x807947e: setp cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079480] = '\xc1'
mem[0x0807947e] = '\x0f'
mem[0x0807947f] = '\x9a'
cpu.EIP = 0x807947e
cpu.PF = True
cpu.CL = 0x1
cpu.execute()
self.assertEqual(mem[0x8079480], '\xc1')
self.assertEqual(mem[0x807947e], '\x0f')
self.assertEqual(mem[0x807947f], '\x9a')
self.assertEqual(cpu.EIP, 134714497)
self.assertEqual(cpu.CL, 1)
def test_SETP_4(self):
''' Instruction SETP_4
Groups:
0x806b0a0: setp byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0806b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x0806b0a0] = '\x0f'
mem[0x0806b0a1] = '\x9a'
mem[0x0806b0a2] = 'E'
mem[0x0806b0a3] = '\x00'
mem[0xffffb600] = '\x00'
cpu.EIP = 0x806b0a0
cpu.PF = True
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0x806b0a0], '\x0f')
self.assertEqual(mem[0x806b0a1], '\x9a')
self.assertEqual(mem[0x806b0a2], 'E')
self.assertEqual(mem[0x806b0a3], '\x00')
self.assertEqual(mem[0xffffb600], '\x01')
self.assertEqual(cpu.EIP, 134656164)
self.assertEqual(cpu.EBP, 4294948352)
def test_SETS_1(self):
''' Instruction SETS_1
Groups:
0x806b0a7: sets byte ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0806b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x0806b0a8] = '\x98'
mem[0x0806b0a9] = 'E'
mem[0x0806b0aa] = '\x00'
mem[0xffffb600] = '\x01'
mem[0x0806b0a7] = '\x0f'
cpu.EIP = 0x806b0a7
cpu.EBP = 0xffffb600
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x806b0a8], '\x98')
self.assertEqual(mem[0x806b0a9], 'E')
self.assertEqual(mem[0x806b0aa], '\x00')
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0x806b0a7], '\x0f')
self.assertEqual(cpu.EIP, 134656171)
self.assertEqual(cpu.EBP, 4294948352)
def test_SETS_2(self):
''' Instruction SETS_2
Groups:
0x806b0a4: sets cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0806b000, 0x1000, 'rwx')
mem[0x0806b0a4] = '\x0f'
mem[0x0806b0a5] = '\x98'
mem[0x0806b0a6] = '\xc1'
cpu.EIP = 0x806b0a4
cpu.SF = False
cpu.CL = 0x1
cpu.execute()
self.assertEqual(mem[0x806b0a4], '\x0f')
self.assertEqual(mem[0x806b0a5], '\x98')
self.assertEqual(mem[0x806b0a6], '\xc1')
self.assertEqual(cpu.EIP, 134656167)
self.assertEqual(cpu.CL, 0)
def test_SHLD_1(self):
''' Instruction SHLD_1
Groups:
0x8059a5b: shld word ptr [ebp], dx, 2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x08059a60] = '\x02'
mem[0xffffb600] = '>'
mem[0xffffb601] = '0'
mem[0x08059a5b] = 'f'
mem[0x08059a5c] = '\x0f'
mem[0x08059a5d] = '\xa4'
mem[0x08059a5e] = 'U'
mem[0x08059a5f] = '\x00'
cpu.EIP = 0x8059a5b
cpu.ZF = False
cpu.CF = False
cpu.PF = True
cpu.DX = 0xc8f8
cpu.EBP = 0xffffb600
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x8059a60], '\x02')
self.assertEqual(mem[0xffffb600], '\xfb')
self.assertEqual(mem[0xffffb601], '\xc0')
self.assertEqual(mem[0x8059a5b], 'f')
self.assertEqual(mem[0x8059a5c], '\x0f')
self.assertEqual(mem[0x8059a5d], '\xa4')
self.assertEqual(mem[0x8059a5e], 'U')
self.assertEqual(mem[0x8059a5f], '\x00')
self.assertEqual(cpu.EIP, 134584929)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.DX, 51448)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.SF, True)
def test_SHLD_2(self):
''' Instruction SHLD_2
Groups:
0x8059a42: shld cx, dx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x08059a42] = 'f'
mem[0x08059a43] = '\x0f'
mem[0x08059a44] = '\xa5'
mem[0x08059a45] = '\xd1'
cpu.EIP = 0x8059a42
cpu.CX = 0x0
cpu.PF = False
cpu.DX = 0xc8f8
cpu.CL = 0x0
cpu.ZF = False
cpu.CF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0x8059a42], 'f')
self.assertEqual(mem[0x8059a43], '\x0f')
self.assertEqual(mem[0x8059a44], '\xa5')
self.assertEqual(mem[0x8059a45], '\xd1')
self.assertEqual(cpu.EIP, 134584902)
self.assertEqual(cpu.CX, 0)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.DX, 51448)
self.assertEqual(cpu.CL, 0)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, True)
def test_SHLD_3(self):
''' Instruction SHLD_3
Groups:
0x8059a52: shld cx, dx, 2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x08059a52] = 'f'
mem[0x08059a53] = '\x0f'
mem[0x08059a54] = '\xa4'
mem[0x08059a55] = '\xd1'
mem[0x08059a56] = '\x02'
cpu.EIP = 0x8059a52
cpu.ZF = False
cpu.CF = False
cpu.CX = 0x0
cpu.PF = False
cpu.DX = 0xc8f8
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0x8059a52], 'f')
self.assertEqual(mem[0x8059a53], '\x0f')
self.assertEqual(mem[0x8059a54], '\xa4')
self.assertEqual(mem[0x8059a55], '\xd1')
self.assertEqual(mem[0x8059a56], '\x02')
self.assertEqual(cpu.EIP, 134584919)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.CX, 3)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.DX, 51448)
self.assertEqual(cpu.SF, False)
def test_SHLD_4(self):
''' Instruction SHLD_4
Groups:
0x8059a57: shld ecx, edx, 2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x08059a58] = '\xa4'
mem[0x08059a59] = '\xd1'
mem[0x08059a5a] = '\x02'
mem[0x08059a57] = '\x0f'
cpu.EIP = 0x8059a57
cpu.ZF = False
cpu.CF = False
cpu.PF = True
cpu.EDX = 0xc8f8
cpu.SF = False
cpu.ECX = 0x3
cpu.execute()
self.assertEqual(mem[0x8059a58], '\xa4')
self.assertEqual(mem[0x8059a59], '\xd1')
self.assertEqual(mem[0x8059a5a], '\x02')
self.assertEqual(mem[0x8059a57], '\x0f')
self.assertEqual(cpu.EIP, 134584923)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EDX, 51448)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ECX, 12)
def test_SHLD_5(self):
''' Instruction SHLD_5
Groups:
0x8059a61: shld dword ptr [ebp], edx, 2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\xfb'
mem[0x08059a61] = '\x0f'
mem[0x08059a62] = '\xa4'
mem[0x08059a63] = 'U'
mem[0x08059a64] = '\x00'
mem[0x08059a65] = '\x02'
mem[0xffffb601] = '\xc0'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x1e'
cpu.EIP = 0x8059a61
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.EBP = 0xffffb600
cpu.EDX = 0xc8f8
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xffffb600], '\xec')
self.assertEqual(mem[0x8059a61], '\x0f')
self.assertEqual(mem[0x8059a62], '\xa4')
self.assertEqual(mem[0x8059a63], 'U')
self.assertEqual(mem[0x8059a64], '\x00')
self.assertEqual(mem[0x8059a65], '\x02')
self.assertEqual(mem[0xffffb601], '\x03')
self.assertEqual(mem[0xffffb602], '\x03')
self.assertEqual(mem[0xffffb603], 'x')
self.assertEqual(cpu.EIP, 134584934)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.EDX, 51448)
self.assertEqual(cpu.SF, False)
def test_SHLD_6(self):
''' Instruction SHLD_6
Groups:
0x8059a49: shld word ptr [ebp], dx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '>'
mem[0xffffb601] = '0'
mem[0x08059a49] = 'f'
mem[0x08059a4a] = '\x0f'
mem[0x08059a4b] = '\xa5'
mem[0x08059a4c] = 'U'
mem[0x08059a4d] = '\x00'
cpu.EIP = 0x8059a49
cpu.PF = False
cpu.DX = 0xc8f8
cpu.CL = 0x0
cpu.EBP = 0xffffb600
cpu.ZF = False
cpu.CF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xffffb600], '>')
self.assertEqual(mem[0xffffb601], '0')
self.assertEqual(mem[0x8059a49], 'f')
self.assertEqual(mem[0x8059a4a], '\x0f')
self.assertEqual(mem[0x8059a4b], '\xa5')
self.assertEqual(mem[0x8059a4c], 'U')
self.assertEqual(mem[0x8059a4d], '\x00')
self.assertEqual(cpu.EIP, 134584910)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.DX, 51448)
self.assertEqual(cpu.CL, 0)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, True)
def test_SHLD_7(self):
''' Instruction SHLD_7
Groups:
0x8059a4e: shld dword ptr [ebp], edx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '>'
mem[0xffffb601] = '0'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x1e'
mem[0x08059a51] = '\x00'
mem[0x08059a50] = 'U'
mem[0x08059a4e] = '\x0f'
mem[0x08059a4f] = '\xa5'
cpu.EIP = 0x8059a4e
cpu.EDX = 0xc8f8
cpu.PF = False
cpu.CL = 0x0
cpu.EBP = 0xffffb600
cpu.ZF = False
cpu.CF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xffffb600], '>')
self.assertEqual(mem[0xffffb601], '0')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x1e')
self.assertEqual(mem[0x8059a51], '\x00')
self.assertEqual(mem[0x8059a50], 'U')
self.assertEqual(mem[0x8059a4e], '\x0f')
self.assertEqual(mem[0x8059a4f], '\xa5')
self.assertEqual(cpu.EIP, 134584914)
self.assertEqual(cpu.EDX, 51448)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.CL, 0)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, True)
def test_SHLD_8(self):
''' Instruction SHLD_8
Groups:
0x8059a46: shld ecx, edx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x08059a48] = '\xd1'
mem[0x08059a46] = '\x0f'
mem[0x08059a47] = '\xa5'
cpu.EIP = 0x8059a46
cpu.EDX = 0xc8f8
cpu.PF = False
cpu.CL = 0x0
cpu.ZF = False
cpu.ECX = 0x0
cpu.CF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0x8059a48], '\xd1')
self.assertEqual(mem[0x8059a46], '\x0f')
self.assertEqual(mem[0x8059a47], '\xa5')
self.assertEqual(cpu.EIP, 134584905)
self.assertEqual(cpu.EDX, 51448)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.CL, 0)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.ECX, 0)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, True)
def test_SHL_1(self):
''' Instruction SHL_1
Groups:
0xf7fe56a5: shl ecx, 5
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a5] = '\xc1'
mem[0xf7fe56a6] = '\xe1'
mem[0xf7fe56a7] = '\x05'
cpu.EIP = 0xf7fe56a5
cpu.ZF = False
cpu.CF = False
cpu.PF = True
cpu.SF = True
cpu.ECX = 0x2b618
cpu.execute()
self.assertEqual(mem[0xf7fe56a5], '\xc1')
self.assertEqual(mem[0xf7fe56a6], '\xe1')
self.assertEqual(mem[0xf7fe56a7], '\x05')
self.assertEqual(cpu.EIP, 4160640680)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ECX, 5686016)
def test_SHL_10(self):
''' Instruction SHL_10
Groups:
0xf7fe72a0: shl edx, 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72a0] = '\xc1'
mem[0xf7fe72a1] = '\xe2'
mem[0xf7fe72a2] = '\x04'
cpu.EIP = 0xf7fe72a0
cpu.ZF = True
cpu.CF = False
cpu.PF = True
cpu.EDX = 0x2
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe72a0], '\xc1')
self.assertEqual(mem[0xf7fe72a1], '\xe2')
self.assertEqual(mem[0xf7fe72a2], '\x04')
self.assertEqual(cpu.EIP, 4160647843)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.EDX, 32)
self.assertEqual(cpu.SF, False)
def test_SHL_11(self):
''' Instruction SHL_11
Groups:
0xf7fe56a5: shl ecx, 5
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a5] = '\xc1'
mem[0xf7fe56a6] = '\xe1'
mem[0xf7fe56a7] = '\x05'
cpu.EIP = 0xf7fe56a5
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = True
cpu.ECX = 0x3245563d
cpu.execute()
self.assertEqual(mem[0xf7fe56a5], '\xc1')
self.assertEqual(mem[0xf7fe56a6], '\xe1')
self.assertEqual(mem[0xf7fe56a7], '\x05')
self.assertEqual(cpu.EIP, 4160640680)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ECX, 1219151776)
def test_SHL_12(self):
''' Instruction SHL_12
Groups:
0xf7fe56a5: shl ecx, 5
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a5] = '\xc1'
mem[0xf7fe56a6] = '\xe1'
mem[0xf7fe56a7] = '\x05'
cpu.EIP = 0xf7fe56a5
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = True
cpu.ECX = 0x5976cd
cpu.execute()
self.assertEqual(mem[0xf7fe56a5], '\xc1')
self.assertEqual(mem[0xf7fe56a6], '\xe1')
self.assertEqual(mem[0xf7fe56a7], '\x05')
self.assertEqual(cpu.EIP, 4160640680)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ECX, 187619744)
def test_SHL_13(self):
''' Instruction SHL_13
Groups:
0xf7fe54e8: shl eax, 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e8] = '\xc1'
mem[0xf7fe54e9] = '\xe0'
mem[0xf7fe54ea] = '\x04'
cpu.EIP = 0xf7fe54e8
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0x1a5
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe54e8], '\xc1')
self.assertEqual(mem[0xf7fe54e9], '\xe0')
self.assertEqual(mem[0xf7fe54ea], '\x04')
self.assertEqual(cpu.EIP, 4160640235)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 6736)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_SHL_14(self):
''' Instruction SHL_14
Groups:
0xf7fe56a5: shl ecx, 5
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a5] = '\xc1'
mem[0xf7fe56a6] = '\xe1'
mem[0xf7fe56a7] = '\x05'
cpu.EIP = 0xf7fe56a5
cpu.ZF = False
cpu.CF = False
cpu.PF = True
cpu.SF = True
cpu.ECX = 0x2152c1c6
cpu.execute()
self.assertEqual(mem[0xf7fe56a5], '\xc1')
self.assertEqual(mem[0xf7fe56a6], '\xe1')
self.assertEqual(mem[0xf7fe56a7], '\x05')
self.assertEqual(cpu.EIP, 4160640680)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ECX, 710424768)
def test_SHL_15(self):
''' Instruction SHL_15
Groups:
0xf7fe7210: shl ecx, 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7210] = '\xc1'
mem[0xf7fe7211] = '\xe1'
mem[0xf7fe7212] = '\x04'
cpu.EIP = 0xf7fe7210
cpu.ZF = True
cpu.CF = False
cpu.PF = True
cpu.SF = False
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7fe7210], '\xc1')
self.assertEqual(mem[0xf7fe7211], '\xe1')
self.assertEqual(mem[0xf7fe7212], '\x04')
self.assertEqual(cpu.EIP, 4160647699)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ECX, 0)
def test_SHL_16(self):
''' Instruction SHL_16
Groups:
0xf7fe56a5: shl ecx, 5
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a5] = '\xc1'
mem[0xf7fe56a6] = '\xe1'
mem[0xf7fe56a7] = '\x05'
cpu.EIP = 0xf7fe56a5
cpu.ZF = False
cpu.CF = False
cpu.PF = True
cpu.SF = True
cpu.ECX = 0xb88a6aa
cpu.execute()
self.assertEqual(mem[0xf7fe56a5], '\xc1')
self.assertEqual(mem[0xf7fe56a6], '\xe1')
self.assertEqual(mem[0xf7fe56a7], '\x05')
self.assertEqual(cpu.EIP, 4160640680)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ECX, 1897190720)
def test_SHL_17(self):
''' Instruction SHL_17
Groups:
0xf7fe56a5: shl ecx, 5
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a5] = '\xc1'
mem[0xf7fe56a6] = '\xe1'
mem[0xf7fe56a7] = '\x05'
cpu.EIP = 0xf7fe56a5
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = True
cpu.ECX = 0x91a1e0d1
cpu.execute()
self.assertEqual(mem[0xf7fe56a5], '\xc1')
self.assertEqual(mem[0xf7fe56a6], '\xe1')
self.assertEqual(mem[0xf7fe56a7], '\x05')
self.assertEqual(cpu.EIP, 4160640680)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ECX, 876354080)
def test_SHL_18(self):
''' Instruction SHL_18
Groups:
0xf7fe54e8: shl eax, 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e8] = '\xc1'
mem[0xf7fe54e9] = '\xe0'
mem[0xf7fe54ea] = '\x04'
cpu.EIP = 0xf7fe54e8
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0x20a
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe54e8], '\xc1')
self.assertEqual(mem[0xf7fe54e9], '\xe0')
self.assertEqual(mem[0xf7fe54ea], '\x04')
self.assertEqual(cpu.EIP, 4160640235)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 8352)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_SHL_19(self):
''' Instruction SHL_19
Groups:
0xf7fe56a5: shl ecx, 5
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a5] = '\xc1'
mem[0xf7fe56a6] = '\xe1'
mem[0xf7fe56a7] = '\x05'
cpu.EIP = 0xf7fe56a5
cpu.ZF = False
cpu.CF = False
cpu.PF = True
cpu.SF = True
cpu.ECX = 0x7c92c8da
cpu.execute()
self.assertEqual(mem[0xf7fe56a5], '\xc1')
self.assertEqual(mem[0xf7fe56a6], '\xe1')
self.assertEqual(mem[0xf7fe56a7], '\x05')
self.assertEqual(cpu.EIP, 4160640680)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, True)
self.assertEqual(cpu.ECX, 2455313216)
def test_SHL_2(self):
''' Instruction SHL_2
Groups:
0xf7fe56a5: shl ecx, 5
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a5] = '\xc1'
mem[0xf7fe56a6] = '\xe1'
mem[0xf7fe56a7] = '\x05'
cpu.EIP = 0xf7fe56a5
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = True
cpu.ECX = 0xeec095a
cpu.execute()
self.assertEqual(mem[0xf7fe56a5], '\xc1')
self.assertEqual(mem[0xf7fe56a6], '\xe1')
self.assertEqual(mem[0xf7fe56a7], '\x05')
self.assertEqual(cpu.EIP, 4160640680)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, True)
self.assertEqual(cpu.ECX, 3716229952)
def test_SHL_20(self):
''' Instruction SHL_20
Groups:
0xf7fe56a5: shl ecx, 5
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a5] = '\xc1'
mem[0xf7fe56a6] = '\xe1'
mem[0xf7fe56a7] = '\x05'
cpu.EIP = 0xf7fe56a5
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = True
cpu.ECX = 0xbc8e74ef
cpu.execute()
self.assertEqual(mem[0xf7fe56a5], '\xc1')
self.assertEqual(mem[0xf7fe56a6], '\xe1')
self.assertEqual(mem[0xf7fe56a7], '\x05')
self.assertEqual(cpu.EIP, 4160640680)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, True)
self.assertEqual(cpu.ECX, 2446237152)
def test_SHL_21(self):
''' Instruction SHL_21
Groups:
0xf7fe56a5: shl ecx, 5
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a5] = '\xc1'
mem[0xf7fe56a6] = '\xe1'
mem[0xf7fe56a7] = '\x05'
cpu.EIP = 0xf7fe56a5
cpu.ZF = False
cpu.CF = False
cpu.PF = True
cpu.SF = True
cpu.ECX = 0x4e5d1343
cpu.execute()
self.assertEqual(mem[0xf7fe56a5], '\xc1')
self.assertEqual(mem[0xf7fe56a6], '\xe1')
self.assertEqual(mem[0xf7fe56a7], '\x05')
self.assertEqual(cpu.EIP, 4160640680)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, True)
self.assertEqual(cpu.ECX, 3416418400)
def test_SHL_3(self):
''' Instruction SHL_3
Groups:
0xf7fe56a5: shl ecx, 5
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a5] = '\xc1'
mem[0xf7fe56a6] = '\xe1'
mem[0xf7fe56a7] = '\x05'
cpu.EIP = 0xf7fe56a5
cpu.ZF = False
cpu.CF = False
cpu.PF = True
cpu.SF = True
cpu.ECX = 0xec71e1e0
cpu.execute()
self.assertEqual(mem[0xf7fe56a5], '\xc1')
self.assertEqual(mem[0xf7fe56a6], '\xe1')
self.assertEqual(mem[0xf7fe56a7], '\x05')
self.assertEqual(cpu.EIP, 4160640680)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, True)
self.assertEqual(cpu.ECX, 2386312192)
def test_SHL_4(self):
''' Instruction SHL_4
Groups:
0xf7fe7210: shl ecx, 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7210] = '\xc1'
mem[0xf7fe7211] = '\xe1'
mem[0xf7fe7212] = '\x04'
cpu.EIP = 0xf7fe7210
cpu.ZF = False
cpu.CF = False
cpu.PF = True
cpu.SF = False
cpu.ECX = 0x536
cpu.execute()
self.assertEqual(mem[0xf7fe7210], '\xc1')
self.assertEqual(mem[0xf7fe7211], '\xe1')
self.assertEqual(mem[0xf7fe7212], '\x04')
self.assertEqual(cpu.EIP, 4160647699)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ECX, 21344)
def test_SHL_5(self):
''' Instruction SHL_5
Groups:
0xf7fe56a5: shl ecx, 5
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a5] = '\xc1'
mem[0xf7fe56a6] = '\xe1'
mem[0xf7fe56a7] = '\x05'
cpu.EIP = 0xf7fe56a5
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = True
cpu.ECX = 0xe1ef170b
cpu.execute()
self.assertEqual(mem[0xf7fe56a5], '\xc1')
self.assertEqual(mem[0xf7fe56a6], '\xe1')
self.assertEqual(mem[0xf7fe56a7], '\x05')
self.assertEqual(cpu.EIP, 4160640680)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ECX, 1038279008)
def test_SHL_6(self):
''' Instruction SHL_6
Groups:
0xf7fe4d10: shl eax, 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4d10] = '\xc1'
mem[0xf7fe4d11] = '\xe0'
mem[0xf7fe4d12] = '\x04'
cpu.EIP = 0xf7fe4d10
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0x2
cpu.PF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe4d10], '\xc1')
self.assertEqual(mem[0xf7fe4d11], '\xe0')
self.assertEqual(mem[0xf7fe4d12], '\x04')
self.assertEqual(cpu.EIP, 4160638227)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 32)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
def test_SHL_7(self):
''' Instruction SHL_7
Groups:
0xf7fe56a5: shl ecx, 5
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a5] = '\xc1'
mem[0xf7fe56a6] = '\xe1'
mem[0xf7fe56a7] = '\x05'
cpu.EIP = 0xf7fe56a5
cpu.ZF = False
cpu.CF = False
cpu.PF = True
cpu.SF = True
cpu.ECX = 0x574b7271
cpu.execute()
self.assertEqual(mem[0xf7fe56a5], '\xc1')
self.assertEqual(mem[0xf7fe56a6], '\xe1')
self.assertEqual(mem[0xf7fe56a7], '\x05')
self.assertEqual(cpu.EIP, 4160640680)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, True)
self.assertEqual(cpu.ECX, 3916320288)
def test_SHL_8(self):
''' Instruction SHL_8
Groups:
0xf7fe56a5: shl ecx, 5
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a5] = '\xc1'
mem[0xf7fe56a6] = '\xe1'
mem[0xf7fe56a7] = '\x05'
cpu.EIP = 0xf7fe56a5
cpu.ZF = False
cpu.CF = False
cpu.PF = True
cpu.SF = True
cpu.ECX = 0x797078e1
cpu.execute()
self.assertEqual(mem[0xf7fe56a5], '\xc1')
self.assertEqual(mem[0xf7fe56a6], '\xe1')
self.assertEqual(mem[0xf7fe56a7], '\x05')
self.assertEqual(cpu.EIP, 4160640680)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ECX, 772742176)
def test_SHL_9(self):
''' Instruction SHL_9
Groups:
0xf7fec3e0: shl edx, 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec3e0] = '\xc1'
mem[0xf7fec3e1] = '\xe2'
mem[0xf7fec3e2] = '\x04'
cpu.EIP = 0xf7fec3e0
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.EDX = 0x1a
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fec3e0], '\xc1')
self.assertEqual(mem[0xf7fec3e1], '\xe2')
self.assertEqual(mem[0xf7fec3e2], '\x04')
self.assertEqual(cpu.EIP, 4160668643)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EDX, 416)
self.assertEqual(cpu.SF, False)
def test_SHRD_1(self):
''' Instruction SHRD_1
Groups:
0xf7fe9998: shrd eax, edx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9998] = '\x0f'
mem[0xf7fe9999] = '\xad'
mem[0xf7fe999a] = '\xd0'
cpu.EIP = 0xf7fe9998
cpu.EAX = 0x4008000
cpu.PF = True
cpu.CL = 0x9
cpu.ZF = False
cpu.CF = False
cpu.EDX = 0x0
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe9998], '\x0f')
self.assertEqual(mem[0xf7fe9999], '\xad')
self.assertEqual(mem[0xf7fe999a], '\xd0')
self.assertEqual(cpu.EIP, 4160657819)
self.assertEqual(cpu.EAX, 131136)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.CL, 9)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.SF, False)
def test_SHRD_10(self):
''' Instruction SHRD_10
Groups:
0xf7fe9998: shrd eax, edx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9998] = '\x0f'
mem[0xf7fe9999] = '\xad'
mem[0xf7fe999a] = '\xd0'
cpu.EIP = 0xf7fe9998
cpu.EAX = 0x4008000
cpu.PF = True
cpu.CL = 0x16
cpu.ZF = False
cpu.CF = False
cpu.EDX = 0x0
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe9998], '\x0f')
self.assertEqual(mem[0xf7fe9999], '\xad')
self.assertEqual(mem[0xf7fe999a], '\xd0')
self.assertEqual(cpu.EIP, 4160657819)
self.assertEqual(cpu.EAX, 16)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.CL, 22)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.SF, False)
def test_SHRD_11(self):
''' Instruction SHRD_11
Groups:
0xf7fe9be8: shrd eax, edx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9be8] = '\x0f'
mem[0xf7fe9be9] = '\xad'
mem[0xf7fe9bea] = '\xd0'
cpu.EIP = 0xf7fe9be8
cpu.EAX = 0x4000000
cpu.PF = True
cpu.CL = 0x18
cpu.ZF = False
cpu.CF = False
cpu.EDX = 0x0
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe9be8], '\x0f')
self.assertEqual(mem[0xf7fe9be9], '\xad')
self.assertEqual(mem[0xf7fe9bea], '\xd0')
self.assertEqual(cpu.EIP, 4160658411)
self.assertEqual(cpu.EAX, 4)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.CL, 24)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.SF, False)
def test_SHRD_12(self):
''' Instruction SHRD_12
Groups:
0xf7fe9be8: shrd eax, edx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9be8] = '\x0f'
mem[0xf7fe9be9] = '\xad'
mem[0xf7fe9bea] = '\xd0'
cpu.EIP = 0xf7fe9be8
cpu.EAX = 0x4008000
cpu.PF = True
cpu.CL = 0x5
cpu.ZF = False
cpu.CF = False
cpu.EDX = 0x0
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe9be8], '\x0f')
self.assertEqual(mem[0xf7fe9be9], '\xad')
self.assertEqual(mem[0xf7fe9bea], '\xd0')
self.assertEqual(cpu.EIP, 4160658411)
self.assertEqual(cpu.EAX, 2098176)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.CL, 5)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.SF, False)
def test_SHRD_13(self):
''' Instruction SHRD_13
Groups:
0xf7fe9be8: shrd eax, edx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9be8] = '\x0f'
mem[0xf7fe9be9] = '\xad'
mem[0xf7fe9bea] = '\xd0'
cpu.EIP = 0xf7fe9be8
cpu.EAX = 0x4008000
cpu.PF = True
cpu.CL = 0xd
cpu.ZF = False
cpu.CF = False
cpu.EDX = 0x0
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe9be8], '\x0f')
self.assertEqual(mem[0xf7fe9be9], '\xad')
self.assertEqual(mem[0xf7fe9bea], '\xd0')
self.assertEqual(cpu.EIP, 4160658411)
self.assertEqual(cpu.EAX, 8196)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.CL, 13)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.SF, False)
def test_SHRD_14(self):
''' Instruction SHRD_14
Groups:
0xf7fe9be8: shrd eax, edx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9be8] = '\x0f'
mem[0xf7fe9be9] = '\xad'
mem[0xf7fe9bea] = '\xd0'
cpu.EIP = 0xf7fe9be8
cpu.EAX = 0x4000000
cpu.PF = True
cpu.CL = 0x12
cpu.ZF = False
cpu.CF = False
cpu.EDX = 0x0
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe9be8], '\x0f')
self.assertEqual(mem[0xf7fe9be9], '\xad')
self.assertEqual(mem[0xf7fe9bea], '\xd0')
self.assertEqual(cpu.EIP, 4160658411)
self.assertEqual(cpu.EAX, 256)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.CL, 18)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.SF, False)
def test_SHRD_15(self):
''' Instruction SHRD_15
Groups:
0xf7fe9be8: shrd eax, edx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9be8] = '\x0f'
mem[0xf7fe9be9] = '\xad'
mem[0xf7fe9bea] = '\xd0'
cpu.EIP = 0xf7fe9be8
cpu.EAX = 0x4000000
cpu.PF = True
cpu.CL = 0x1a
cpu.ZF = False
cpu.CF = False
cpu.EDX = 0x0
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe9be8], '\x0f')
self.assertEqual(mem[0xf7fe9be9], '\xad')
self.assertEqual(mem[0xf7fe9bea], '\xd0')
self.assertEqual(cpu.EIP, 4160658411)
self.assertEqual(cpu.EAX, 1)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.CL, 26)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.SF, False)
def test_SHRD_16(self):
''' Instruction SHRD_16
Groups:
0x805ba45: shrd dword ptr [ebp], edx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x0805ba45] = '\x0f'
mem[0x0805ba46] = '\xad'
mem[0x0805ba47] = 'U'
mem[0x0805ba48] = '\x00'
cpu.EIP = 0x805ba45
cpu.EDX = 0x3ec
cpu.PF = True
cpu.CL = 0x0
cpu.EBP = 0xffffb600
cpu.ZF = True
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x805ba45], '\x0f')
self.assertEqual(mem[0x805ba46], '\xad')
self.assertEqual(mem[0x805ba47], 'U')
self.assertEqual(mem[0x805ba48], '\x00')
self.assertEqual(cpu.EIP, 134593097)
self.assertEqual(cpu.EDX, 1004)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.CL, 0)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_SHRD_17(self):
''' Instruction SHRD_17
Groups:
0xf7fe9998: shrd eax, edx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9998] = '\x0f'
mem[0xf7fe9999] = '\xad'
mem[0xf7fe999a] = '\xd0'
cpu.EIP = 0xf7fe9998
cpu.EAX = 0x4008000
cpu.PF = True
cpu.CL = 0x11
cpu.ZF = False
cpu.CF = False
cpu.EDX = 0x0
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe9998], '\x0f')
self.assertEqual(mem[0xf7fe9999], '\xad')
self.assertEqual(mem[0xf7fe999a], '\xd0')
self.assertEqual(cpu.EIP, 4160657819)
self.assertEqual(cpu.EAX, 512)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.CL, 17)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.SF, False)
def test_SHRD_18(self):
''' Instruction SHRD_18
Groups:
0xf7fe9be8: shrd eax, edx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9be8] = '\x0f'
mem[0xf7fe9be9] = '\xad'
mem[0xf7fe9bea] = '\xd0'
cpu.EIP = 0xf7fe9be8
cpu.EAX = 0x4008000
cpu.PF = True
cpu.CL = 0x9
cpu.ZF = False
cpu.CF = False
cpu.EDX = 0x0
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe9be8], '\x0f')
self.assertEqual(mem[0xf7fe9be9], '\xad')
self.assertEqual(mem[0xf7fe9bea], '\xd0')
self.assertEqual(cpu.EIP, 4160658411)
self.assertEqual(cpu.EAX, 131136)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.CL, 9)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.SF, False)
def test_SHRD_19(self):
''' Instruction SHRD_19
Groups:
0xf7fe9998: shrd eax, edx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9998] = '\x0f'
mem[0xf7fe9999] = '\xad'
mem[0xf7fe999a] = '\xd0'
cpu.EIP = 0xf7fe9998
cpu.EAX = 0x4008000
cpu.PF = True
cpu.CL = 0xc
cpu.ZF = False
cpu.CF = False
cpu.EDX = 0x0
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe9998], '\x0f')
self.assertEqual(mem[0xf7fe9999], '\xad')
self.assertEqual(mem[0xf7fe999a], '\xd0')
self.assertEqual(cpu.EIP, 4160657819)
self.assertEqual(cpu.EAX, 16392)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.CL, 12)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.SF, False)
def test_SHRD_2(self):
''' Instruction SHRD_2
Groups:
0xf7fe9998: shrd eax, edx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9998] = '\x0f'
mem[0xf7fe9999] = '\xad'
mem[0xf7fe999a] = '\xd0'
cpu.EIP = 0xf7fe9998
cpu.EAX = 0x4008000
cpu.PF = True
cpu.CL = 0xe
cpu.ZF = False
cpu.CF = False
cpu.EDX = 0x0
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe9998], '\x0f')
self.assertEqual(mem[0xf7fe9999], '\xad')
self.assertEqual(mem[0xf7fe999a], '\xd0')
self.assertEqual(cpu.EIP, 4160657819)
self.assertEqual(cpu.EAX, 4098)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.CL, 14)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.SF, False)
def test_SHRD_20(self):
''' Instruction SHRD_20
Groups:
0xf7fe9be8: shrd eax, edx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9be8] = '\x0f'
mem[0xf7fe9be9] = '\xad'
mem[0xf7fe9bea] = '\xd0'
cpu.EIP = 0xf7fe9be8
cpu.EAX = 0x4008000
cpu.PF = True
cpu.CL = 0x8
cpu.ZF = False
cpu.CF = False
cpu.EDX = 0x0
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe9be8], '\x0f')
self.assertEqual(mem[0xf7fe9be9], '\xad')
self.assertEqual(mem[0xf7fe9bea], '\xd0')
self.assertEqual(cpu.EIP, 4160658411)
self.assertEqual(cpu.EAX, 262272)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.CL, 8)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.SF, False)
def test_SHRD_21(self):
''' Instruction SHRD_21
Groups:
0xf7fe9be8: shrd eax, edx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9be8] = '\x0f'
mem[0xf7fe9be9] = '\xad'
mem[0xf7fe9bea] = '\xd0'
cpu.EIP = 0xf7fe9be8
cpu.EAX = 0x4000000
cpu.PF = True
cpu.CL = 0x19
cpu.ZF = False
cpu.CF = False
cpu.EDX = 0x0
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe9be8], '\x0f')
self.assertEqual(mem[0xf7fe9be9], '\xad')
self.assertEqual(mem[0xf7fe9bea], '\xd0')
self.assertEqual(cpu.EIP, 4160658411)
self.assertEqual(cpu.EAX, 2)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.CL, 25)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.SF, False)
def test_SHRD_3(self):
''' Instruction SHRD_3
Groups:
0xf7fe9be8: shrd eax, edx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9be8] = '\x0f'
mem[0xf7fe9be9] = '\xad'
mem[0xf7fe9bea] = '\xd0'
cpu.EIP = 0xf7fe9be8
cpu.EAX = 0x4000000
cpu.PF = True
cpu.CL = 0x16
cpu.ZF = False
cpu.CF = False
cpu.EDX = 0x0
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe9be8], '\x0f')
self.assertEqual(mem[0xf7fe9be9], '\xad')
self.assertEqual(mem[0xf7fe9bea], '\xd0')
self.assertEqual(cpu.EIP, 4160658411)
self.assertEqual(cpu.EAX, 16)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.CL, 22)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.SF, False)
def test_SHRD_4(self):
''' Instruction SHRD_4
Groups:
0xf7fe9be8: shrd eax, edx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9be8] = '\x0f'
mem[0xf7fe9be9] = '\xad'
mem[0xf7fe9bea] = '\xd0'
cpu.EIP = 0xf7fe9be8
cpu.EAX = 0x4000000
cpu.PF = True
cpu.CL = 0x11
cpu.ZF = False
cpu.CF = False
cpu.EDX = 0x0
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe9be8], '\x0f')
self.assertEqual(mem[0xf7fe9be9], '\xad')
self.assertEqual(mem[0xf7fe9bea], '\xd0')
self.assertEqual(cpu.EIP, 4160658411)
self.assertEqual(cpu.EAX, 512)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.CL, 17)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.SF, False)
def test_SHRD_5(self):
''' Instruction SHRD_5
Groups:
0xf7fe9998: shrd eax, edx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9998] = '\x0f'
mem[0xf7fe9999] = '\xad'
mem[0xf7fe999a] = '\xd0'
cpu.EIP = 0xf7fe9998
cpu.EAX = 0x4008000
cpu.PF = True
cpu.CL = 0x19
cpu.ZF = False
cpu.CF = False
cpu.EDX = 0x0
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe9998], '\x0f')
self.assertEqual(mem[0xf7fe9999], '\xad')
self.assertEqual(mem[0xf7fe999a], '\xd0')
self.assertEqual(cpu.EIP, 4160657819)
self.assertEqual(cpu.EAX, 2)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.CL, 25)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.SF, False)
def test_SHRD_6(self):
''' Instruction SHRD_6
Groups:
0xf7fe9998: shrd eax, edx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9998] = '\x0f'
mem[0xf7fe9999] = '\xad'
mem[0xf7fe999a] = '\xd0'
cpu.EIP = 0xf7fe9998
cpu.EAX = 0x4008000
cpu.PF = True
cpu.CL = 0x8
cpu.ZF = False
cpu.CF = False
cpu.EDX = 0x0
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe9998], '\x0f')
self.assertEqual(mem[0xf7fe9999], '\xad')
self.assertEqual(mem[0xf7fe999a], '\xd0')
self.assertEqual(cpu.EIP, 4160657819)
self.assertEqual(cpu.EAX, 262272)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.CL, 8)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.SF, False)
def test_SHRD_7(self):
''' Instruction SHRD_7
Groups:
0xf7fe9be8: shrd eax, edx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9be8] = '\x0f'
mem[0xf7fe9be9] = '\xad'
mem[0xf7fe9bea] = '\xd0'
cpu.EIP = 0xf7fe9be8
cpu.EAX = 0x4008000
cpu.PF = True
cpu.CL = 0x7
cpu.ZF = False
cpu.CF = False
cpu.EDX = 0x0
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe9be8], '\x0f')
self.assertEqual(mem[0xf7fe9be9], '\xad')
self.assertEqual(mem[0xf7fe9bea], '\xd0')
self.assertEqual(cpu.EIP, 4160658411)
self.assertEqual(cpu.EAX, 524544)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.CL, 7)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.SF, False)
def test_SHRD_8(self):
''' Instruction SHRD_8
Groups:
0xf7fe9998: shrd eax, edx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9998] = '\x0f'
mem[0xf7fe9999] = '\xad'
mem[0xf7fe999a] = '\xd0'
cpu.EIP = 0xf7fe9998
cpu.EAX = 0x4008000
cpu.PF = True
cpu.CL = 0x7
cpu.ZF = False
cpu.CF = False
cpu.EDX = 0x0
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe9998], '\x0f')
self.assertEqual(mem[0xf7fe9999], '\xad')
self.assertEqual(mem[0xf7fe999a], '\xd0')
self.assertEqual(cpu.EIP, 4160657819)
self.assertEqual(cpu.EAX, 524544)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.CL, 7)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.SF, False)
def test_SHRD_9(self):
''' Instruction SHRD_9
Groups:
0xf7fe9998: shrd eax, edx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9998] = '\x0f'
mem[0xf7fe9999] = '\xad'
mem[0xf7fe999a] = '\xd0'
cpu.EIP = 0xf7fe9998
cpu.EAX = 0x4008000
cpu.PF = True
cpu.CL = 0x3
cpu.ZF = False
cpu.CF = False
cpu.EDX = 0x0
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe9998], '\x0f')
self.assertEqual(mem[0xf7fe9999], '\xad')
self.assertEqual(mem[0xf7fe999a], '\xd0')
self.assertEqual(cpu.EIP, 4160657819)
self.assertEqual(cpu.EAX, 8392704)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.CL, 3)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.SF, False)
def test_SHR_1(self):
''' Instruction SHR_1
Groups:
0xf7fe4f34: shr edx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f34] = '\xd3'
mem[0xf7fe4f35] = '\xea'
cpu.EIP = 0xf7fe4f34
cpu.CL = 0xde
cpu.ZF = False
cpu.CF = True
cpu.PF = True
cpu.EDX = 0x20002000
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe4f34], '\xd3')
self.assertEqual(mem[0xf7fe4f35], '\xea')
self.assertEqual(cpu.EIP, 4160638774)
self.assertEqual(cpu.CL, 222)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.SF, False)
def test_SHR_10(self):
''' Instruction SHR_10
Groups:
0xf7fe9beb: shr edx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9beb] = '\xd3'
mem[0xf7fe9bec] = '\xea'
cpu.EIP = 0xf7fe9beb
cpu.CL = 0xe
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.EDX = 0x0
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe9beb], '\xd3')
self.assertEqual(mem[0xf7fe9bec], '\xea')
self.assertEqual(cpu.EIP, 4160658413)
self.assertEqual(cpu.CL, 14)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.SF, False)
def test_SHR_11(self):
''' Instruction SHR_11
Groups:
0xf7fe4f34: shr edx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f34] = '\xd3'
mem[0xf7fe4f35] = '\xea'
cpu.EIP = 0xf7fe4f34
cpu.CL = 0x71
cpu.ZF = False
cpu.CF = False
cpu.PF = True
cpu.EDX = 0x20002000
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe4f34], '\xd3')
self.assertEqual(mem[0xf7fe4f35], '\xea')
self.assertEqual(cpu.EIP, 4160638774)
self.assertEqual(cpu.CL, 113)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EDX, 4096)
self.assertEqual(cpu.SF, False)
def test_SHR_12(self):
''' Instruction SHR_12
Groups:
0xf7fe4f34: shr edx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f34] = '\xd3'
mem[0xf7fe4f35] = '\xea'
cpu.EIP = 0xf7fe4f34
cpu.CL = 0xb6
cpu.ZF = False
cpu.CF = True
cpu.PF = False
cpu.EDX = 0xc34cb81e
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe4f34], '\xd3')
self.assertEqual(mem[0xf7fe4f35], '\xea')
self.assertEqual(cpu.EIP, 4160638774)
self.assertEqual(cpu.CL, 182)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.EDX, 781)
self.assertEqual(cpu.SF, False)
def test_SHR_13(self):
''' Instruction SHR_13
Groups:
0xf7fe4f38: shr eax, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f38] = '\xd3'
mem[0xf7fe4f39] = '\xe8'
cpu.EIP = 0xf7fe4f38
cpu.CL = 0x23
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0x20002000
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe4f38], '\xd3')
self.assertEqual(mem[0xf7fe4f39], '\xe8')
self.assertEqual(cpu.EIP, 4160638778)
self.assertEqual(cpu.CL, 35)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 67109888)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_SHR_14(self):
''' Instruction SHR_14
Groups:
0xf7fe4f34: shr edx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f34] = '\xd3'
mem[0xf7fe4f35] = '\xea'
cpu.EIP = 0xf7fe4f34
cpu.CL = 0x5b
cpu.ZF = False
cpu.CF = True
cpu.PF = False
cpu.EDX = 0x193220e0
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe4f34], '\xd3')
self.assertEqual(mem[0xf7fe4f35], '\xea')
self.assertEqual(cpu.EIP, 4160638774)
self.assertEqual(cpu.CL, 91)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EDX, 3)
self.assertEqual(cpu.SF, False)
def test_SHR_15(self):
''' Instruction SHR_15
Groups:
0xf7fe7203: shr ecx, 8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7203] = '\xc1'
mem[0xf7fe7204] = '\xe9'
mem[0xf7fe7205] = '\x08'
cpu.EIP = 0xf7fe7203
cpu.ZF = False
cpu.CF = False
cpu.PF = True
cpu.SF = True
cpu.ECX = 0x4ee06
cpu.execute()
self.assertEqual(mem[0xf7fe7203], '\xc1')
self.assertEqual(mem[0xf7fe7204], '\xe9')
self.assertEqual(mem[0xf7fe7205], '\x08')
self.assertEqual(cpu.EIP, 4160647686)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ECX, 1262)
def test_SHR_16(self):
''' Instruction SHR_16
Groups:
0xf7fe4f38: shr eax, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f38] = '\xd3'
mem[0xf7fe4f39] = '\xe8'
cpu.EIP = 0xf7fe4f38
cpu.CL = 0x87
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0x193220e0
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe4f38], '\xd3')
self.assertEqual(mem[0xf7fe4f39], '\xe8')
self.assertEqual(cpu.EIP, 4160638778)
self.assertEqual(cpu.CL, 135)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.EAX, 3302465)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_SHR_17(self):
''' Instruction SHR_17
Groups:
0xf7fe4f38: shr eax, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f38] = '\xd3'
mem[0xf7fe4f39] = '\xe8'
cpu.EIP = 0xf7fe4f38
cpu.CL = 0xcb
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0x20002000
cpu.PF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe4f38], '\xd3')
self.assertEqual(mem[0xf7fe4f39], '\xe8')
self.assertEqual(cpu.EIP, 4160638778)
self.assertEqual(cpu.CL, 203)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 262148)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
def test_SHR_18(self):
''' Instruction SHR_18
Groups:
0x804834f: shr edx, 0x1f
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem[0x08048350] = '\xea'
mem[0x08048351] = '\x1f'
mem[0x0804834f] = '\xc1'
cpu.EIP = 0x804834f
cpu.ZF = True
cpu.CF = False
cpu.PF = True
cpu.EDX = 0x0
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x8048350], '\xea')
self.assertEqual(mem[0x8048351], '\x1f')
self.assertEqual(mem[0x804834f], '\xc1')
self.assertEqual(cpu.EIP, 134513490)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.SF, False)
def test_SHR_19(self):
''' Instruction SHR_19
Groups:
0xf7ff4546: shr ecx, 1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4546] = '\xd1'
mem[0xf7ff4547] = '\xe9'
cpu.EIP = 0xf7ff4546
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = False
cpu.ECX = 0x2
cpu.execute()
self.assertEqual(mem[0xf7ff4546], '\xd1')
self.assertEqual(mem[0xf7ff4547], '\xe9')
self.assertEqual(cpu.EIP, 4160701768)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ECX, 1)
def test_SHR_2(self):
''' Instruction SHR_2
Groups:
0xf7fe4f38: shr eax, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f38] = '\xd3'
mem[0xf7fe4f39] = '\xe8'
cpu.EIP = 0xf7fe4f38
cpu.CL = 0x2
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0x1000045e
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe4f38], '\xd3')
self.assertEqual(mem[0xf7fe4f39], '\xe8')
self.assertEqual(cpu.EIP, 4160638778)
self.assertEqual(cpu.CL, 2)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.EAX, 67109143)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_SHR_20(self):
''' Instruction SHR_20
Groups:
0xf7fe4f34: shr edx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f34] = '\xd3'
mem[0xf7fe4f35] = '\xea'
cpu.EIP = 0xf7fe4f34
cpu.CL = 0x3e
cpu.ZF = False
cpu.CF = True
cpu.PF = False
cpu.EDX = 0x40024918
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe4f34], '\xd3')
self.assertEqual(mem[0xf7fe4f35], '\xea')
self.assertEqual(cpu.EIP, 4160638774)
self.assertEqual(cpu.CL, 62)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.EDX, 1)
self.assertEqual(cpu.SF, False)
def test_SHR_21(self):
''' Instruction SHR_21
Groups:
0xf7fe4e71: shr eax, 5
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4e71] = '\xc1'
mem[0xf7fe4e72] = '\xe8'
mem[0xf7fe4e73] = '\x05'
cpu.EIP = 0xf7fe4e71
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0xdad66940
cpu.PF = True
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fe4e71], '\xc1')
self.assertEqual(mem[0xf7fe4e72], '\xe8')
self.assertEqual(mem[0xf7fe4e73], '\x05')
self.assertEqual(cpu.EIP, 4160638580)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 114733898)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
def test_SHR_3(self):
''' Instruction SHR_3
Groups:
0xf7fe4f38: shr eax, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f38] = '\xd3'
mem[0xf7fe4f39] = '\xe8'
cpu.EIP = 0xf7fe4f38
cpu.CL = 0x82
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0x2034006
cpu.PF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe4f38], '\xd3')
self.assertEqual(mem[0xf7fe4f39], '\xe8')
self.assertEqual(cpu.EIP, 4160638778)
self.assertEqual(cpu.CL, 130)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.EAX, 8441857)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
def test_SHR_4(self):
''' Instruction SHR_4
Groups:
0xf7fe4f34: shr edx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f34] = '\xd3'
mem[0xf7fe4f35] = '\xea'
cpu.EIP = 0xf7fe4f34
cpu.CL = 0x93
cpu.ZF = False
cpu.CF = True
cpu.PF = True
cpu.EDX = 0x20002000
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe4f34], '\xd3')
self.assertEqual(mem[0xf7fe4f35], '\xea')
self.assertEqual(cpu.EIP, 4160638774)
self.assertEqual(cpu.CL, 147)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EDX, 1024)
self.assertEqual(cpu.SF, False)
def test_SHR_5(self):
''' Instruction SHR_5
Groups:
0xf7fe4f34: shr edx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f34] = '\xd3'
mem[0xf7fe4f35] = '\xea'
cpu.EIP = 0xf7fe4f34
cpu.CL = 0x4e
cpu.ZF = False
cpu.CF = False
cpu.PF = True
cpu.EDX = 0x20002000
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe4f34], '\xd3')
self.assertEqual(mem[0xf7fe4f35], '\xea')
self.assertEqual(cpu.EIP, 4160638774)
self.assertEqual(cpu.CL, 78)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EDX, 32768)
self.assertEqual(cpu.SF, False)
def test_SHR_6(self):
''' Instruction SHR_6
Groups:
0xf7fe0b13: shr esi, 8
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe0000, 0x1000, 'rwx')
mem[0xf7fe0b13] = '\xc1'
mem[0xf7fe0b14] = '\xee'
mem[0xf7fe0b15] = '\x08'
cpu.EIP = 0xf7fe0b13
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = True
cpu.ESI = 0x607
cpu.execute()
self.assertEqual(mem[0xf7fe0b13], '\xc1')
self.assertEqual(mem[0xf7fe0b14], '\xee')
self.assertEqual(mem[0xf7fe0b15], '\x08')
self.assertEqual(cpu.EIP, 4160621334)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ESI, 6)
def test_SHR_7(self):
''' Instruction SHR_7
Groups:
0xf7fe54cb: shr edx, 1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54cb] = '\xd1'
mem[0xf7fe54cc] = '\xea'
cpu.EIP = 0xf7fe54cb
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.EDX = 0x1
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe54cb], '\xd1')
self.assertEqual(mem[0xf7fe54cc], '\xea')
self.assertEqual(cpu.EIP, 4160640205)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.SF, False)
def test_SHR_8(self):
''' Instruction SHR_8
Groups:
0xf7fe4fa4: shr dl, 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4fa4] = '\xc0'
mem[0xf7fe4fa5] = '\xea'
mem[0xf7fe4fa6] = '\x04'
cpu.EIP = 0xf7fe4fa4
cpu.DL = 0x11
cpu.ZF = False
cpu.CF = False
cpu.PF = True
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fe4fa4], '\xc0')
self.assertEqual(mem[0xf7fe4fa5], '\xea')
self.assertEqual(mem[0xf7fe4fa6], '\x04')
self.assertEqual(cpu.EIP, 4160638887)
self.assertEqual(cpu.DL, 1)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
def test_SHR_9(self):
''' Instruction SHR_9
Groups:
0xf7fe4f2e: shr edx, cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f2e] = '\xd3'
mem[0xf7fe4f2f] = '\xea'
cpu.EIP = 0xf7fe4f2e
cpu.CL = 0x5
cpu.ZF = True
cpu.CF = False
cpu.PF = True
cpu.EDX = 0xb23c806a
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe4f2e], '\xd3')
self.assertEqual(mem[0xf7fe4f2f], '\xea')
self.assertEqual(cpu.EIP, 4160638768)
self.assertEqual(cpu.CL, 5)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EDX, 93447171)
self.assertEqual(cpu.SF, False)
def test_STC_1(self):
''' Instruction STC_1
Groups:
0x8079441: stc
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079441] = '\xf9'
cpu.EIP = 0x8079441
cpu.CF = False
cpu.execute()
self.assertEqual(mem[0x8079441], '\xf9')
self.assertEqual(cpu.EIP, 134714434)
self.assertEqual(cpu.CF, True)
def test_STD_1(self):
''' Instruction STD_1
Groups:
0x8079387: std
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079387] = '\xfd'
cpu.DF = False
cpu.EIP = 0x8079387
cpu.execute()
self.assertEqual(mem[0x8079387], '\xfd')
self.assertEqual(cpu.DF, True)
self.assertEqual(cpu.EIP, 134714248)
def test_STMXCSR_1(self):
''' Instruction STMXCSR_1
Groups: sse1
0x80565d0: stmxcsr dword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08056000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '7'
mem[0xffffb601] = '\x01'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x080565d0] = '\x0f'
mem[0x080565d1] = '\xae'
mem[0x080565d2] = ']'
mem[0x080565d3] = '\x00'
cpu.EIP = 0x80565d0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x80')
self.assertEqual(mem[0xffffb601], '\x1f')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x80565d0], '\x0f')
self.assertEqual(mem[0x80565d1], '\xae')
self.assertEqual(mem[0x80565d2], ']')
self.assertEqual(mem[0x80565d3], '\x00')
self.assertEqual(cpu.EIP, 134571476)
self.assertEqual(cpu.EBP, 4294948352)
def test_STOSB_1(self):
''' Instruction STOSB_1
Groups:
0x8065f64: stosb byte ptr es:[edi], al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0x0807f000, 0x1000, 'rwx')
mem[0x0807f042] = '\x1e'
mem[0x08065f64] = '\xaa'
cpu.DF = False
cpu.EIP = 0x8065f64
cpu.EDI = 0x807f042
cpu.AL = 0xeb
cpu.execute()
self.assertEqual(mem[0x807f042], '\xeb')
self.assertEqual(mem[0x8065f64], '\xaa')
self.assertEqual(cpu.EIP, 134635365)
self.assertEqual(cpu.EDI, 134737987)
self.assertEqual(cpu.AL, 235)
def test_STOSD_1(self):
''' Instruction STOSD_1
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
mem[0xf7e14d20] = '\x00'
mem[0xf7e14d21] = '\x00'
mem[0xf7e14d22] = '\x00'
mem[0xf7e14d23] = '\x00'
mem[0xf7e14941] = '\x00'
mem[0xf7e14940] = '\x00'
mem[0xf7e14943] = '\x00'
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
mem[0xf7e14942] = '\x00'
cpu.ECX = 0x38
cpu.EIP = 0xf7fed5cc
cpu.EDI = 0xf7e14d20
cpu.ESI = 0xf7e14940
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7e14d20], '\x00')
self.assertEqual(mem[0xf7e14d21], '\x00')
self.assertEqual(mem[0xf7e14d22], '\x00')
self.assertEqual(mem[0xf7e14d23], '\x00')
self.assertEqual(mem[0xf7e14941], '\x00')
self.assertEqual(mem[0xf7e14940], '\x00')
self.assertEqual(mem[0xf7e14943], '\x00')
self.assertEqual(mem[0xf7fed5cc], '\xf3')
self.assertEqual(mem[0xf7fed5cd], '\xab')
self.assertEqual(mem[0xf7e14942], '\x00')
self.assertEqual(cpu.EIP, 4160673228)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.EDI, 4158737700)
self.assertEqual(cpu.ESI, 4158736704)
self.assertEqual(cpu.ECX, 55)
def test_STOSD_10(self):
''' Instruction STOSD_10
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
mem[0xf7e14b40] = '\x00'
mem[0xf7e14b41] = '\x00'
mem[0xf7e14b42] = '\x00'
mem[0xf7e14b43] = '\x00'
mem[0xf7e14941] = '\x00'
mem[0xf7e14940] = '\x00'
mem[0xf7e14943] = '\x00'
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
mem[0xf7e14942] = '\x00'
cpu.ECX = 0xb0
cpu.EIP = 0xf7fed5cc
cpu.EDI = 0xf7e14b40
cpu.ESI = 0xf7e14940
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7e14b40], '\x00')
self.assertEqual(mem[0xf7e14b41], '\x00')
self.assertEqual(mem[0xf7e14b42], '\x00')
self.assertEqual(mem[0xf7e14b43], '\x00')
self.assertEqual(mem[0xf7e14941], '\x00')
self.assertEqual(mem[0xf7e14940], '\x00')
self.assertEqual(mem[0xf7e14943], '\x00')
self.assertEqual(mem[0xf7fed5cc], '\xf3')
self.assertEqual(mem[0xf7fed5cd], '\xab')
self.assertEqual(mem[0xf7e14942], '\x00')
self.assertEqual(cpu.EIP, 4160673228)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.EDI, 4158737220)
self.assertEqual(cpu.ESI, 4158736704)
self.assertEqual(cpu.ECX, 175)
def test_STOSD_11(self):
''' Instruction STOSD_11
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
mem[0xf7e14940] = '\x00'
mem[0xf7e14941] = '\x00'
mem[0xf7e14942] = '\x00'
mem[0xf7e14943] = '\x00'
mem[0xf7e14b14] = '\x00'
mem[0xf7e14b15] = '\x00'
mem[0xf7e14b16] = '\x00'
mem[0xf7e14b17] = '\x00'
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
cpu.ECX = 0xbb
cpu.EIP = 0xf7fed5cc
cpu.EDI = 0xf7e14b14
cpu.ESI = 0xf7e14940
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7e14940], '\x00')
self.assertEqual(mem[0xf7e14941], '\x00')
self.assertEqual(mem[0xf7e14942], '\x00')
self.assertEqual(mem[0xf7e14943], '\x00')
self.assertEqual(mem[0xf7e14b14], '\x00')
self.assertEqual(mem[0xf7e14b15], '\x00')
self.assertEqual(mem[0xf7e14b16], '\x00')
self.assertEqual(mem[0xf7e14b17], '\x00')
self.assertEqual(mem[0xf7fed5cc], '\xf3')
self.assertEqual(mem[0xf7fed5cd], '\xab')
self.assertEqual(cpu.EIP, 4160673228)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.EDI, 4158737176)
self.assertEqual(cpu.ESI, 4158736704)
self.assertEqual(cpu.ECX, 186)
def test_STOSD_12(self):
''' Instruction STOSD_12
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
mem[0xf7e14ca0] = '\x00'
mem[0xf7e14ca1] = '\x00'
mem[0xf7e14ca2] = '\x00'
mem[0xf7e14ca3] = '\x00'
mem[0xf7e14941] = '\x00'
mem[0xf7e14940] = '\x00'
mem[0xf7e14943] = '\x00'
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
mem[0xf7e14942] = '\x00'
cpu.ECX = 0x58
cpu.EIP = 0xf7fed5cc
cpu.EDI = 0xf7e14ca0
cpu.ESI = 0xf7e14940
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7e14ca0], '\x00')
self.assertEqual(mem[0xf7e14ca1], '\x00')
self.assertEqual(mem[0xf7e14ca2], '\x00')
self.assertEqual(mem[0xf7e14ca3], '\x00')
self.assertEqual(mem[0xf7e14941], '\x00')
self.assertEqual(mem[0xf7e14940], '\x00')
self.assertEqual(mem[0xf7e14943], '\x00')
self.assertEqual(mem[0xf7fed5cc], '\xf3')
self.assertEqual(mem[0xf7fed5cd], '\xab')
self.assertEqual(mem[0xf7e14942], '\x00')
self.assertEqual(cpu.EIP, 4160673228)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.EDI, 4158737572)
self.assertEqual(cpu.ESI, 4158736704)
self.assertEqual(cpu.ECX, 87)
def test_STOSD_13(self):
''' Instruction STOSD_13
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
mem[0xf7e14940] = '\x00'
mem[0xf7e14941] = '\x00'
mem[0xf7e14942] = '\x00'
mem[0xf7e14943] = '\x00'
mem[0xf7e14a7c] = '\x00'
mem[0xf7e14a7f] = '\x00'
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
mem[0xf7e14a7e] = '\x00'
mem[0xf7e14a7d] = '\x00'
cpu.ECX = 0xe1
cpu.EIP = 0xf7fed5cc
cpu.EDI = 0xf7e14a7c
cpu.ESI = 0xf7e14940
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7e14940], '\x00')
self.assertEqual(mem[0xf7e14941], '\x00')
self.assertEqual(mem[0xf7e14942], '\x00')
self.assertEqual(mem[0xf7e14943], '\x00')
self.assertEqual(mem[0xf7e14a7c], '\x00')
self.assertEqual(mem[0xf7e14a7f], '\x00')
self.assertEqual(mem[0xf7fed5cc], '\xf3')
self.assertEqual(mem[0xf7fed5cd], '\xab')
self.assertEqual(mem[0xf7e14a7e], '\x00')
self.assertEqual(mem[0xf7e14a7d], '\x00')
self.assertEqual(cpu.EIP, 4160673228)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.EDI, 4158737024)
self.assertEqual(cpu.ESI, 4158736704)
self.assertEqual(cpu.ECX, 224)
def test_STOSD_14(self):
''' Instruction STOSD_14
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
mem[0xf7e14940] = '\x00'
mem[0xf7e14941] = '\x00'
mem[0xf7e14942] = '\x00'
mem[0xf7e14943] = '\x00'
mem[0xf7e14a31] = '\x00'
mem[0xf7e14a32] = '\x00'
mem[0xf7e14a30] = '\x00'
mem[0xf7e14a33] = '\x00'
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
cpu.ECX = 0xf4
cpu.EIP = 0xf7fed5cc
cpu.EDI = 0xf7e14a30
cpu.ESI = 0xf7e14940
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7e14940], '\x00')
self.assertEqual(mem[0xf7e14941], '\x00')
self.assertEqual(mem[0xf7e14942], '\x00')
self.assertEqual(mem[0xf7e14943], '\x00')
self.assertEqual(mem[0xf7e14a31], '\x00')
self.assertEqual(mem[0xf7e14a32], '\x00')
self.assertEqual(mem[0xf7e14a30], '\x00')
self.assertEqual(mem[0xf7e14a33], '\x00')
self.assertEqual(mem[0xf7fed5cc], '\xf3')
self.assertEqual(mem[0xf7fed5cd], '\xab')
self.assertEqual(cpu.EIP, 4160673228)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.EDI, 4158736948)
self.assertEqual(cpu.ESI, 4158736704)
self.assertEqual(cpu.ECX, 243)
def test_STOSD_15(self):
''' Instruction STOSD_15
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
mem[0xf7e14bc0] = '\x00'
mem[0xf7e14bc1] = '\x00'
mem[0xf7e14bc2] = '\x00'
mem[0xf7e14bc3] = '\x00'
mem[0xf7e14941] = '\x00'
mem[0xf7e14940] = '\x00'
mem[0xf7e14943] = '\x00'
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
mem[0xf7e14942] = '\x00'
cpu.ECX = 0x90
cpu.EIP = 0xf7fed5cc
cpu.EDI = 0xf7e14bc0
cpu.ESI = 0xf7e14940
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7e14bc0], '\x00')
self.assertEqual(mem[0xf7e14bc1], '\x00')
self.assertEqual(mem[0xf7e14bc2], '\x00')
self.assertEqual(mem[0xf7e14bc3], '\x00')
self.assertEqual(mem[0xf7e14941], '\x00')
self.assertEqual(mem[0xf7e14940], '\x00')
self.assertEqual(mem[0xf7e14943], '\x00')
self.assertEqual(mem[0xf7fed5cc], '\xf3')
self.assertEqual(mem[0xf7fed5cd], '\xab')
self.assertEqual(mem[0xf7e14942], '\x00')
self.assertEqual(cpu.EIP, 4160673228)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.EDI, 4158737348)
self.assertEqual(cpu.ESI, 4158736704)
self.assertEqual(cpu.ECX, 143)
def test_STOSD_16(self):
''' Instruction STOSD_16
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
mem[0xf7e14940] = '\x00'
mem[0xf7e14941] = '\x00'
mem[0xf7e14942] = '\x00'
mem[0xf7e14943] = '\x00'
mem[0xf7e14a98] = '\x00'
mem[0xf7e14a99] = '\x00'
mem[0xf7e14a9a] = '\x00'
mem[0xf7e14a9b] = '\x00'
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
cpu.ECX = 0xda
cpu.EIP = 0xf7fed5cc
cpu.EDI = 0xf7e14a98
cpu.ESI = 0xf7e14940
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7e14940], '\x00')
self.assertEqual(mem[0xf7e14941], '\x00')
self.assertEqual(mem[0xf7e14942], '\x00')
self.assertEqual(mem[0xf7e14943], '\x00')
self.assertEqual(mem[0xf7e14a98], '\x00')
self.assertEqual(mem[0xf7e14a99], '\x00')
self.assertEqual(mem[0xf7e14a9a], '\x00')
self.assertEqual(mem[0xf7e14a9b], '\x00')
self.assertEqual(mem[0xf7fed5cc], '\xf3')
self.assertEqual(mem[0xf7fed5cd], '\xab')
self.assertEqual(cpu.EIP, 4160673228)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.EDI, 4158737052)
self.assertEqual(cpu.ESI, 4158736704)
self.assertEqual(cpu.ECX, 217)
def test_STOSD_17(self):
''' Instruction STOSD_17
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
mem[0xf7e14a20] = '\x00'
mem[0xf7e14a21] = '\x00'
mem[0xf7e14a22] = '\x00'
mem[0xf7e14a23] = '\x00'
mem[0xf7e14941] = '\x00'
mem[0xf7e14940] = '\x00'
mem[0xf7e14943] = '\x00'
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
mem[0xf7e14942] = '\x00'
cpu.ECX = 0xf8
cpu.EIP = 0xf7fed5cc
cpu.EDI = 0xf7e14a20
cpu.ESI = 0xf7e14940
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7e14a20], '\x00')
self.assertEqual(mem[0xf7e14a21], '\x00')
self.assertEqual(mem[0xf7e14a22], '\x00')
self.assertEqual(mem[0xf7e14a23], '\x00')
self.assertEqual(mem[0xf7e14941], '\x00')
self.assertEqual(mem[0xf7e14940], '\x00')
self.assertEqual(mem[0xf7e14943], '\x00')
self.assertEqual(mem[0xf7fed5cc], '\xf3')
self.assertEqual(mem[0xf7fed5cd], '\xab')
self.assertEqual(mem[0xf7e14942], '\x00')
self.assertEqual(cpu.EIP, 4160673228)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.EDI, 4158736932)
self.assertEqual(cpu.ESI, 4158736704)
self.assertEqual(cpu.ECX, 247)
def test_STOSD_18(self):
''' Instruction STOSD_18
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
mem[0xf7e14940] = '\x00'
mem[0xf7e14941] = '\x00'
mem[0xf7e14942] = '\x00'
mem[0xf7e14943] = '\x00'
mem[0xf7e14d48] = '\x00'
mem[0xf7e14d49] = '\x00'
mem[0xf7e14d4a] = '\x00'
mem[0xf7e14d4b] = '\x00'
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
cpu.ECX = 0x2e
cpu.EIP = 0xf7fed5cc
cpu.EDI = 0xf7e14d48
cpu.ESI = 0xf7e14940
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7e14940], '\x00')
self.assertEqual(mem[0xf7e14941], '\x00')
self.assertEqual(mem[0xf7e14942], '\x00')
self.assertEqual(mem[0xf7e14943], '\x00')
self.assertEqual(mem[0xf7e14d48], '\x00')
self.assertEqual(mem[0xf7e14d49], '\x00')
self.assertEqual(mem[0xf7e14d4a], '\x00')
self.assertEqual(mem[0xf7e14d4b], '\x00')
self.assertEqual(mem[0xf7fed5cc], '\xf3')
self.assertEqual(mem[0xf7fed5cd], '\xab')
self.assertEqual(cpu.EIP, 4160673228)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.EDI, 4158737740)
self.assertEqual(cpu.ESI, 4158736704)
self.assertEqual(cpu.ECX, 45)
def test_STOSD_19(self):
''' Instruction STOSD_19
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
mem[0xf7e14940] = '\x00'
mem[0xf7e14941] = '\x00'
mem[0xf7e14942] = '\x00'
mem[0xf7e14943] = '\x00'
mem[0xf7e14afc] = '\x00'
mem[0xf7e14aff] = '\x00'
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
mem[0xf7e14afe] = '\x00'
mem[0xf7e14afd] = '\x00'
cpu.ECX = 0xc1
cpu.EIP = 0xf7fed5cc
cpu.EDI = 0xf7e14afc
cpu.ESI = 0xf7e14940
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7e14940], '\x00')
self.assertEqual(mem[0xf7e14941], '\x00')
self.assertEqual(mem[0xf7e14942], '\x00')
self.assertEqual(mem[0xf7e14943], '\x00')
self.assertEqual(mem[0xf7e14afc], '\x00')
self.assertEqual(mem[0xf7e14aff], '\x00')
self.assertEqual(mem[0xf7fed5cc], '\xf3')
self.assertEqual(mem[0xf7fed5cd], '\xab')
self.assertEqual(mem[0xf7e14afe], '\x00')
self.assertEqual(mem[0xf7e14afd], '\x00')
self.assertEqual(cpu.EIP, 4160673228)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.EDI, 4158737152)
self.assertEqual(cpu.ESI, 4158736704)
self.assertEqual(cpu.ECX, 192)
def test_STOSD_2(self):
''' Instruction STOSD_2
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
mem[0xf7e14940] = '\x00'
mem[0xf7e14941] = '\x00'
mem[0xf7e14942] = '\x00'
mem[0xf7e14943] = '\x00'
mem[0xf7e14a24] = '\x00'
mem[0xf7e14a25] = '\x00'
mem[0xf7e14a26] = '\x00'
mem[0xf7e14a27] = '\x00'
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
cpu.ECX = 0xf7
cpu.EIP = 0xf7fed5cc
cpu.EDI = 0xf7e14a24
cpu.ESI = 0xf7e14940
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7e14940], '\x00')
self.assertEqual(mem[0xf7e14941], '\x00')
self.assertEqual(mem[0xf7e14942], '\x00')
self.assertEqual(mem[0xf7e14943], '\x00')
self.assertEqual(mem[0xf7e14a24], '\x00')
self.assertEqual(mem[0xf7e14a25], '\x00')
self.assertEqual(mem[0xf7e14a26], '\x00')
self.assertEqual(mem[0xf7e14a27], '\x00')
self.assertEqual(mem[0xf7fed5cc], '\xf3')
self.assertEqual(mem[0xf7fed5cd], '\xab')
self.assertEqual(cpu.EIP, 4160673228)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.EDI, 4158736936)
self.assertEqual(cpu.ESI, 4158736704)
self.assertEqual(cpu.ECX, 246)
def test_STOSD_20(self):
''' Instruction STOSD_20
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
mem[0xf7e14940] = '\x00'
mem[0xf7e14941] = '\x00'
mem[0xf7e14942] = '\x00'
mem[0xf7e14943] = '\x00'
mem[0xf7e14a64] = '\x00'
mem[0xf7e14a65] = '\x00'
mem[0xf7e14a66] = '\x00'
mem[0xf7e14a67] = '\x00'
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
cpu.ECX = 0xe7
cpu.EIP = 0xf7fed5cc
cpu.EDI = 0xf7e14a64
cpu.ESI = 0xf7e14940
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7e14940], '\x00')
self.assertEqual(mem[0xf7e14941], '\x00')
self.assertEqual(mem[0xf7e14942], '\x00')
self.assertEqual(mem[0xf7e14943], '\x00')
self.assertEqual(mem[0xf7e14a64], '\x00')
self.assertEqual(mem[0xf7e14a65], '\x00')
self.assertEqual(mem[0xf7e14a66], '\x00')
self.assertEqual(mem[0xf7e14a67], '\x00')
self.assertEqual(mem[0xf7fed5cc], '\xf3')
self.assertEqual(mem[0xf7fed5cd], '\xab')
self.assertEqual(cpu.EIP, 4160673228)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.EDI, 4158737000)
self.assertEqual(cpu.ESI, 4158736704)
self.assertEqual(cpu.ECX, 230)
def test_STOSD_21(self):
''' Instruction STOSD_21
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
mem[0xf7e14940] = '\x00'
mem[0xf7e14941] = '\x00'
mem[0xf7e14942] = '\x00'
mem[0xf7e14943] = '\x00'
mem[0xf7e14cf4] = '\x00'
mem[0xf7e14cf5] = '\x00'
mem[0xf7e14cf6] = '\x00'
mem[0xf7e14cf7] = '\x00'
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
cpu.ECX = 0x43
cpu.EIP = 0xf7fed5cc
cpu.EDI = 0xf7e14cf4
cpu.ESI = 0xf7e14940
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7e14940], '\x00')
self.assertEqual(mem[0xf7e14941], '\x00')
self.assertEqual(mem[0xf7e14942], '\x00')
self.assertEqual(mem[0xf7e14943], '\x00')
self.assertEqual(mem[0xf7e14cf4], '\x00')
self.assertEqual(mem[0xf7e14cf5], '\x00')
self.assertEqual(mem[0xf7e14cf6], '\x00')
self.assertEqual(mem[0xf7e14cf7], '\x00')
self.assertEqual(mem[0xf7fed5cc], '\xf3')
self.assertEqual(mem[0xf7fed5cd], '\xab')
self.assertEqual(cpu.EIP, 4160673228)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.EDI, 4158737656)
self.assertEqual(cpu.ESI, 4158736704)
self.assertEqual(cpu.ECX, 66)
def test_STOSD_3(self):
''' Instruction STOSD_3
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
mem[0xf7e14940] = '\x00'
mem[0xf7e14941] = '\x00'
mem[0xf7e14942] = '\x00'
mem[0xf7e14943] = '\x00'
mem[0xf7e14abc] = '\x00'
mem[0xf7e14abf] = '\x00'
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
mem[0xf7e14abe] = '\x00'
mem[0xf7e14abd] = '\x00'
cpu.ECX = 0xd1
cpu.EIP = 0xf7fed5cc
cpu.EDI = 0xf7e14abc
cpu.ESI = 0xf7e14940
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7e14940], '\x00')
self.assertEqual(mem[0xf7e14941], '\x00')
self.assertEqual(mem[0xf7e14942], '\x00')
self.assertEqual(mem[0xf7e14943], '\x00')
self.assertEqual(mem[0xf7e14abc], '\x00')
self.assertEqual(mem[0xf7e14abf], '\x00')
self.assertEqual(mem[0xf7fed5cc], '\xf3')
self.assertEqual(mem[0xf7fed5cd], '\xab')
self.assertEqual(mem[0xf7e14abe], '\x00')
self.assertEqual(mem[0xf7e14abd], '\x00')
self.assertEqual(cpu.EIP, 4160673228)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.EDI, 4158737088)
self.assertEqual(cpu.ESI, 4158736704)
self.assertEqual(cpu.ECX, 208)
def test_STOSD_4(self):
''' Instruction STOSD_4
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
mem[0xf7e14940] = '\x00'
mem[0xf7e14941] = '\x00'
mem[0xf7e14942] = '\x00'
mem[0xf7e14943] = '\x00'
mem[0xf7e14dc4] = '\x00'
mem[0xf7e14dc5] = '\x00'
mem[0xf7e14dc6] = '\x00'
mem[0xf7e14dc7] = '\x00'
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
cpu.ECX = 0xf
cpu.EIP = 0xf7fed5cc
cpu.EDI = 0xf7e14dc4
cpu.ESI = 0xf7e14940
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7e14940], '\x00')
self.assertEqual(mem[0xf7e14941], '\x00')
self.assertEqual(mem[0xf7e14942], '\x00')
self.assertEqual(mem[0xf7e14943], '\x00')
self.assertEqual(mem[0xf7e14dc4], '\x00')
self.assertEqual(mem[0xf7e14dc5], '\x00')
self.assertEqual(mem[0xf7e14dc6], '\x00')
self.assertEqual(mem[0xf7e14dc7], '\x00')
self.assertEqual(mem[0xf7fed5cc], '\xf3')
self.assertEqual(mem[0xf7fed5cd], '\xab')
self.assertEqual(cpu.EIP, 4160673228)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.EDI, 4158737864)
self.assertEqual(cpu.ESI, 4158736704)
self.assertEqual(cpu.ECX, 14)
def test_STOSD_5(self):
''' Instruction STOSD_5
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
mem[0xf7e14940] = '\x00'
mem[0xf7e14941] = '\x00'
mem[0xf7e14942] = '\x00'
mem[0xf7e14943] = '\x00'
mem[0xf7e14c94] = '\x00'
mem[0xf7e14c95] = '\x00'
mem[0xf7e14c96] = '\x00'
mem[0xf7e14c97] = '\x00'
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
cpu.ECX = 0x5b
cpu.EIP = 0xf7fed5cc
cpu.EDI = 0xf7e14c94
cpu.ESI = 0xf7e14940
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7e14940], '\x00')
self.assertEqual(mem[0xf7e14941], '\x00')
self.assertEqual(mem[0xf7e14942], '\x00')
self.assertEqual(mem[0xf7e14943], '\x00')
self.assertEqual(mem[0xf7e14c94], '\x00')
self.assertEqual(mem[0xf7e14c95], '\x00')
self.assertEqual(mem[0xf7e14c96], '\x00')
self.assertEqual(mem[0xf7e14c97], '\x00')
self.assertEqual(mem[0xf7fed5cc], '\xf3')
self.assertEqual(mem[0xf7fed5cd], '\xab')
self.assertEqual(cpu.EIP, 4160673228)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.EDI, 4158737560)
self.assertEqual(cpu.ESI, 4158736704)
self.assertEqual(cpu.ECX, 90)
def test_STOSD_6(self):
''' Instruction STOSD_6
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
mem[0xf7e14940] = '\x00'
mem[0xf7e14941] = '\x00'
mem[0xf7e14942] = '\x00'
mem[0xf7e14943] = '\x00'
mem[0xf7e14ce4] = '\x00'
mem[0xf7e14ce5] = '\x00'
mem[0xf7e14ce6] = '\x00'
mem[0xf7e14ce7] = '\x00'
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
cpu.ECX = 0x47
cpu.EIP = 0xf7fed5cc
cpu.EDI = 0xf7e14ce4
cpu.ESI = 0xf7e14940
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7e14940], '\x00')
self.assertEqual(mem[0xf7e14941], '\x00')
self.assertEqual(mem[0xf7e14942], '\x00')
self.assertEqual(mem[0xf7e14943], '\x00')
self.assertEqual(mem[0xf7e14ce4], '\x00')
self.assertEqual(mem[0xf7e14ce5], '\x00')
self.assertEqual(mem[0xf7e14ce6], '\x00')
self.assertEqual(mem[0xf7e14ce7], '\x00')
self.assertEqual(mem[0xf7fed5cc], '\xf3')
self.assertEqual(mem[0xf7fed5cd], '\xab')
self.assertEqual(cpu.EIP, 4160673228)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.EDI, 4158737640)
self.assertEqual(cpu.ESI, 4158736704)
self.assertEqual(cpu.ECX, 70)
def test_STOSD_7(self):
''' Instruction STOSD_7
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
mem[0xf7e14940] = '\x00'
mem[0xf7e14941] = '\x00'
mem[0xf7e14942] = '\x00'
mem[0xf7e14943] = '\x00'
mem[0xf7e14cd4] = '\x00'
mem[0xf7e14cd5] = '\x00'
mem[0xf7e14cd6] = '\x00'
mem[0xf7e14cd7] = '\x00'
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
cpu.ECX = 0x4b
cpu.EIP = 0xf7fed5cc
cpu.EDI = 0xf7e14cd4
cpu.ESI = 0xf7e14940
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7e14940], '\x00')
self.assertEqual(mem[0xf7e14941], '\x00')
self.assertEqual(mem[0xf7e14942], '\x00')
self.assertEqual(mem[0xf7e14943], '\x00')
self.assertEqual(mem[0xf7e14cd4], '\x00')
self.assertEqual(mem[0xf7e14cd5], '\x00')
self.assertEqual(mem[0xf7e14cd6], '\x00')
self.assertEqual(mem[0xf7e14cd7], '\x00')
self.assertEqual(mem[0xf7fed5cc], '\xf3')
self.assertEqual(mem[0xf7fed5cd], '\xab')
self.assertEqual(cpu.EIP, 4160673228)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.EDI, 4158737624)
self.assertEqual(cpu.ESI, 4158736704)
self.assertEqual(cpu.ECX, 74)
def test_STOSD_8(self):
''' Instruction STOSD_8
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
mem[0xf7e14ce0] = '\x00'
mem[0xf7e14ce1] = '\x00'
mem[0xf7e14ce2] = '\x00'
mem[0xf7e14ce3] = '\x00'
mem[0xf7e14941] = '\x00'
mem[0xf7e14940] = '\x00'
mem[0xf7e14943] = '\x00'
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
mem[0xf7e14942] = '\x00'
cpu.ECX = 0x48
cpu.EIP = 0xf7fed5cc
cpu.EDI = 0xf7e14ce0
cpu.ESI = 0xf7e14940
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7e14ce0], '\x00')
self.assertEqual(mem[0xf7e14ce1], '\x00')
self.assertEqual(mem[0xf7e14ce2], '\x00')
self.assertEqual(mem[0xf7e14ce3], '\x00')
self.assertEqual(mem[0xf7e14941], '\x00')
self.assertEqual(mem[0xf7e14940], '\x00')
self.assertEqual(mem[0xf7e14943], '\x00')
self.assertEqual(mem[0xf7fed5cc], '\xf3')
self.assertEqual(mem[0xf7fed5cd], '\xab')
self.assertEqual(mem[0xf7e14942], '\x00')
self.assertEqual(cpu.EIP, 4160673228)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.EDI, 4158737636)
self.assertEqual(cpu.ESI, 4158736704)
self.assertEqual(cpu.ECX, 71)
def test_STOSD_9(self):
''' Instruction STOSD_9
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
mem[0xf7e14940] = '\x00'
mem[0xf7e14941] = '\x00'
mem[0xf7e14942] = '\x00'
mem[0xf7e14943] = '\x00'
mem[0xf7e14bb4] = '\x00'
mem[0xf7e14bb5] = '\x00'
mem[0xf7e14bb6] = '\x00'
mem[0xf7e14bb7] = '\x00'
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
cpu.ECX = 0x93
cpu.EIP = 0xf7fed5cc
cpu.EDI = 0xf7e14bb4
cpu.ESI = 0xf7e14940
cpu.EAX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7e14940], '\x00')
self.assertEqual(mem[0xf7e14941], '\x00')
self.assertEqual(mem[0xf7e14942], '\x00')
self.assertEqual(mem[0xf7e14943], '\x00')
self.assertEqual(mem[0xf7e14bb4], '\x00')
self.assertEqual(mem[0xf7e14bb5], '\x00')
self.assertEqual(mem[0xf7e14bb6], '\x00')
self.assertEqual(mem[0xf7e14bb7], '\x00')
self.assertEqual(mem[0xf7fed5cc], '\xf3')
self.assertEqual(mem[0xf7fed5cd], '\xab')
self.assertEqual(cpu.EIP, 4160673228)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.EDI, 4158737336)
self.assertEqual(cpu.ESI, 4158736704)
self.assertEqual(cpu.ECX, 146)
def test_STOSW_1(self):
''' Instruction STOSW_1
Groups:
0x8065f65: stosw word ptr es:[edi], ax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0x0807f000, 0x1000, 'rwx')
mem[0x0807f043] = '\xed'
mem[0x0807f044] = '\xed'
mem[0x08065f65] = 'f'
mem[0x08065f66] = '\xab'
cpu.DF = False
cpu.EIP = 0x8065f65
cpu.EDI = 0x807f043
cpu.AX = 0xffeb
cpu.execute()
self.assertEqual(mem[0x807f043], '\xeb')
self.assertEqual(mem[0x807f044], '\xff')
self.assertEqual(mem[0x8065f65], 'f')
self.assertEqual(mem[0x8065f66], '\xab')
self.assertEqual(cpu.EIP, 134635367)
self.assertEqual(cpu.EDI, 134737989)
self.assertEqual(cpu.AX, 65515)
def test_SUB_1(self):
''' Instruction SUB_1
Groups:
0xf7ff3ee0: sub edx, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ee0] = ')'
mem[0xf7ff3ee1] = '\xca'
cpu.EIP = 0xf7ff3ee0
cpu.EDX = 0x0
cpu.PF = True
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.ECX = 0x67
cpu.CF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7ff3ee0], ')')
self.assertEqual(mem[0xf7ff3ee1], '\xca')
self.assertEqual(cpu.EIP, 4160700130)
self.assertEqual(cpu.EDX, 4294967193)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.ECX, 103)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.SF, True)
def test_SUB_10(self):
''' Instruction SUB_10
Groups:
0xf7ff3ee0: sub edx, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ee0] = ')'
mem[0xf7ff3ee1] = '\xca'
cpu.EIP = 0xf7ff3ee0
cpu.EDX = 0x0
cpu.PF = True
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.ECX = 0x6362696c
cpu.CF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7ff3ee0], ')')
self.assertEqual(mem[0xf7ff3ee1], '\xca')
self.assertEqual(cpu.EIP, 4160700130)
self.assertEqual(cpu.EDX, 2627573396)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.ECX, 1667393900)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.SF, True)
def test_SUB_11(self):
''' Instruction SUB_11
Groups:
0x8065f3a: sub dword ptr [ebp], -1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = 'I'
mem[0xffffb601] = '\xfb'
mem[0xffffb602] = '\x0f'
mem[0xffffb603] = '\xff'
mem[0x08065f3a] = '\x83'
mem[0x08065f3b] = 'm'
mem[0x08065f3c] = '\x00'
mem[0x08065f3d] = '\xff'
cpu.EIP = 0x8065f3a
cpu.EBP = 0xffffb600
cpu.PF = False
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = True
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xffffb600], 'J')
self.assertEqual(mem[0xffffb601], '\xfb')
self.assertEqual(mem[0xffffb602], '\x0f')
self.assertEqual(mem[0xffffb603], '\xff')
self.assertEqual(mem[0x8065f3a], '\x83')
self.assertEqual(mem[0x8065f3b], 'm')
self.assertEqual(mem[0x8065f3c], '\x00')
self.assertEqual(mem[0x8065f3d], '\xff')
self.assertEqual(cpu.EIP, 134635326)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.SF, True)
def test_SUB_12(self):
''' Instruction SUB_12
Groups:
0xf7fe7300: sub esp, 0x14
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7300] = '\x83'
mem[0xf7fe7301] = '\xec'
mem[0xf7fe7302] = '\x14'
cpu.EIP = 0xf7fe7300
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = True
cpu.ESP = 0xffffd454
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe7300], '\x83')
self.assertEqual(mem[0xf7fe7301], '\xec')
self.assertEqual(mem[0xf7fe7302], '\x14')
self.assertEqual(cpu.EIP, 4160647939)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.ESP, 4294956096)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, True)
def test_SUB_13(self):
''' Instruction SUB_13
Groups:
0xf7fe7300: sub esp, 0x14
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7300] = '\x83'
mem[0xf7fe7301] = '\xec'
mem[0xf7fe7302] = '\x14'
cpu.EIP = 0xf7fe7300
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = True
cpu.ESP = 0xffffd454
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe7300], '\x83')
self.assertEqual(mem[0xf7fe7301], '\xec')
self.assertEqual(mem[0xf7fe7302], '\x14')
self.assertEqual(cpu.EIP, 4160647939)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.ESP, 4294956096)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, True)
def test_SUB_14(self):
''' Instruction SUB_14
Groups:
0xf7feae13: sub ebp, 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fea000, 0x1000, 'rwx')
mem[0xf7feae13] = '\x83'
mem[0xf7feae14] = '\xed'
mem[0xf7feae15] = '\x04'
cpu.EIP = 0xf7feae13
cpu.EBP = 0x8
cpu.PF = False
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7feae13], '\x83')
self.assertEqual(mem[0xf7feae14], '\xed')
self.assertEqual(mem[0xf7feae15], '\x04')
self.assertEqual(cpu.EIP, 4160663062)
self.assertEqual(cpu.EBP, 4)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_SUB_15(self):
''' Instruction SUB_15
Groups:
0xf7fe7300: sub esp, 0x14
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7300] = '\x83'
mem[0xf7fe7301] = '\xec'
mem[0xf7fe7302] = '\x14'
cpu.EIP = 0xf7fe7300
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = True
cpu.ESP = 0xffffd454
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe7300], '\x83')
self.assertEqual(mem[0xf7fe7301], '\xec')
self.assertEqual(mem[0xf7fe7302], '\x14')
self.assertEqual(cpu.EIP, 4160647939)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.ESP, 4294956096)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, True)
def test_SUB_16(self):
''' Instruction SUB_16
Groups:
0x8065f28: sub dword ptr [ebp], 4
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = 'L'
mem[0xffffb601] = '|'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x08065f28] = '\x83'
mem[0x08065f29] = 'm'
mem[0x08065f2a] = '\x00'
mem[0x08065f2b] = '\x04'
cpu.EIP = 0x8065f28
cpu.EBP = 0xffffb600
cpu.PF = False
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xffffb600], 'H')
self.assertEqual(mem[0xffffb601], '|')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x8065f28], '\x83')
self.assertEqual(mem[0x8065f29], 'm')
self.assertEqual(mem[0x8065f2a], '\x00')
self.assertEqual(mem[0x8065f2b], '\x04')
self.assertEqual(cpu.EIP, 134635308)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_SUB_17(self):
''' Instruction SUB_17
Groups:
0xf7fe4c88: sub esp, 0x2c
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4c88] = '\x83'
mem[0xf7fe4c89] = '\xec'
mem[0xf7fe4c8a] = ','
cpu.EIP = 0xf7fe4c88
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.ESP = 0xffffd2dc
cpu.CF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fe4c88], '\x83')
self.assertEqual(mem[0xf7fe4c89], '\xec')
self.assertEqual(mem[0xf7fe4c8a], ',')
self.assertEqual(cpu.EIP, 4160638091)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.ESP, 4294955696)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, True)
def test_SUB_18(self):
''' Instruction SUB_18
Groups:
0xf7fe4c88: sub esp, 0x2c
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4c88] = '\x83'
mem[0xf7fe4c89] = '\xec'
mem[0xf7fe4c8a] = ','
cpu.EIP = 0xf7fe4c88
cpu.PF = False
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.ESP = 0xffffd2dc
cpu.CF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fe4c88], '\x83')
self.assertEqual(mem[0xf7fe4c89], '\xec')
self.assertEqual(mem[0xf7fe4c8a], ',')
self.assertEqual(cpu.EIP, 4160638091)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.ESP, 4294955696)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, True)
def test_SUB_19(self):
''' Instruction SUB_19
Groups:
0xf7eaa004: sub esp, 0x2c
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa004] = '\x83'
mem[0xf7eaa005] = '\xec'
mem[0xf7eaa006] = ','
cpu.EIP = 0xf7eaa004
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = True
cpu.ESP = 0xffffd5ac
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7eaa004], '\x83')
self.assertEqual(mem[0xf7eaa005], '\xec')
self.assertEqual(mem[0xf7eaa006], ',')
self.assertEqual(cpu.EIP, 4159348743)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.ESP, 4294956416)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, True)
def test_SUB_2(self):
''' Instruction SUB_2
Groups:
0xf7fe7300: sub esp, 0x14
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7300] = '\x83'
mem[0xf7fe7301] = '\xec'
mem[0xf7fe7302] = '\x14'
cpu.EIP = 0xf7fe7300
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = True
cpu.ESP = 0xffffd454
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe7300], '\x83')
self.assertEqual(mem[0xf7fe7301], '\xec')
self.assertEqual(mem[0xf7fe7302], '\x14')
self.assertEqual(cpu.EIP, 4160647939)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.ESP, 4294956096)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, True)
def test_SUB_20(self):
''' Instruction SUB_20
Groups:
0xf7fe567b: sub esp, 0xac
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe5680] = '\x00'
mem[0xf7fe567b] = '\x81'
mem[0xf7fe567c] = '\xec'
mem[0xf7fe567d] = '\xac'
mem[0xf7fe567e] = '\x00'
mem[0xf7fe567f] = '\x00'
cpu.EIP = 0xf7fe567b
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.ESP = 0xffffd42c
cpu.CF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fe5680], '\x00')
self.assertEqual(mem[0xf7fe567b], '\x81')
self.assertEqual(mem[0xf7fe567c], '\xec')
self.assertEqual(mem[0xf7fe567d], '\xac')
self.assertEqual(mem[0xf7fe567e], '\x00')
self.assertEqual(mem[0xf7fe567f], '\x00')
self.assertEqual(cpu.EIP, 4160640641)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.ESP, 4294955904)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, True)
def test_SUB_21(self):
''' Instruction SUB_21
Groups:
0xf7ff0e38: sub edx, 3
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff0e38] = '\x83'
mem[0xf7ff0e39] = '\xea'
mem[0xf7ff0e3a] = '\x03'
cpu.EIP = 0xf7ff0e38
cpu.EDX = 0xe
cpu.PF = False
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7ff0e38], '\x83')
self.assertEqual(mem[0xf7ff0e39], '\xea')
self.assertEqual(mem[0xf7ff0e3a], '\x03')
self.assertEqual(cpu.EIP, 4160687675)
self.assertEqual(cpu.EDX, 11)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_SUB_3(self):
''' Instruction SUB_3
Groups:
0xf7fe4e16: sub esp, 0x7c
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4e18] = '|'
mem[0xf7fe4e16] = '\x83'
mem[0xf7fe4e17] = '\xec'
cpu.EIP = 0xf7fe4e16
cpu.PF = False
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.ESP = 0xffffd36c
cpu.CF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fe4e18], '|')
self.assertEqual(mem[0xf7fe4e16], '\x83')
self.assertEqual(mem[0xf7fe4e17], '\xec')
self.assertEqual(cpu.EIP, 4160638489)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.ESP, 4294955760)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, True)
def test_SUB_4(self):
''' Instruction SUB_4
Groups:
0xf7fe7437: sub eax, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7438] = '\xd0'
mem[0xf7fe7437] = ')'
cpu.EIP = 0xf7fe7437
cpu.EAX = 0x10
cpu.PF = False
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EDX = 0x4c
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe7438], '\xd0')
self.assertEqual(mem[0xf7fe7437], ')')
self.assertEqual(cpu.EIP, 4160648249)
self.assertEqual(cpu.EAX, 4294967236)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.EDX, 76)
self.assertEqual(cpu.SF, True)
def test_SUB_5(self):
''' Instruction SUB_5
Groups:
0xf7fdccc9: sub esp, 0x20
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fdc000, 0x1000, 'rwx')
mem[0xf7fdccc9] = '\x83'
mem[0xf7fdccca] = '\xec'
mem[0xf7fdcccb] = ' '
cpu.EIP = 0xf7fdccc9
cpu.PF = True
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.ESP = 0xffffd4f0
cpu.CF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fdccc9], '\x83')
self.assertEqual(mem[0xf7fdccca], '\xec')
self.assertEqual(mem[0xf7fdcccb], ' ')
self.assertEqual(cpu.EIP, 4160605388)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.ESP, 4294956240)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, True)
def test_SUB_6(self):
''' Instruction SUB_6
Groups:
0xf7fe7300: sub esp, 0x14
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7300] = '\x83'
mem[0xf7fe7301] = '\xec'
mem[0xf7fe7302] = '\x14'
cpu.EIP = 0xf7fe7300
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = True
cpu.ESP = 0xffffd454
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe7300], '\x83')
self.assertEqual(mem[0xf7fe7301], '\xec')
self.assertEqual(mem[0xf7fe7302], '\x14')
self.assertEqual(cpu.EIP, 4160647939)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.ESP, 4294956096)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, True)
def test_SUB_7(self):
''' Instruction SUB_7
Groups:
0xf7eaa234: sub eax, 0xb9
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa238] = '\x00'
mem[0xf7eaa234] = '-'
mem[0xf7eaa235] = '\xb9'
mem[0xf7eaa236] = '\x00'
mem[0xf7eaa237] = '\x00'
cpu.EIP = 0xf7eaa234
cpu.EAX = 0xbc
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = True
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7eaa238], '\x00')
self.assertEqual(mem[0xf7eaa234], '-')
self.assertEqual(mem[0xf7eaa235], '\xb9')
self.assertEqual(mem[0xf7eaa236], '\x00')
self.assertEqual(mem[0xf7eaa237], '\x00')
self.assertEqual(cpu.EIP, 4159349305)
self.assertEqual(cpu.EAX, 3)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_SUB_8(self):
''' Instruction SUB_8
Groups:
0xf7fe4e16: sub esp, 0x7c
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4e18] = '|'
mem[0xf7fe4e16] = '\x83'
mem[0xf7fe4e17] = '\xec'
cpu.EIP = 0xf7fe4e16
cpu.PF = False
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.ESP = 0xffffd36c
cpu.CF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fe4e18], '|')
self.assertEqual(mem[0xf7fe4e16], '\x83')
self.assertEqual(mem[0xf7fe4e17], '\xec')
self.assertEqual(cpu.EIP, 4160638489)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.ESP, 4294955760)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, True)
def test_SUB_9(self):
''' Instruction SUB_9
Groups:
0xf7ff1671: sub esp, 0x18
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem[0xf7ff1671] = '\x83'
mem[0xf7ff1672] = '\xec'
mem[0xf7ff1673] = '\x18'
cpu.EIP = 0xf7ff1671
cpu.PF = True
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.ESP = 0xffffd3d8
cpu.CF = True
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7ff1671], '\x83')
self.assertEqual(mem[0xf7ff1672], '\xec')
self.assertEqual(mem[0xf7ff1673], '\x18')
self.assertEqual(cpu.EIP, 4160689780)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.ESP, 4294955968)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, True)
def test_TEST_1(self):
''' Instruction TEST_1
Groups:
0xf7fe4ec7: test byte ptr [esi + 0x195], 0x20
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4ec7] = '\xf6'
mem[0xf7fe4ec8] = '\x86'
mem[0xf7fe4ec9] = '\x95'
mem[0xf7fe4eca] = '\x01'
mem[0xf7fe4ecb] = '\x00'
mem[0xf7fe4ecc] = '\x00'
mem[0xf7fe4ecd] = ' '
mem[0xf7fda9ed] = '@'
cpu.EIP = 0xf7fe4ec7
cpu.OF = False
cpu.ZF = True
cpu.CF = False
cpu.PF = True
cpu.SF = False
cpu.ESI = 0xf7fda858
cpu.execute()
self.assertEqual(mem[0xf7fe4ec7], '\xf6')
self.assertEqual(mem[0xf7fe4ec8], '\x86')
self.assertEqual(mem[0xf7fe4ec9], '\x95')
self.assertEqual(mem[0xf7fe4eca], '\x01')
self.assertEqual(mem[0xf7fe4ecb], '\x00')
self.assertEqual(mem[0xf7fe4ecc], '\x00')
self.assertEqual(mem[0xf7fe4ecd], ' ')
self.assertEqual(mem[0xf7fda9ed], '@')
self.assertEqual(cpu.EIP, 4160638670)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ESI, 4160596056)
def test_TEST_10(self):
''' Instruction TEST_10
Groups:
0xf7fe56af: test al, al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56b0] = '\xc0'
mem[0xf7fe56af] = '\x84'
cpu.EIP = 0xf7fe56af
cpu.OF = False
cpu.ZF = False
cpu.AL = 0x5f
cpu.CF = False
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe56b0], '\xc0')
self.assertEqual(mem[0xf7fe56af], '\x84')
self.assertEqual(cpu.EIP, 4160640689)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.AL, 95)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_TEST_11(self):
''' Instruction TEST_11
Groups:
0xf7fe9ea0: test eax, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9ea0] = '\x85'
mem[0xf7fe9ea1] = '\xc0'
cpu.EIP = 0xf7fe9ea0
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0x9
cpu.PF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fe9ea0], '\x85')
self.assertEqual(mem[0xf7fe9ea1], '\xc0')
self.assertEqual(cpu.EIP, 4160659106)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 9)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_TEST_12(self):
''' Instruction TEST_12
Groups:
0xf7fe4eb3: test byte ptr [esp + 0x6c], 2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe4eb3] = '\xf6'
mem[0xf7fe4eb4] = 'D'
mem[0xf7fe4eb5] = '$'
mem[0xf7fe4eb6] = 'l'
mem[0xf7fe4eb7] = '\x02'
mem[0xffffd35c] = '\x00'
cpu.EIP = 0xf7fe4eb3
cpu.ESP = 0xffffd2f0
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fe4eb3], '\xf6')
self.assertEqual(mem[0xf7fe4eb4], 'D')
self.assertEqual(mem[0xf7fe4eb5], '$')
self.assertEqual(mem[0xf7fe4eb6], 'l')
self.assertEqual(mem[0xf7fe4eb7], '\x02')
self.assertEqual(mem[0xffffd35c], '\x00')
self.assertEqual(cpu.EIP, 4160638648)
self.assertEqual(cpu.ESP, 4294955760)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_TEST_13(self):
''' Instruction TEST_13
Groups:
0xf7fe57d4: test edx, 0x804
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe57d4] = '\xf7'
mem[0xf7fe57d5] = '\xc2'
mem[0xf7fe57d6] = '\x04'
mem[0xf7fe57d7] = '\x08'
mem[0xf7fe57d8] = '\x00'
mem[0xf7fe57d9] = '\x00'
cpu.EIP = 0xf7fe57d4
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.EDX = 0x0
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe57d4], '\xf7')
self.assertEqual(mem[0xf7fe57d5], '\xc2')
self.assertEqual(mem[0xf7fe57d6], '\x04')
self.assertEqual(mem[0xf7fe57d7], '\x08')
self.assertEqual(mem[0xf7fe57d8], '\x00')
self.assertEqual(mem[0xf7fe57d9], '\x00')
self.assertEqual(cpu.EIP, 4160640986)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.SF, False)
def test_TEST_14(self):
''' Instruction TEST_14
Groups:
0xf7fe56af: test al, al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56b0] = '\xc0'
mem[0xf7fe56af] = '\x84'
cpu.EIP = 0xf7fe56af
cpu.OF = False
cpu.ZF = False
cpu.AL = 0x74
cpu.CF = False
cpu.PF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fe56b0], '\xc0')
self.assertEqual(mem[0xf7fe56af], '\x84')
self.assertEqual(cpu.EIP, 4160640689)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.AL, 116)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_TEST_15(self):
''' Instruction TEST_15
Groups:
0xf7ff3e70: test al, al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e70] = '\x84'
mem[0xf7ff3e71] = '\xc0'
cpu.EIP = 0xf7ff3e70
cpu.OF = False
cpu.ZF = False
cpu.AL = 0x4f
cpu.CF = False
cpu.PF = True
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7ff3e70], '\x84')
self.assertEqual(mem[0xf7ff3e71], '\xc0')
self.assertEqual(cpu.EIP, 4160700018)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.AL, 79)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
def test_TEST_16(self):
''' Instruction TEST_16
Groups:
0xf7fe56f3: test eax, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56f3] = '\x85'
mem[0xf7fe56f4] = '\xc0'
cpu.EIP = 0xf7fe56f3
cpu.OF = False
cpu.ZF = True
cpu.CF = False
cpu.EAX = 0xf7ffda94
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe56f3], '\x85')
self.assertEqual(mem[0xf7fe56f4], '\xc0')
self.assertEqual(cpu.EIP, 4160640757)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 4160739988)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, True)
def test_TEST_17(self):
''' Instruction TEST_17
Groups:
0xf7fe722e: test edi, edi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe722e] = '\x85'
mem[0xf7fe722f] = '\xff'
cpu.EIP = 0xf7fe722e
cpu.OF = False
cpu.ZF = False
cpu.EDI = 0x6
cpu.CF = True
cpu.PF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fe722e], '\x85')
self.assertEqual(mem[0xf7fe722f], '\xff')
self.assertEqual(cpu.EIP, 4160647728)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.EDI, 6)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_TEST_18(self):
''' Instruction TEST_18
Groups:
0xf7fe56af: test al, al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56b0] = '\xc0'
mem[0xf7fe56af] = '\x84'
cpu.EIP = 0xf7fe56af
cpu.OF = False
cpu.ZF = False
cpu.AL = 0x63
cpu.CF = False
cpu.PF = True
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fe56b0], '\xc0')
self.assertEqual(mem[0xf7fe56af], '\x84')
self.assertEqual(cpu.EIP, 4160640689)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.AL, 99)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_TEST_19(self):
''' Instruction TEST_19
Groups:
0xf7fe56af: test al, al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56b0] = '\xc0'
mem[0xf7fe56af] = '\x84'
cpu.EIP = 0xf7fe56af
cpu.OF = False
cpu.ZF = False
cpu.AL = 0x0
cpu.CF = False
cpu.PF = True
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fe56b0], '\xc0')
self.assertEqual(mem[0xf7fe56af], '\x84')
self.assertEqual(cpu.EIP, 4160640689)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.AL, 0)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_TEST_2(self):
''' Instruction TEST_2
Groups:
0xf7fe56af: test al, al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56b0] = '\xc0'
mem[0xf7fe56af] = '\x84'
cpu.EIP = 0xf7fe56af
cpu.OF = False
cpu.ZF = False
cpu.AL = 0x70
cpu.CF = False
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe56b0], '\xc0')
self.assertEqual(mem[0xf7fe56af], '\x84')
self.assertEqual(cpu.EIP, 4160640689)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.AL, 112)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
def test_TEST_20(self):
''' Instruction TEST_20
Groups:
0xf7fe4cfa: test eax, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cfa] = '\x85'
mem[0xf7fe4cfb] = '\xc0'
cpu.EIP = 0xf7fe4cfa
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0xf7e281c2
cpu.PF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fe4cfa], '\x85')
self.assertEqual(mem[0xf7fe4cfb], '\xc0')
self.assertEqual(cpu.EIP, 4160638204)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 4158816706)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, True)
def test_TEST_21(self):
''' Instruction TEST_21
Groups:
0xf7fe4cfa: test eax, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cfa] = '\x85'
mem[0xf7fe4cfb] = '\xc0'
cpu.EIP = 0xf7fe4cfa
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0xf7e281c2
cpu.PF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fe4cfa], '\x85')
self.assertEqual(mem[0xf7fe4cfb], '\xc0')
self.assertEqual(cpu.EIP, 4160638204)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 4158816706)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, True)
def test_TEST_3(self):
''' Instruction TEST_3
Groups:
0xf7fe9e98: test dword ptr [ebp - 0x20], eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe9e98] = '\x85'
mem[0xf7fe9e99] = 'E'
mem[0xffffd478] = '\x01'
mem[0xffffd479] = '\x00'
mem[0xf7fe9e9a] = '\xe0'
mem[0xffffd47b] = '\x00'
mem[0xffffd47a] = '\x00'
cpu.EIP = 0xf7fe9e98
cpu.EBP = 0xffffd498
cpu.PF = False
cpu.EAX = 0xa
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xffffd478], '\x01')
self.assertEqual(mem[0xffffd479], '\x00')
self.assertEqual(mem[0xf7fe9e98], '\x85')
self.assertEqual(mem[0xf7fe9e99], 'E')
self.assertEqual(mem[0xf7fe9e9a], '\xe0')
self.assertEqual(mem[0xffffd47b], '\x00')
self.assertEqual(mem[0xffffd47a], '\x00')
self.assertEqual(cpu.EIP, 4160659099)
self.assertEqual(cpu.EBP, 4294956184)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EAX, 10)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_TEST_4(self):
''' Instruction TEST_4
Groups:
0xf7ff3e70: test al, al
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e70] = '\x84'
mem[0xf7ff3e71] = '\xc0'
cpu.EIP = 0xf7ff3e70
cpu.OF = False
cpu.ZF = False
cpu.AL = 0x5f
cpu.CF = False
cpu.PF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7ff3e70], '\x84')
self.assertEqual(mem[0xf7ff3e71], '\xc0')
self.assertEqual(cpu.EIP, 4160700018)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.AL, 95)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_TEST_5(self):
''' Instruction TEST_5
Groups:
0xf7fe4eb3: test byte ptr [esp + 0x6c], 2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe4eb3] = '\xf6'
mem[0xf7fe4eb4] = 'D'
mem[0xf7fe4eb5] = '$'
mem[0xf7fe4eb6] = 'l'
mem[0xf7fe4eb7] = '\x02'
mem[0xffffd35c] = '\x00'
cpu.EIP = 0xf7fe4eb3
cpu.ESP = 0xffffd2f0
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fe4eb3], '\xf6')
self.assertEqual(mem[0xf7fe4eb4], 'D')
self.assertEqual(mem[0xf7fe4eb5], '$')
self.assertEqual(mem[0xf7fe4eb6], 'l')
self.assertEqual(mem[0xf7fe4eb7], '\x02')
self.assertEqual(mem[0xffffd35c], '\x00')
self.assertEqual(cpu.EIP, 4160638648)
self.assertEqual(cpu.ESP, 4294955760)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_TEST_6(self):
''' Instruction TEST_6
Groups:
0xf7fe4f58: test eax, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f58] = '\x85'
mem[0xf7fe4f59] = '\xc0'
cpu.EIP = 0xf7fe4f58
cpu.OF = False
cpu.ZF = False
cpu.CF = True
cpu.EAX = 0x0
cpu.PF = True
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fe4f58], '\x85')
self.assertEqual(mem[0xf7fe4f59], '\xc0')
self.assertEqual(cpu.EIP, 4160638810)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_TEST_7(self):
''' Instruction TEST_7
Groups:
0xf7fe72b7: test eax, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72b8] = '\xc0'
mem[0xf7fe72b7] = '\x85'
cpu.EIP = 0xf7fe72b7
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0xd696910
cpu.PF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fe72b8], '\xc0')
self.assertEqual(mem[0xf7fe72b7], '\x85')
self.assertEqual(cpu.EIP, 4160647865)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 225011984)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
def test_TEST_8(self):
''' Instruction TEST_8
Groups:
0xf7fe57d4: test edx, 0x804
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe57d4] = '\xf7'
mem[0xf7fe57d5] = '\xc2'
mem[0xf7fe57d6] = '\x04'
mem[0xf7fe57d7] = '\x08'
mem[0xf7fe57d8] = '\x00'
mem[0xf7fe57d9] = '\x00'
cpu.EIP = 0xf7fe57d4
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.EDX = 0x0
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe57d4], '\xf7')
self.assertEqual(mem[0xf7fe57d5], '\xc2')
self.assertEqual(mem[0xf7fe57d6], '\x04')
self.assertEqual(mem[0xf7fe57d7], '\x08')
self.assertEqual(mem[0xf7fe57d8], '\x00')
self.assertEqual(mem[0xf7fe57d9], '\x00')
self.assertEqual(cpu.EIP, 4160640986)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.SF, False)
def test_TEST_9(self):
''' Instruction TEST_9
Groups:
0xf7fe72b7: test eax, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72b8] = '\xc0'
mem[0xf7fe72b7] = '\x85'
cpu.EIP = 0xf7fe72b7
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0xd696910
cpu.PF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fe72b8], '\xc0')
self.assertEqual(mem[0xf7fe72b7], '\x85')
self.assertEqual(cpu.EIP, 4160647865)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 225011984)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.SF, False)
def test_VMOVAPS_1(self):
''' Instruction VMOVAPS_1
Groups: avx
0x80795a2: vmovaps xmmword ptr [ebp], xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x01'
mem[0xffffb601] = '\x03'
mem[0x080795a2] = '\xc5'
mem[0x080795a3] = '\xf8'
mem[0x080795a4] = ')'
mem[0x080795a5] = 'M'
mem[0x080795a6] = '\x00'
mem[0xffffb607] = '\x00'
mem[0xffffb608] = '\x00'
mem[0xffffb609] = '\x00'
mem[0xffffb606] = '\x00'
mem[0xffffb60b] = '\x00'
mem[0xffffb60c] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb60e] = '\x00'
mem[0xffffb60d] = '\x00'
mem[0xffffb603] = '\x00'
mem[0xffffb604] = '\x00'
mem[0xffffb60f] = '\x00'
mem[0xffffb60a] = '\x00'
mem[0xffffb605] = '\x00'
cpu.EIP = 0x80795a2
cpu.XMM1 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\x00')
self.assertEqual(mem[0xffffb606], '\x00')
self.assertEqual(mem[0xffffb607], '\x00')
self.assertEqual(mem[0xffffb608], '\x00')
self.assertEqual(mem[0xffffb609], '\x00')
self.assertEqual(mem[0xffffb60a], '\x00')
self.assertEqual(mem[0xffffb60b], '\x00')
self.assertEqual(mem[0xffffb60c], '\x00')
self.assertEqual(mem[0xffffb60d], '\x00')
self.assertEqual(mem[0xffffb60e], '\x00')
self.assertEqual(mem[0xffffb60f], '\x00')
self.assertEqual(mem[0x80795a2], '\xc5')
self.assertEqual(mem[0x80795a3], '\xf8')
self.assertEqual(mem[0x80795a4], ')')
self.assertEqual(mem[0x80795a6], '\x00')
self.assertEqual(mem[0x80795a5], 'M')
self.assertEqual(cpu.EIP, 134714791)
self.assertEqual(cpu.XMM1, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_VMOVAPS_2(self):
''' Instruction VMOVAPS_2
Groups: avx
0x807959d: vmovaps xmm0, xmmword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x080795a0] = 'E'
mem[0x080795a1] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0xffffb604] = '\x00'
mem[0xffffb605] = '\x00'
mem[0xffffb606] = '\x00'
mem[0xffffb601] = '\x03'
mem[0xffffb608] = '\x00'
mem[0xffffb609] = '\x00'
mem[0xffffb60a] = '\x00'
mem[0xffffb607] = '\x00'
mem[0xffffb60c] = '\x00'
mem[0xffffb60d] = '\x00'
mem[0xffffb60b] = '\x00'
mem[0xffffb60f] = '\x00'
mem[0xffffb60e] = '\x00'
mem[0xffffb600] = '\x01'
mem[0x0807959d] = '\xc5'
mem[0x0807959e] = '\xf8'
mem[0x0807959f] = '('
cpu.EIP = 0x807959d
cpu.XMM0 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x01')
self.assertEqual(mem[0xffffb601], '\x03')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\x00')
self.assertEqual(mem[0xffffb606], '\x00')
self.assertEqual(mem[0xffffb607], '\x00')
self.assertEqual(mem[0xffffb608], '\x00')
self.assertEqual(mem[0xffffb609], '\x00')
self.assertEqual(mem[0xffffb60a], '\x00')
self.assertEqual(mem[0xffffb60b], '\x00')
self.assertEqual(mem[0xffffb60c], '\x00')
self.assertEqual(mem[0xffffb60d], '\x00')
self.assertEqual(mem[0xffffb60e], '\x00')
self.assertEqual(mem[0xffffb60f], '\x00')
self.assertEqual(mem[0x80795a1], '\x00')
self.assertEqual(mem[0x80795a0], 'E')
self.assertEqual(mem[0x807959d], '\xc5')
self.assertEqual(mem[0x807959e], '\xf8')
self.assertEqual(mem[0x807959f], '(')
self.assertEqual(cpu.EIP, 134714786)
self.assertEqual(cpu.XMM0, 769)
self.assertEqual(cpu.EBP, 4294948352)
def test_VMOVAPS_3(self):
''' Instruction VMOVAPS_3
Groups: avx
0x8079599: vmovaps xmm0, xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079599] = '\xc5'
mem[0x0807959a] = '\xf8'
mem[0x0807959b] = '('
mem[0x0807959c] = '\xc1'
cpu.EIP = 0x8079599
cpu.XMM0 = 0x0
cpu.XMM1 = 0x0
cpu.execute()
self.assertEqual(mem[0x8079599], '\xc5')
self.assertEqual(mem[0x807959a], '\xf8')
self.assertEqual(mem[0x807959b], '(')
self.assertEqual(mem[0x807959c], '\xc1')
self.assertEqual(cpu.EIP, 134714781)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.XMM1, 0)
def test_VMOVDQA_1(self):
''' Instruction VMOVDQA_1
Groups: avx
0x804d626: vmovdqa xmmword ptr [ebp], xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0xffffb604] = '\x00'
mem[0xffffb605] = '\x00'
mem[0x0804d626] = '\xc5'
mem[0x0804d627] = '\xf9'
mem[0x0804d628] = '\x7f'
mem[0x0804d629] = 'M'
mem[0x0804d62a] = '\x00'
mem[0xffffb607] = '\x00'
mem[0xffffb60c] = '\x00'
mem[0xffffb60d] = '\x00'
mem[0xffffb60b] = '\x00'
mem[0xffffb60f] = '\x00'
mem[0xffffb608] = '\x00'
mem[0xffffb606] = '\x00'
mem[0xffffb609] = '\x00'
mem[0xffffb60e] = '\x00'
mem[0xffffb60a] = '\x00'
cpu.EIP = 0x804d626
cpu.XMM1 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\x00')
self.assertEqual(mem[0xffffb606], '\x00')
self.assertEqual(mem[0xffffb607], '\x00')
self.assertEqual(mem[0xffffb608], '\x00')
self.assertEqual(mem[0xffffb609], '\x00')
self.assertEqual(mem[0xffffb60a], '\x00')
self.assertEqual(mem[0xffffb60b], '\x00')
self.assertEqual(mem[0xffffb60c], '\x00')
self.assertEqual(mem[0xffffb60d], '\x00')
self.assertEqual(mem[0xffffb60e], '\x00')
self.assertEqual(mem[0xffffb60f], '\x00')
self.assertEqual(mem[0x804d628], '\x7f')
self.assertEqual(mem[0x804d629], 'M')
self.assertEqual(mem[0x804d626], '\xc5')
self.assertEqual(mem[0x804d627], '\xf9')
self.assertEqual(mem[0x804d62a], '\x00')
self.assertEqual(cpu.EIP, 134534699)
self.assertEqual(cpu.XMM1, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_VMOVDQA_2(self):
''' Instruction VMOVDQA_2
Groups: avx
0x804d621: vmovdqa xmm0, xmmword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0x0804d621] = '\xc5'
mem[0x0804d622] = '\xf9'
mem[0x0804d623] = 'o'
mem[0x0804d624] = 'E'
mem[0x0804d625] = '\x00'
mem[0xffffb606] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb608] = '\x00'
mem[0xffffb609] = '\x00'
mem[0xffffb60a] = '\x00'
mem[0xffffb607] = '\x00'
mem[0xffffb60c] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb60b] = '\x00'
mem[0xffffb60d] = '\x00'
mem[0xffffb603] = '\x00'
mem[0xffffb60e] = '\x00'
mem[0xffffb604] = '\x00'
mem[0xffffb60f] = '\x00'
mem[0xffffb605] = '\x00'
cpu.EIP = 0x804d621
cpu.XMM0 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\x00')
self.assertEqual(mem[0xffffb606], '\x00')
self.assertEqual(mem[0xffffb607], '\x00')
self.assertEqual(mem[0xffffb608], '\x00')
self.assertEqual(mem[0xffffb609], '\x00')
self.assertEqual(mem[0xffffb60a], '\x00')
self.assertEqual(mem[0xffffb60b], '\x00')
self.assertEqual(mem[0xffffb60c], '\x00')
self.assertEqual(mem[0xffffb60d], '\x00')
self.assertEqual(mem[0xffffb60e], '\x00')
self.assertEqual(mem[0xffffb60f], '\x00')
self.assertEqual(mem[0x804d623], 'o')
self.assertEqual(mem[0x804d622], '\xf9')
self.assertEqual(mem[0x804d621], '\xc5')
self.assertEqual(mem[0x804d624], 'E')
self.assertEqual(mem[0x804d625], '\x00')
self.assertEqual(cpu.EIP, 134534694)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_VMOVDQA_3(self):
''' Instruction VMOVDQA_3
Groups: avx
0x804d61d: vmovdqa xmm0, xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x0804d620] = '\xc1'
mem[0x0804d61d] = '\xc5'
mem[0x0804d61e] = '\xf9'
mem[0x0804d61f] = 'o'
cpu.EIP = 0x804d61d
cpu.XMM0 = 0x0
cpu.XMM1 = 0x0
cpu.execute()
self.assertEqual(mem[0x804d620], '\xc1')
self.assertEqual(mem[0x804d61d], '\xc5')
self.assertEqual(mem[0x804d61e], '\xf9')
self.assertEqual(mem[0x804d61f], 'o')
self.assertEqual(cpu.EIP, 134534689)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.XMM1, 0)
def test_VMOVDQU_1(self):
''' Instruction VMOVDQU_1
Groups: avx
0x804d661: vmovdqu xmm0, xmmword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0x0804d661] = '\xc5'
mem[0x0804d662] = '\xfa'
mem[0x0804d663] = 'o'
mem[0x0804d664] = 'E'
mem[0x0804d665] = '\x00'
mem[0xffffb606] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb608] = '\x00'
mem[0xffffb609] = '\x00'
mem[0xffffb60a] = '\x00'
mem[0xffffb607] = '\x00'
mem[0xffffb60c] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb60b] = '\x00'
mem[0xffffb60d] = '\x00'
mem[0xffffb603] = '\x00'
mem[0xffffb60e] = '\x00'
mem[0xffffb604] = '\x00'
mem[0xffffb60f] = '\x00'
mem[0xffffb605] = '\x00'
cpu.EIP = 0x804d661
cpu.XMM0 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\x00')
self.assertEqual(mem[0xffffb606], '\x00')
self.assertEqual(mem[0xffffb607], '\x00')
self.assertEqual(mem[0xffffb608], '\x00')
self.assertEqual(mem[0xffffb609], '\x00')
self.assertEqual(mem[0xffffb60a], '\x00')
self.assertEqual(mem[0xffffb60b], '\x00')
self.assertEqual(mem[0xffffb60c], '\x00')
self.assertEqual(mem[0xffffb60d], '\x00')
self.assertEqual(mem[0xffffb60e], '\x00')
self.assertEqual(mem[0xffffb60f], '\x00')
self.assertEqual(mem[0x804d663], 'o')
self.assertEqual(mem[0x804d662], '\xfa')
self.assertEqual(mem[0x804d661], '\xc5')
self.assertEqual(mem[0x804d664], 'E')
self.assertEqual(mem[0x804d665], '\x00')
self.assertEqual(cpu.EIP, 134534758)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_VMOVDQU_2(self):
''' Instruction VMOVDQU_2
Groups: avx
0x804d666: vmovdqu xmmword ptr [ebp], xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0xffffb604] = '\x00'
mem[0xffffb605] = '\x00'
mem[0x0804d666] = '\xc5'
mem[0x0804d667] = '\xfa'
mem[0x0804d668] = '\x7f'
mem[0x0804d669] = 'M'
mem[0x0804d66a] = '\x00'
mem[0xffffb607] = '\x00'
mem[0xffffb60c] = '\x00'
mem[0xffffb60d] = '\x00'
mem[0xffffb60b] = '\x00'
mem[0xffffb60f] = '\x00'
mem[0xffffb608] = '\x00'
mem[0xffffb606] = '\x00'
mem[0xffffb609] = '\x00'
mem[0xffffb60e] = '\x00'
mem[0xffffb60a] = '\x00'
cpu.EIP = 0x804d666
cpu.XMM1 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\x00')
self.assertEqual(mem[0xffffb606], '\x00')
self.assertEqual(mem[0xffffb607], '\x00')
self.assertEqual(mem[0xffffb608], '\x00')
self.assertEqual(mem[0xffffb609], '\x00')
self.assertEqual(mem[0xffffb60a], '\x00')
self.assertEqual(mem[0xffffb60b], '\x00')
self.assertEqual(mem[0xffffb60c], '\x00')
self.assertEqual(mem[0xffffb60d], '\x00')
self.assertEqual(mem[0xffffb60e], '\x00')
self.assertEqual(mem[0xffffb60f], '\x00')
self.assertEqual(mem[0x804d668], '\x7f')
self.assertEqual(mem[0x804d666], '\xc5')
self.assertEqual(mem[0x804d667], '\xfa')
self.assertEqual(mem[0x804d669], 'M')
self.assertEqual(mem[0x804d66a], '\x00')
self.assertEqual(cpu.EIP, 134534763)
self.assertEqual(cpu.XMM1, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_VMOVDQU_3(self):
''' Instruction VMOVDQU_3
Groups: avx
0x804d65d: vmovdqu xmm0, xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x0804d660] = '\xc1'
mem[0x0804d65d] = '\xc5'
mem[0x0804d65e] = '\xfa'
mem[0x0804d65f] = 'o'
cpu.EIP = 0x804d65d
cpu.XMM0 = 0x0
cpu.XMM1 = 0x0
cpu.execute()
self.assertEqual(mem[0x804d660], '\xc1')
self.assertEqual(mem[0x804d65d], '\xc5')
self.assertEqual(mem[0x804d65e], '\xfa')
self.assertEqual(mem[0x804d65f], 'o')
self.assertEqual(cpu.EIP, 134534753)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.XMM1, 0)
def test_VMOVD_1(self):
''' Instruction VMOVD_1
Groups: avx
0x8059850: vmovd dword ptr [ebp], xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x08059854] = '\x00'
mem[0x08059853] = 'M'
mem[0x08059851] = '\xf9'
mem[0x08059850] = '\xc5'
mem[0x08059852] = '~'
cpu.EIP = 0x8059850
cpu.XMM1 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x8059854], '\x00')
self.assertEqual(mem[0x8059853], 'M')
self.assertEqual(mem[0x8059851], '\xf9')
self.assertEqual(mem[0x8059850], '\xc5')
self.assertEqual(mem[0x8059852], '~')
self.assertEqual(cpu.EIP, 134584405)
self.assertEqual(cpu.XMM1, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_VMOVD_2(self):
''' Instruction VMOVD_2
Groups: avx
0x8059843: vmovd ecx, xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x08059843] = '\xc5'
mem[0x08059844] = '\xf9'
mem[0x08059845] = '~'
mem[0x08059846] = '\xc9'
cpu.EIP = 0x8059843
cpu.XMM1 = 0x0
cpu.ECX = 0xffffffff
cpu.execute()
self.assertEqual(mem[0x8059843], '\xc5')
self.assertEqual(mem[0x8059844], '\xf9')
self.assertEqual(mem[0x8059845], '~')
self.assertEqual(mem[0x8059846], '\xc9')
self.assertEqual(cpu.EIP, 134584391)
self.assertEqual(cpu.XMM1, 0)
self.assertEqual(cpu.ECX, 0)
def test_VMOVD_3(self):
''' Instruction VMOVD_3
Groups: avx
0x8059847: vmovd xmm0, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x08059848] = '\xf9'
mem[0x08059849] = 'n'
mem[0x0805984a] = '\xc2'
mem[0x08059847] = '\xc5'
cpu.EIP = 0x8059847
cpu.XMM0 = 0xffffffff
cpu.EDX = 0xffffc606
cpu.execute()
self.assertEqual(mem[0x8059848], '\xf9')
self.assertEqual(mem[0x8059849], 'n')
self.assertEqual(mem[0x805984a], '\xc2')
self.assertEqual(mem[0x8059847], '\xc5')
self.assertEqual(cpu.EIP, 134584395)
self.assertEqual(cpu.XMM0, 4294952454)
self.assertEqual(cpu.EDX, 4294952454)
def test_VMOVD_4(self):
''' Instruction VMOVD_4
Groups: avx
0x805984b: vmovd xmm0, dword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x0805984b] = '\xc5'
mem[0x0805984c] = '\xf9'
mem[0x0805984d] = 'n'
mem[0x0805984e] = 'E'
mem[0x0805984f] = '\x00'
cpu.EIP = 0x805984b
cpu.XMM0 = 0xffffc606
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x805984b], '\xc5')
self.assertEqual(mem[0x805984c], '\xf9')
self.assertEqual(mem[0x805984d], 'n')
self.assertEqual(mem[0x805984e], 'E')
self.assertEqual(mem[0x805984f], '\x00')
self.assertEqual(cpu.EIP, 134584400)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_VMOVQ_1(self):
''' Instruction VMOVQ_1
Groups: avx
0x805667c: vmovq xmm0, xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08056000, 0x1000, 'rwx')
mem[0x0805667c] = '\xc5'
mem[0x0805667d] = '\xfa'
mem[0x0805667e] = '~'
mem[0x0805667f] = '\xc1'
cpu.EIP = 0x805667c
cpu.XMM0 = 0xffffffff0000000000000000
cpu.XMM1 = 0x0
cpu.execute()
self.assertEqual(mem[0x805667c], '\xc5')
self.assertEqual(mem[0x805667d], '\xfa')
self.assertEqual(mem[0x805667e], '~')
self.assertEqual(mem[0x805667f], '\xc1')
self.assertEqual(cpu.EIP, 134571648)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.XMM1, 0)
def test_VMOVQ_2(self):
''' Instruction VMOVQ_2
Groups: avx
0x8056680: vmovq xmm0, qword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08056000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x08056680] = '\xc5'
mem[0x08056681] = '\xfa'
mem[0x08056682] = '~'
mem[0x08056683] = 'E'
mem[0x08056684] = '\x00'
mem[0xffffb605] = '\x00'
mem[0xffffb606] = '\x00'
mem[0xffffb601] = '\xff'
mem[0xffffb602] = '\xff'
mem[0xffffb603] = '\xff'
mem[0xffffb604] = '\x00'
mem[0xffffb607] = '\x00'
mem[0xffffb600] = '\xff'
cpu.EIP = 0x8056680
cpu.XMM0 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0x8056680], '\xc5')
self.assertEqual(mem[0x8056681], '\xfa')
self.assertEqual(mem[0x8056682], '~')
self.assertEqual(mem[0x8056683], 'E')
self.assertEqual(mem[0x8056684], '\x00')
self.assertEqual(mem[0xffffb605], '\x00')
self.assertEqual(mem[0xffffb606], '\x00')
self.assertEqual(mem[0xffffb601], '\xff')
self.assertEqual(mem[0xffffb602], '\xff')
self.assertEqual(mem[0xffffb603], '\xff')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb607], '\x00')
self.assertEqual(mem[0xffffb600], '\xff')
self.assertEqual(cpu.EIP, 134571653)
self.assertEqual(cpu.XMM0, 4294967295)
self.assertEqual(cpu.EBP, 4294948352)
def test_VMOVQ_3(self):
''' Instruction VMOVQ_3
Groups: avx
0x8056685: vmovq qword ptr [ebp], xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08056000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\xff'
mem[0xffffb601] = '\xff'
mem[0xffffb602] = '\xff'
mem[0xffffb603] = '\xff'
mem[0xffffb604] = '\x00'
mem[0x08056685] = '\xc5'
mem[0x08056686] = '\xf9'
mem[0x08056687] = '\xd6'
mem[0x08056688] = 'M'
mem[0x08056689] = '\x00'
mem[0xffffb605] = '\x00'
mem[0xffffb606] = '\x00'
mem[0xffffb607] = '\x00'
cpu.EIP = 0x8056685
cpu.XMM1 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0x8056685], '\xc5')
self.assertEqual(mem[0x8056686], '\xf9')
self.assertEqual(mem[0x8056687], '\xd6')
self.assertEqual(mem[0x8056688], 'M')
self.assertEqual(mem[0x8056689], '\x00')
self.assertEqual(mem[0xffffb605], '\x00')
self.assertEqual(mem[0xffffb606], '\x00')
self.assertEqual(mem[0xffffb607], '\x00')
self.assertEqual(cpu.EIP, 134571658)
self.assertEqual(cpu.XMM1, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_VMOVUPS_1(self):
''' Instruction VMOVUPS_1
Groups: avx
0x8079442: vmovups xmm0, xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079442] = '\xc5'
mem[0x08079443] = '\xf8'
mem[0x08079444] = '\x10'
mem[0x08079445] = '\xc1'
cpu.EIP = 0x8079442
cpu.XMM0 = 0x80f1fc00ffff80fe
cpu.XMM1 = 0x0
cpu.execute()
self.assertEqual(mem[0x8079442], '\xc5')
self.assertEqual(mem[0x8079443], '\xf8')
self.assertEqual(mem[0x8079444], '\x10')
self.assertEqual(mem[0x8079445], '\xc1')
self.assertEqual(cpu.EIP, 134714438)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.XMM1, 0)
def test_VMOVUPS_2(self):
''' Instruction VMOVUPS_2
Groups: avx
0x8079446: vmovups xmm0, xmmword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0xffffb604] = '\x00'
mem[0xffffb605] = '\x00'
mem[0x08079446] = '\xc5'
mem[0x08079447] = '\xf8'
mem[0x08079448] = '\x10'
mem[0x08079449] = 'E'
mem[0x0807944a] = '\x00'
mem[0xffffb607] = '\x00'
mem[0xffffb60c] = '\x00'
mem[0xffffb60d] = '\x00'
mem[0xffffb60b] = '\x00'
mem[0xffffb60f] = '\x00'
mem[0xffffb608] = '\x00'
mem[0xffffb606] = '\x00'
mem[0xffffb609] = '\x00'
mem[0xffffb60e] = '\x00'
mem[0xffffb60a] = '\x00'
cpu.EIP = 0x8079446
cpu.XMM0 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\x00')
self.assertEqual(mem[0x8079446], '\xc5')
self.assertEqual(mem[0x8079447], '\xf8')
self.assertEqual(mem[0x8079448], '\x10')
self.assertEqual(mem[0x8079449], 'E')
self.assertEqual(mem[0x807944a], '\x00')
self.assertEqual(mem[0xffffb60b], '\x00')
self.assertEqual(mem[0xffffb60c], '\x00')
self.assertEqual(mem[0xffffb60d], '\x00')
self.assertEqual(mem[0xffffb60e], '\x00')
self.assertEqual(mem[0xffffb60f], '\x00')
self.assertEqual(mem[0xffffb608], '\x00')
self.assertEqual(mem[0xffffb606], '\x00')
self.assertEqual(mem[0xffffb607], '\x00')
self.assertEqual(mem[0xffffb609], '\x00')
self.assertEqual(mem[0xffffb60a], '\x00')
self.assertEqual(cpu.EIP, 134714443)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_VMOVUPS_3(self):
''' Instruction VMOVUPS_3
Groups: avx
0x807944b: vmovups xmmword ptr [ebp], xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0xffffb604] = '\x00'
mem[0xffffb605] = '\x00'
mem[0xffffb606] = '\x00'
mem[0xffffb607] = '\x00'
mem[0xffffb608] = '\x00'
mem[0xffffb609] = '\x00'
mem[0xffffb60a] = '\x00'
mem[0x0807944b] = '\xc5'
mem[0x0807944c] = '\xf8'
mem[0x0807944d] = '\x11'
mem[0x0807944e] = 'M'
mem[0x0807944f] = '\x00'
mem[0xffffb60e] = '\x00'
mem[0xffffb60b] = '\x00'
mem[0xffffb60f] = '\x00'
mem[0xffffb60d] = '\x00'
mem[0xffffb60c] = '\x00'
cpu.EIP = 0x807944b
cpu.XMM1 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x00')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\x00')
self.assertEqual(mem[0xffffb606], '\x00')
self.assertEqual(mem[0xffffb607], '\x00')
self.assertEqual(mem[0xffffb608], '\x00')
self.assertEqual(mem[0xffffb609], '\x00')
self.assertEqual(mem[0xffffb60a], '\x00')
self.assertEqual(mem[0x807944b], '\xc5')
self.assertEqual(mem[0x807944c], '\xf8')
self.assertEqual(mem[0x807944d], '\x11')
self.assertEqual(mem[0x807944e], 'M')
self.assertEqual(mem[0x807944f], '\x00')
self.assertEqual(mem[0xffffb60e], '\x00')
self.assertEqual(mem[0xffffb60b], '\x00')
self.assertEqual(mem[0xffffb60f], '\x00')
self.assertEqual(mem[0xffffb60d], '\x00')
self.assertEqual(mem[0xffffb60c], '\x00')
self.assertEqual(cpu.EIP, 134714448)
self.assertEqual(cpu.XMM1, 0)
self.assertEqual(cpu.EBP, 4294948352)
def test_VPSHUFB_1(self):
''' Instruction VPSHUFB_1
Groups: avx
0x804d5bb: vpshufb xmm0, xmm1, xmm2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x0804d5bb] = '\xc4'
mem[0x0804d5bc] = '\xe2'
mem[0x0804d5bd] = 'q'
mem[0x0804d5be] = '\x00'
mem[0x0804d5bf] = '\xc2'
cpu.XMM2 = 0x0
cpu.EIP = 0x804d5bb
cpu.XMM0 = 0x0
cpu.XMM1 = 0x0
cpu.execute()
self.assertEqual(mem[0x804d5bb], '\xc4')
self.assertEqual(mem[0x804d5bc], '\xe2')
self.assertEqual(mem[0x804d5bd], 'q')
self.assertEqual(mem[0x804d5be], '\x00')
self.assertEqual(mem[0x804d5bf], '\xc2')
self.assertEqual(cpu.XMM2, 0)
self.assertEqual(cpu.EIP, 134534592)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.XMM1, 0)
def test_VPTEST_1(self):
''' Instruction VPTEST_1
Groups: avx
0x8079371: vptest xmm0, xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x08079371] = '\xc4'
mem[0x08079372] = '\xe2'
mem[0x08079373] = 'y'
mem[0x08079374] = '\x17'
mem[0x08079375] = '\xc1'
cpu.EIP = 0x8079371
cpu.XMM0 = 0x80f1fc0000000101
cpu.XMM1 = 0x0
cpu.execute()
self.assertEqual(mem[0x8079371], '\xc4')
self.assertEqual(mem[0x8079372], '\xe2')
self.assertEqual(mem[0x8079373], 'y')
self.assertEqual(mem[0x8079374], '\x17')
self.assertEqual(mem[0x8079375], '\xc1')
self.assertEqual(cpu.EIP, 134714230)
self.assertEqual(cpu.XMM0, 9291484583172243713)
self.assertEqual(cpu.XMM1, 0)
def test_VPTEST_2(self):
''' Instruction VPTEST_2
Groups: avx
0x8079376: vptest xmm0, xmmword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x01'
mem[0xffffb601] = '\x00'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0xffffb604] = '\x00'
mem[0xffffb605] = '\xfc'
mem[0xffffb606] = '\xf1'
mem[0xffffb607] = '\x80'
mem[0xffffb608] = '\x00'
mem[0xffffb609] = '\x00'
mem[0xffffb60a] = '\x00'
mem[0xffffb60b] = '\x00'
mem[0xffffb60c] = '\x00'
mem[0xffffb60d] = '\x00'
mem[0xffffb60e] = '\x00'
mem[0xffffb60f] = '\x00'
mem[0x08079376] = '\xc4'
mem[0x08079377] = '\xe2'
mem[0x08079378] = 'y'
mem[0x08079379] = '\x17'
mem[0x0807937a] = 'E'
mem[0x0807937b] = '\x00'
cpu.EIP = 0x8079376
cpu.XMM0 = 0x80f1fc0000000101
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x01')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\xfc')
self.assertEqual(mem[0xffffb606], '\xf1')
self.assertEqual(mem[0xffffb607], '\x80')
self.assertEqual(mem[0xffffb608], '\x00')
self.assertEqual(mem[0xffffb609], '\x00')
self.assertEqual(mem[0xffffb60a], '\x00')
self.assertEqual(mem[0xffffb60b], '\x00')
self.assertEqual(mem[0xffffb60c], '\x00')
self.assertEqual(mem[0xffffb60d], '\x00')
self.assertEqual(mem[0xffffb60e], '\x00')
self.assertEqual(mem[0xffffb60f], '\x00')
self.assertEqual(mem[0x8079376], '\xc4')
self.assertEqual(mem[0x8079377], '\xe2')
self.assertEqual(mem[0x8079378], 'y')
self.assertEqual(mem[0x8079379], '\x17')
self.assertEqual(mem[0x807937a], 'E')
self.assertEqual(mem[0x807937b], '\x00')
self.assertEqual(cpu.EIP, 134714236)
self.assertEqual(cpu.XMM0, 9291484583172243713)
self.assertEqual(cpu.EBP, 4294948352)
def test_VPXOR_1(self):
''' Instruction VPXOR_1
Groups: avx
0x807949b: vpxor xmm0, xmm1, xmm2
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x0807949b] = '\xc5'
mem[0x0807949c] = '\xf1'
mem[0x0807949d] = '\xef'
mem[0x0807949e] = '\xc2'
cpu.XMM2 = 0x0
cpu.EIP = 0x807949b
cpu.XMM0 = 0x0
cpu.XMM1 = 0x0
cpu.execute()
self.assertEqual(mem[0x807949b], '\xc5')
self.assertEqual(mem[0x807949c], '\xf1')
self.assertEqual(mem[0x807949d], '\xef')
self.assertEqual(mem[0x807949e], '\xc2')
self.assertEqual(cpu.XMM2, 0)
self.assertEqual(cpu.EIP, 134714527)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.XMM1, 0)
def test_VZEROUPPER_1(self):
''' Instruction VZEROUPPER_1
Groups: avx
0x807936d: vzeroupper
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x0807936d] = '\xc5'
mem[0x0807936e] = '\xf8'
mem[0x0807936f] = 'w'
cpu.EIP = 0x807936d
cpu.execute()
self.assertEqual(mem[0x807936d], '\xc5')
self.assertEqual(mem[0x807936e], '\xf8')
self.assertEqual(mem[0x807936f], 'w')
self.assertEqual(cpu.EIP, 134714224)
def test_XADD_1(self):
''' Instruction XADD_1
Groups:
0x805987c: xadd byte ptr [ebp], dl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\xfc'
mem[0x0805987c] = '\x0f'
mem[0x0805987d] = '\xc0'
mem[0x0805987e] = 'U'
mem[0x0805987f] = '\x00'
cpu.EIP = 0x805987c
cpu.DL = 0x0
cpu.EBP = 0xffffb600
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xffffb600], '\xfc')
self.assertEqual(mem[0x805987c], '\x0f')
self.assertEqual(mem[0x805987d], '\xc0')
self.assertEqual(mem[0x805987e], 'U')
self.assertEqual(mem[0x805987f], '\x00')
self.assertEqual(cpu.EIP, 134584448)
self.assertEqual(cpu.DL, 252)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, True)
def test_XADD_2(self):
''' Instruction XADD_2
Groups:
0x8059885: xadd dword ptr [ebp], edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\xf8'
mem[0xffffb601] = '\xc8'
mem[0xffffb602] = '\x00'
mem[0xffffb603] = '\x00'
mem[0x08059885] = '\x0f'
mem[0x08059886] = '\xc1'
mem[0x08059887] = 'U'
mem[0x08059888] = '\x00'
cpu.EIP = 0x8059885
cpu.EDX = 0xfc
cpu.EBP = 0xffffb600
cpu.PF = False
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xffffb600], '\xf4')
self.assertEqual(mem[0xffffb601], '\xc9')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x8059885], '\x0f')
self.assertEqual(mem[0x8059886], '\xc1')
self.assertEqual(mem[0x8059887], 'U')
self.assertEqual(mem[0x8059888], '\x00')
self.assertEqual(cpu.EIP, 134584457)
self.assertEqual(cpu.EDX, 51448)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_XADD_3(self):
''' Instruction XADD_3
Groups:
0x8059875: xadd cx, dx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x08059878] = '\xd1'
mem[0x08059875] = 'f'
mem[0x08059876] = '\x0f'
mem[0x08059877] = '\xc1'
cpu.EIP = 0x8059875
cpu.CX = 0x3
cpu.PF = True
cpu.DX = 0xc6fd
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.CF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x8059878], '\xd1')
self.assertEqual(mem[0x8059875], 'f')
self.assertEqual(mem[0x8059876], '\x0f')
self.assertEqual(mem[0x8059877], '\xc1')
self.assertEqual(cpu.EIP, 134584441)
self.assertEqual(cpu.CX, 50944)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.DX, 3)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, True)
def test_XADD_4(self):
''' Instruction XADD_4
Groups:
0x8059880: xadd word ptr [ebp], dx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x08059880] = 'f'
mem[0x08059881] = '\x0f'
mem[0x08059882] = '\xc1'
mem[0x08059883] = 'U'
mem[0x08059884] = '\x00'
mem[0xffffb601] = '\x00'
mem[0xffffb600] = '\xfc'
cpu.EIP = 0x8059880
cpu.EBP = 0xffffb600
cpu.PF = True
cpu.DX = 0xc7fc
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0x8059880], 'f')
self.assertEqual(mem[0x8059881], '\x0f')
self.assertEqual(mem[0x8059882], '\xc1')
self.assertEqual(mem[0x8059883], 'U')
self.assertEqual(mem[0x8059884], '\x00')
self.assertEqual(mem[0xffffb601], '\xc8')
self.assertEqual(mem[0xffffb600], '\xf8')
self.assertEqual(cpu.EIP, 134584453)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.DX, 252)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, True)
def test_XADD_5(self):
''' Instruction XADD_5
Groups:
0x8059872: xadd cl, dl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x08059872] = '\x0f'
mem[0x08059873] = '\xc0'
mem[0x08059874] = '\xd1'
cpu.EIP = 0x8059872
cpu.DL = 0x6
cpu.PF = True
cpu.AF = False
cpu.OF = False
cpu.ZF = False
cpu.CL = 0xfd
cpu.CF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x8059872], '\x0f')
self.assertEqual(mem[0x8059873], '\xc0')
self.assertEqual(mem[0x8059874], '\xd1')
self.assertEqual(cpu.EIP, 134584437)
self.assertEqual(cpu.DL, 253)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, True)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CL, 3)
self.assertEqual(cpu.CF, True)
self.assertEqual(cpu.SF, False)
def test_XADD_6(self):
''' Instruction XADD_6
Groups:
0x8059879: xadd ecx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x08059879] = '\x0f'
mem[0x0805987a] = '\xc1'
mem[0x0805987b] = '\xd1'
cpu.EIP = 0x8059879
cpu.EDX = 0xffff0003
cpu.PF = True
cpu.AF = True
cpu.OF = False
cpu.ZF = False
cpu.ECX = 0xc700
cpu.CF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0x8059879], '\x0f')
self.assertEqual(mem[0x805987a], '\xc1')
self.assertEqual(mem[0x805987b], '\xd1')
self.assertEqual(cpu.EIP, 134584444)
self.assertEqual(cpu.EDX, 50944)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.AF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.ECX, 4294952707)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, True)
def test_XCHG_1(self):
''' Instruction XCHG_1
Groups:
0x805b983: xchg cl, dl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x0805b983] = '\x86'
mem[0x0805b984] = '\xd1'
cpu.EIP = 0x805b983
cpu.DL = 0xf8
cpu.CL = 0xc
cpu.execute()
self.assertEqual(mem[0x805b983], '\x86')
self.assertEqual(mem[0x805b984], '\xd1')
self.assertEqual(cpu.EIP, 134592901)
self.assertEqual(cpu.DL, 12)
self.assertEqual(cpu.CL, 248)
def test_XCHG_10(self):
''' Instruction XCHG_10
Groups:
0xf7eaa1dc: xchg edi, ebx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa1dc] = '\x87'
mem[0xf7eaa1dd] = '\xdf'
cpu.EIP = 0xf7eaa1dc
cpu.EDI = 0x1
cpu.EBX = 0xf7fc0000
cpu.execute()
self.assertEqual(mem[0xf7eaa1dc], '\x87')
self.assertEqual(mem[0xf7eaa1dd], '\xdf')
self.assertEqual(cpu.EIP, 4159349214)
self.assertEqual(cpu.EDI, 4160487424)
self.assertEqual(cpu.EBX, 1)
def test_XCHG_11(self):
''' Instruction XCHG_11
Groups:
0x805b98f: xchg ecx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x0805b990] = '\xd1'
mem[0x0805b98f] = '\x87'
cpu.EIP = 0x805b98f
cpu.EDX = 0xec
cpu.ECX = 0x3f8
cpu.execute()
self.assertEqual(mem[0x805b990], '\xd1')
self.assertEqual(mem[0x805b98f], '\x87')
self.assertEqual(cpu.EIP, 134592913)
self.assertEqual(cpu.EDX, 1016)
self.assertEqual(cpu.ECX, 236)
def test_XCHG_12(self):
''' Instruction XCHG_12
Groups:
0xf7e2e752: xchg esi, ebx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e2e000, 0x1000, 'rwx')
mem[0xf7e2e752] = '\x87'
mem[0xf7e2e753] = '\xde'
cpu.EIP = 0xf7e2e752
cpu.EBX = 0xf7fc0000
cpu.ESI = 0x1c0003f
cpu.execute()
self.assertEqual(mem[0xf7e2e752], '\x87')
self.assertEqual(mem[0xf7e2e753], '\xde')
self.assertEqual(cpu.EIP, 4158842708)
self.assertEqual(cpu.EBX, 29360191)
self.assertEqual(cpu.ESI, 4160487424)
def test_XCHG_13(self):
''' Instruction XCHG_13
Groups:
0xf7e2ee82: xchg ebp, ebx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e2e000, 0x1000, 'rwx')
mem[0xf7e2ee82] = '\x87'
mem[0xf7e2ee83] = '\xdd'
cpu.EIP = 0xf7e2ee82
cpu.EBP = 0xf7fc0000
cpu.EBX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7e2ee82], '\x87')
self.assertEqual(mem[0xf7e2ee83], '\xdd')
self.assertEqual(cpu.EIP, 4158844548)
self.assertEqual(cpu.EBP, 0)
self.assertEqual(cpu.EBX, 4160487424)
def test_XCHG_14(self):
''' Instruction XCHG_14
Groups:
0x805b991: xchg dword ptr [ebp], ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x0c'
mem[0xffffb601] = '\xc8'
mem[0xffffb602] = '\x03'
mem[0xffffb603] = 'x'
mem[0x0805b991] = '\x87'
mem[0x0805b992] = 'M'
mem[0x0805b993] = '\x00'
cpu.EIP = 0x805b991
cpu.EBP = 0xffffb600
cpu.ECX = 0xec
cpu.execute()
self.assertEqual(mem[0xffffb600], '\xec')
self.assertEqual(mem[0xffffb601], '\x00')
self.assertEqual(mem[0xffffb602], '\x00')
self.assertEqual(mem[0xffffb603], '\x00')
self.assertEqual(mem[0x805b991], '\x87')
self.assertEqual(mem[0x805b992], 'M')
self.assertEqual(mem[0x805b993], '\x00')
self.assertEqual(cpu.EIP, 134592916)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.ECX, 2013513740)
def test_XCHG_15(self):
''' Instruction XCHG_15
Groups:
0xf7ff36f4: xchg ebx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff36f4] = '\x87'
mem[0xf7ff36f5] = '\xd3'
cpu.EIP = 0xf7ff36f4
cpu.EDX = 0x3
cpu.EBX = 0xf7ffd000
cpu.execute()
self.assertEqual(mem[0xf7ff36f4], '\x87')
self.assertEqual(mem[0xf7ff36f5], '\xd3')
self.assertEqual(cpu.EIP, 4160698102)
self.assertEqual(cpu.EDX, 4160737280)
self.assertEqual(cpu.EBX, 3)
def test_XCHG_16(self):
''' Instruction XCHG_16
Groups:
0x805b997: xchg word ptr [ebp], dx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\xf8'
mem[0xffffb601] = '\x00'
mem[0x0805b997] = 'f'
mem[0x0805b998] = '\x87'
mem[0x0805b999] = 'U'
mem[0x0805b99a] = '\x00'
cpu.EIP = 0x805b997
cpu.EBP = 0xffffb600
cpu.DX = 0x3ec
cpu.execute()
self.assertEqual(mem[0xffffb600], '\xec')
self.assertEqual(mem[0xffffb601], '\x03')
self.assertEqual(mem[0x805b997], 'f')
self.assertEqual(mem[0x805b998], '\x87')
self.assertEqual(mem[0x805b999], 'U')
self.assertEqual(mem[0x805b99a], '\x00')
self.assertEqual(cpu.EIP, 134592923)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.DX, 248)
def test_XCHG_17(self):
''' Instruction XCHG_17
Groups:
0x805b985: xchg byte ptr [ebp], cl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\xec'
mem[0x0805b985] = '\x86'
mem[0x0805b986] = 'M'
mem[0x0805b987] = '\x00'
cpu.EIP = 0x805b985
cpu.EBP = 0xffffb600
cpu.CL = 0xf8
cpu.execute()
self.assertEqual(mem[0xffffb600], '\xf8')
self.assertEqual(mem[0x805b985], '\x86')
self.assertEqual(mem[0x805b986], 'M')
self.assertEqual(mem[0x805b987], '\x00')
self.assertEqual(cpu.EIP, 134592904)
self.assertEqual(cpu.EBP, 4294948352)
self.assertEqual(cpu.CL, 236)
def test_XCHG_18(self):
''' Instruction XCHG_18
Groups:
0xf7e2e756: xchg esi, ebx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e2e000, 0x1000, 'rwx')
mem[0xf7e2e756] = '\x87'
mem[0xf7e2e757] = '\xde'
cpu.EIP = 0xf7e2e756
cpu.EBX = 0x1c0003f
cpu.ESI = 0xf7fc0000
cpu.execute()
self.assertEqual(mem[0xf7e2e756], '\x87')
self.assertEqual(mem[0xf7e2e757], '\xde')
self.assertEqual(cpu.EIP, 4158842712)
self.assertEqual(cpu.EBX, 4160487424)
self.assertEqual(cpu.ESI, 29360191)
def test_XCHG_19(self):
''' Instruction XCHG_19
Groups: not64bitmode
0xf7ff454e: xchg eax, edi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff454e] = '\x97'
cpu.EIP = 0xf7ff454e
cpu.EDI = 0xf7e148fc
cpu.EAX = 0xf7e14014
cpu.execute()
self.assertEqual(mem[0xf7ff454e], '\x97')
self.assertEqual(cpu.EIP, 4160701775)
self.assertEqual(cpu.EDI, 4158734356)
self.assertEqual(cpu.EAX, 4158736636)
def test_XCHG_2(self):
''' Instruction XCHG_2
Groups:
0xf7eaa3c0: xchg ebp, ebx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa3c0] = '\x87'
mem[0xf7eaa3c1] = '\xdd'
cpu.EIP = 0xf7eaa3c0
cpu.EBP = 0x1
cpu.EBX = 0xf7fc0000
cpu.execute()
self.assertEqual(mem[0xf7eaa3c0], '\x87')
self.assertEqual(mem[0xf7eaa3c1], '\xdd')
self.assertEqual(cpu.EIP, 4159349698)
self.assertEqual(cpu.EBP, 4160487424)
self.assertEqual(cpu.EBX, 1)
def test_XCHG_20(self):
''' Instruction XCHG_20
Groups:
0xf7eaa19a: xchg ebp, ebx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa19a] = '\x87'
mem[0xf7eaa19b] = '\xdd'
cpu.EIP = 0xf7eaa19a
cpu.EBP = 0xc2
cpu.EBX = 0xf7fc0000
cpu.execute()
self.assertEqual(mem[0xf7eaa19a], '\x87')
self.assertEqual(mem[0xf7eaa19b], '\xdd')
self.assertEqual(cpu.EIP, 4159349148)
self.assertEqual(cpu.EBP, 4160487424)
self.assertEqual(cpu.EBX, 194)
def test_XCHG_21(self):
''' Instruction XCHG_21
Groups: not64bitmode
0xf7ff454e: xchg eax, edi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff454e] = '\x97'
cpu.EIP = 0xf7ff454e
cpu.EDI = 0xf7fdaaee
cpu.EAX = 0xf7fdaad0
cpu.execute()
self.assertEqual(mem[0xf7ff454e], '\x97')
self.assertEqual(cpu.EIP, 4160701775)
self.assertEqual(cpu.EDI, 4160596688)
self.assertEqual(cpu.EAX, 4160596718)
def test_XCHG_3(self):
''' Instruction XCHG_3
Groups: not64bitmode
0xf7ff454e: xchg eax, edi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff454e] = '\x97'
cpu.EIP = 0xf7ff454e
cpu.EDI = 0xf7ffdf43
cpu.EAX = 0xffffd410
cpu.execute()
self.assertEqual(mem[0xf7ff454e], '\x97')
self.assertEqual(cpu.EIP, 4160701775)
self.assertEqual(cpu.EDI, 4294956048)
self.assertEqual(cpu.EAX, 4160741187)
def test_XCHG_4(self):
''' Instruction XCHG_4
Groups:
0xf7ff36fd: xchg ebx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff36fd] = '\x87'
mem[0xf7ff36fe] = '\xd3'
cpu.EIP = 0xf7ff36fd
cpu.EDX = 0xf7ffd000
cpu.EBX = 0x3
cpu.execute()
self.assertEqual(mem[0xf7ff36fd], '\x87')
self.assertEqual(mem[0xf7ff36fe], '\xd3')
self.assertEqual(cpu.EIP, 4160698111)
self.assertEqual(cpu.EDX, 3)
self.assertEqual(cpu.EBX, 4160737280)
def test_XCHG_5(self):
''' Instruction XCHG_5
Groups:
0xf7e2e752: xchg esi, ebx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e2e000, 0x1000, 'rwx')
mem[0xf7e2e752] = '\x87'
mem[0xf7e2e753] = '\xde'
cpu.EIP = 0xf7e2e752
cpu.EBX = 0xf7fc0000
cpu.ESI = 0x1c0003f
cpu.execute()
self.assertEqual(mem[0xf7e2e752], '\x87')
self.assertEqual(mem[0xf7e2e753], '\xde')
self.assertEqual(cpu.EIP, 4158842708)
self.assertEqual(cpu.EBX, 29360191)
self.assertEqual(cpu.ESI, 4160487424)
def test_XCHG_6(self):
''' Instruction XCHG_6
Groups:
0xf7eaa1dc: xchg edi, ebx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa1dc] = '\x87'
mem[0xf7eaa1dd] = '\xdf'
cpu.EIP = 0xf7eaa1dc
cpu.EDI = 0x0
cpu.EBX = 0xf7fc0000
cpu.execute()
self.assertEqual(mem[0xf7eaa1dc], '\x87')
self.assertEqual(mem[0xf7eaa1dd], '\xdf')
self.assertEqual(cpu.EIP, 4159349214)
self.assertEqual(cpu.EDI, 4160487424)
self.assertEqual(cpu.EBX, 0)
def test_XCHG_7(self):
''' Instruction XCHG_7
Groups:
0xf7eaa1dc: xchg edi, ebx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa1dc] = '\x87'
mem[0xf7eaa1dd] = '\xdf'
cpu.EIP = 0xf7eaa1dc
cpu.EDI = 0x1
cpu.EBX = 0xf7fc0000
cpu.execute()
self.assertEqual(mem[0xf7eaa1dc], '\x87')
self.assertEqual(mem[0xf7eaa1dd], '\xdf')
self.assertEqual(cpu.EIP, 4159349214)
self.assertEqual(cpu.EDI, 4160487424)
self.assertEqual(cpu.EBX, 1)
def test_XCHG_8(self):
''' Instruction XCHG_8
Groups:
0xf7eaa1e0: xchg edi, ebx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa1e0] = '\x87'
mem[0xf7eaa1e1] = '\xdf'
cpu.EIP = 0xf7eaa1e0
cpu.EDI = 0xf7fc0000
cpu.EBX = 0x1c0003f
cpu.execute()
self.assertEqual(mem[0xf7eaa1e0], '\x87')
self.assertEqual(mem[0xf7eaa1e1], '\xdf')
self.assertEqual(cpu.EIP, 4159349218)
self.assertEqual(cpu.EDI, 29360191)
self.assertEqual(cpu.EBX, 4160487424)
def test_XCHG_9(self):
''' Instruction XCHG_9
Groups: not64bitmode
0xf7ff454e: xchg eax, edi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff454e] = '\x97'
cpu.EIP = 0xf7ff454e
cpu.EDI = 0xf7ffdf5a
cpu.EAX = 0xf7ff5e9a
cpu.execute()
self.assertEqual(mem[0xf7ff454e], '\x97')
self.assertEqual(cpu.EIP, 4160701775)
self.assertEqual(cpu.EDI, 4160708250)
self.assertEqual(cpu.EAX, 4160741210)
def test_XORPS_1(self):
''' Instruction XORPS_1
Groups: sse1
0x8070288: xorps xmm0, xmmword ptr [ebp]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0xffffb600] = '\x01'
mem[0xffffb601] = '\x85'
mem[0xffffb602] = '\xe1'
mem[0xffffb603] = '\x01'
mem[0xffffb604] = '\x00'
mem[0xffffb605] = '\xfc'
mem[0xffffb606] = '\xf1'
mem[0xffffb607] = '\x80'
mem[0x08070288] = '\x0f'
mem[0x08070289] = 'W'
mem[0x0807028a] = 'E'
mem[0x0807028b] = '\x00'
mem[0xffffb60c] = '\x00'
mem[0xffffb60d] = '\x00'
mem[0xffffb60b] = '\x00'
mem[0xffffb60f] = '\x00'
mem[0xffffb608] = '\x00'
mem[0xffffb60e] = '\x00'
mem[0xffffb609] = '\x00'
mem[0xffffb60a] = '\x00'
cpu.EIP = 0x8070288
cpu.XMM0 = 0x0
cpu.EBP = 0xffffb600
cpu.execute()
self.assertEqual(mem[0xffffb600], '\x01')
self.assertEqual(mem[0xffffb601], '\x85')
self.assertEqual(mem[0xffffb602], '\xe1')
self.assertEqual(mem[0xffffb603], '\x01')
self.assertEqual(mem[0xffffb604], '\x00')
self.assertEqual(mem[0xffffb605], '\xfc')
self.assertEqual(mem[0xffffb606], '\xf1')
self.assertEqual(mem[0xffffb607], '\x80')
self.assertEqual(mem[0x8070288], '\x0f')
self.assertEqual(mem[0x8070289], 'W')
self.assertEqual(mem[0x807028a], 'E')
self.assertEqual(mem[0x807028b], '\x00')
self.assertEqual(mem[0xffffb60c], '\x00')
self.assertEqual(mem[0xffffb60d], '\x00')
self.assertEqual(mem[0xffffb60e], '\x00')
self.assertEqual(mem[0xffffb60f], '\x00')
self.assertEqual(mem[0xffffb608], '\x00')
self.assertEqual(mem[0xffffb609], '\x00')
self.assertEqual(mem[0xffffb60a], '\x00')
self.assertEqual(mem[0xffffb60b], '\x00')
self.assertEqual(cpu.EIP, 134677132)
self.assertEqual(cpu.XMM0, 9291484583203800321)
self.assertEqual(cpu.EBP, 4294948352)
def test_XORPS_2(self):
''' Instruction XORPS_2
Groups: sse1
0x8070285: xorps xmm0, xmm1
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x08070285] = '\x0f'
mem[0x08070286] = 'W'
mem[0x08070287] = '\xc1'
cpu.EIP = 0x8070285
cpu.XMM0 = 0x0
cpu.XMM1 = 0x0
cpu.execute()
self.assertEqual(mem[0x8070285], '\x0f')
self.assertEqual(mem[0x8070286], 'W')
self.assertEqual(mem[0x8070287], '\xc1')
self.assertEqual(cpu.EIP, 134677128)
self.assertEqual(cpu.XMM0, 0)
self.assertEqual(cpu.XMM1, 0)
def test_XOR_1(self):
''' Instruction XOR_1
Groups:
0xf7e901e6: xor edx, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e90000, 0x1000, 'rwx')
mem[0xf7e901e6] = '1'
mem[0xf7e901e7] = '\xca'
cpu.EIP = 0xf7e901e6
cpu.EDX = 0x6c65662f
cpu.PF = True
cpu.OF = False
cpu.ZF = True
cpu.ECX = 0x2f2f2f2f
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7e901e6], '1')
self.assertEqual(mem[0xf7e901e7], '\xca')
self.assertEqual(cpu.EIP, 4159242728)
self.assertEqual(cpu.EDX, 1128941824)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.ECX, 791621423)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_XOR_10(self):
''' Instruction XOR_10
Groups:
0xf7fe54c9: xor edx, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54c9] = '1'
mem[0xf7fe54ca] = '\xc2'
cpu.EIP = 0xf7fe54c9
cpu.EDX = 0xf54162e5
cpu.PF = True
cpu.EAX = 0xf54162e4
cpu.OF = False
cpu.ZF = True
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe54c9], '1')
self.assertEqual(mem[0xf7fe54ca], '\xc2')
self.assertEqual(cpu.EIP, 4160640203)
self.assertEqual(cpu.EDX, 1)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.EAX, 4114703076)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_XOR_11(self):
''' Instruction XOR_11
Groups:
0xf7ff3f05: xor edx, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3f05] = '1'
mem[0xf7ff3f06] = '\xca'
cpu.EIP = 0xf7ff3f05
cpu.EDX = 0x8cd19a8b
cpu.PF = True
cpu.OF = False
cpu.ZF = False
cpu.ECX = 0x722d6473
cpu.CF = True
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7ff3f05], '1')
self.assertEqual(mem[0xf7ff3f06], '\xca')
self.assertEqual(cpu.EIP, 4160700167)
self.assertEqual(cpu.EDX, 4277993208)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.ECX, 1915577459)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, True)
def test_XOR_12(self):
''' Instruction XOR_12
Groups:
0xf7fe7288: xor eax, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7288] = '1'
mem[0xf7fe7289] = '\xc0'
cpu.EIP = 0xf7fe7288
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0xffffff00
cpu.PF = True
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fe7288], '1')
self.assertEqual(mem[0xf7fe7289], '\xc0')
self.assertEqual(cpu.EIP, 4160647818)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_XOR_13(self):
''' Instruction XOR_13
Groups:
0xf7fe54c9: xor edx, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54c9] = '1'
mem[0xf7fe54ca] = '\xc2'
cpu.EIP = 0xf7fe54c9
cpu.EDX = 0x7ab03cab
cpu.PF = False
cpu.EAX = 0x77faeee0
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe54c9], '1')
self.assertEqual(mem[0xf7fe54ca], '\xc2')
self.assertEqual(cpu.EIP, 4160640203)
self.assertEqual(cpu.EDX, 223007307)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EAX, 2012933856)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_XOR_14(self):
''' Instruction XOR_14
Groups:
0xf7febc53: xor eax, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7feb000, 0x1000, 'rwx')
mem[0xf7febc53] = '1'
mem[0xf7febc54] = '\xc0'
cpu.EIP = 0xf7febc53
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0x1
cpu.PF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7febc53], '1')
self.assertEqual(mem[0xf7febc54], '\xc0')
self.assertEqual(cpu.EIP, 4160666709)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_XOR_15(self):
''' Instruction XOR_15
Groups:
0xf7fe7288: xor eax, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7288] = '1'
mem[0xf7fe7289] = '\xc0'
cpu.EIP = 0xf7fe7288
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0xffffff01
cpu.PF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe7288], '1')
self.assertEqual(mem[0xf7fe7289], '\xc0')
self.assertEqual(cpu.EIP, 4160647818)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_XOR_16(self):
''' Instruction XOR_16
Groups:
0xf7fe7288: xor eax, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7288] = '1'
mem[0xf7fe7289] = '\xc0'
cpu.EIP = 0xf7fe7288
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0xffffff00
cpu.PF = True
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fe7288], '1')
self.assertEqual(mem[0xf7fe7289], '\xc0')
self.assertEqual(cpu.EIP, 4160647818)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_XOR_17(self):
''' Instruction XOR_17
Groups:
0xf7fe54c9: xor edx, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54c9] = '1'
mem[0xf7fe54ca] = '\xc2'
cpu.EIP = 0xf7fe54c9
cpu.EDX = 0xa1338653
cpu.PF = True
cpu.EAX = 0xa1338652
cpu.OF = False
cpu.ZF = True
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe54c9], '1')
self.assertEqual(mem[0xf7fe54ca], '\xc2')
self.assertEqual(cpu.EIP, 4160640203)
self.assertEqual(cpu.EDX, 1)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.EAX, 2704508498)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_XOR_18(self):
''' Instruction XOR_18
Groups:
0xf7febc53: xor eax, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7feb000, 0x1000, 'rwx')
mem[0xf7febc53] = '1'
mem[0xf7febc54] = '\xc0'
cpu.EIP = 0xf7febc53
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0xffffffff
cpu.PF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7febc53], '1')
self.assertEqual(mem[0xf7febc54], '\xc0')
self.assertEqual(cpu.EIP, 4160666709)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_XOR_19(self):
''' Instruction XOR_19
Groups:
0xf7eaa0f5: xor eax, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa0f5] = '1'
mem[0xf7eaa0f6] = '\xc0'
cpu.EIP = 0xf7eaa0f5
cpu.OF = False
cpu.ZF = True
cpu.CF = False
cpu.EAX = 0x0
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7eaa0f5], '1')
self.assertEqual(mem[0xf7eaa0f6], '\xc0')
self.assertEqual(cpu.EIP, 4159348983)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_XOR_2(self):
''' Instruction XOR_2
Groups:
0xf7fe7f50: xor ecx, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7f50] = '1'
mem[0xf7fe7f51] = '\xc9'
cpu.EIP = 0xf7fe7f50
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.PF = True
cpu.SF = True
cpu.ECX = 0xf7e1e800
cpu.execute()
self.assertEqual(mem[0xf7fe7f50], '1')
self.assertEqual(mem[0xf7fe7f51], '\xc9')
self.assertEqual(cpu.EIP, 4160651090)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ECX, 0)
def test_XOR_20(self):
''' Instruction XOR_20
Groups:
0xf7fed69c: xor eax, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fed000, 0x1000, 'rwx')
mem[0xf7fed69c] = '1'
mem[0xf7fed69d] = '\xc0'
cpu.EIP = 0xf7fed69c
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.EAX = 0xf7e14000
cpu.PF = False
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7fed69c], '1')
self.assertEqual(mem[0xf7fed69d], '\xc0')
self.assertEqual(cpu.EIP, 4160673438)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_XOR_21(self):
''' Instruction XOR_21
Groups:
0xf7e901d7: xor edi, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7e90000, 0x1000, 'rwx')
mem[0xf7e901d8] = '\xd7'
mem[0xf7e901d7] = '1'
cpu.EIP = 0xf7e901d7
cpu.EDX = 0x6c65662f
cpu.PF = True
cpu.OF = False
cpu.ZF = False
cpu.EDI = 0x6b64652e
cpu.CF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7e901d8], '\xd7')
self.assertEqual(mem[0xf7e901d7], '1')
self.assertEqual(cpu.EIP, 4159242713)
self.assertEqual(cpu.EDX, 1818584623)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.EDI, 117506817)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_XOR_3(self):
''' Instruction XOR_3
Groups:
0xf7ff45fe: xor ecx, esi
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff45fe] = '1'
mem[0xf7ff45ff] = '\xf1'
cpu.EIP = 0xf7ff45fe
cpu.PF = True
cpu.OF = False
cpu.ZF = False
cpu.ECX = 0xf7fdab08
cpu.CF = False
cpu.ESI = 0xf7fdab18
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7ff45fe], '1')
self.assertEqual(mem[0xf7ff45ff], '\xf1')
self.assertEqual(cpu.EIP, 4160701952)
self.assertEqual(cpu.PF, False)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.ECX, 16)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.ESI, 4160596760)
self.assertEqual(cpu.SF, False)
def test_XOR_4(self):
''' Instruction XOR_4
Groups:
0xf7ff3ccc: xor cl, dl
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ccc] = '0'
mem[0xf7ff3ccd] = '\xd1'
cpu.EIP = 0xf7ff3ccc
cpu.DL = 0x24
cpu.PF = True
cpu.CL = 0x48
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7ff3ccc], '0')
self.assertEqual(mem[0xf7ff3ccd], '\xd1')
self.assertEqual(cpu.EIP, 4160699598)
self.assertEqual(cpu.DL, 36)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.CL, 108)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_XOR_5(self):
''' Instruction XOR_5
Groups:
0xf7ff3e74: xor eax, eax
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e74] = '1'
mem[0xf7ff3e75] = '\xc0'
cpu.EIP = 0xf7ff3e74
cpu.OF = False
cpu.ZF = True
cpu.CF = False
cpu.EAX = 0xf7e28000
cpu.PF = True
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7ff3e74], '1')
self.assertEqual(mem[0xf7ff3e75], '\xc0')
self.assertEqual(cpu.EIP, 4160700022)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.EAX, 0)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
def test_XOR_6(self):
''' Instruction XOR_6
Groups:
0xf7ff3cc4: xor cl, byte ptr [eax]
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0x080481e9] = 'l'
mem[0xf7ff3cc4] = '2'
mem[0xf7ff3cc5] = '\x08'
cpu.EIP = 0xf7ff3cc4
cpu.EAX = 0x80481e9
cpu.PF = False
cpu.CL = 0x24
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0x80481e9], 'l')
self.assertEqual(mem[0xf7ff3cc4], '2')
self.assertEqual(mem[0xf7ff3cc5], '\x08')
self.assertEqual(cpu.EIP, 4160699590)
self.assertEqual(cpu.EAX, 134513129)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.CL, 72)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, False)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.SF, False)
def test_XOR_7(self):
''' Instruction XOR_7
Groups:
0xf7fe5487: xor edx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe5488] = '\xd2'
mem[0xf7fe5487] = '1'
cpu.EIP = 0xf7fe5487
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.PF = False
cpu.EDX = 0x1
cpu.SF = False
cpu.execute()
self.assertEqual(mem[0xf7fe5488], '\xd2')
self.assertEqual(mem[0xf7fe5487], '1')
self.assertEqual(cpu.EIP, 4160640137)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.SF, False)
def test_XOR_8(self):
''' Instruction XOR_8
Groups:
0xf7ff3ebf: xor edx, edx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ec0] = '\xd2'
mem[0xf7ff3ebf] = '1'
cpu.EIP = 0xf7ff3ebf
cpu.OF = False
cpu.ZF = False
cpu.CF = False
cpu.PF = True
cpu.EDX = 0x3
cpu.SF = True
cpu.execute()
self.assertEqual(mem[0xf7ff3ec0], '\xd2')
self.assertEqual(mem[0xf7ff3ebf], '1')
self.assertEqual(cpu.EIP, 4160700097)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.EDX, 0)
self.assertEqual(cpu.SF, False)
def test_XOR_9(self):
''' Instruction XOR_9
Groups:
0xf7eaa198: xor ecx, ecx
'''
mem = Memory32()
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa198] = '1'
mem[0xf7eaa199] = '\xc9'
cpu.EIP = 0xf7eaa198
cpu.OF = False
cpu.ZF = True
cpu.CF = False
cpu.PF = True
cpu.SF = False
cpu.ECX = 0x0
cpu.execute()
self.assertEqual(mem[0xf7eaa198], '1')
self.assertEqual(mem[0xf7eaa199], '\xc9')
self.assertEqual(cpu.EIP, 4159349146)
self.assertEqual(cpu.OF, False)
self.assertEqual(cpu.ZF, True)
self.assertEqual(cpu.CF, False)
self.assertEqual(cpu.PF, True)
self.assertEqual(cpu.SF, False)
self.assertEqual(cpu.ECX, 0)
def test_AAD_1_symbolic(self):
''' Instruction AAD_1
Groups: not64bitmode
0x80702ff: aad 0xff
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x8070300] = '\xff'
mem[0x80702ff] = '\xd5'
cpu.EIP = 0x80702ff
cpu.AH = cs.new_bitvec(8)
cs.add(cpu.AH == 0x0)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x30)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8070300, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0x80702ff, 8)== ord('\xd5'))
condition = Operators.AND(condition, cpu.EIP == 0x8070301)
condition = Operators.AND(condition, cpu.AH == 0x0)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.AL == 0x30)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_AAD_2_symbolic(self):
''' Instruction AAD_2
Groups: not64bitmode
0x8070301: aad 0
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x8070301] = '\xd5'
mem[0x8070302] = '\x00'
cpu.EIP = 0x8070301
cpu.AH = cs.new_bitvec(8)
cs.add(cpu.AH == 0x0)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x30)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8070301, 8)== ord('\xd5'))
condition = Operators.AND(condition, cpu.read_int(0x8070302, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8070303)
condition = Operators.AND(condition, cpu.AH == 0x0)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.AL == 0x30)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_AAD_3_symbolic(self):
''' Instruction AAD_3
Groups: not64bitmode
0x8070303: aad 0
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x8070303] = '\xd5'
mem[0x8070304] = '\x00'
cpu.EIP = 0x8070303
cpu.AH = cs.new_bitvec(8)
cs.add(cpu.AH == 0x0)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x30)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8070303, 8)== ord('\xd5'))
condition = Operators.AND(condition, cpu.read_int(0x8070304, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8070305)
condition = Operators.AND(condition, cpu.AH == 0x0)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.AL == 0x30)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_AAD_4_symbolic(self):
''' Instruction AAD_4
Groups: not64bitmode
0x80702fb: aad
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x80702fb] = '\xd5'
mem[0x80702fc] = '\n'
cpu.EIP = 0x80702fb
cpu.AH = cs.new_bitvec(8)
cs.add(cpu.AH == 0xec)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0xf8)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80702fb, 8)== ord('\xd5'))
condition = Operators.AND(condition, cpu.read_int(0x80702fc, 8)== ord('\n'))
condition = Operators.AND(condition, cpu.EIP == 0x80702fd)
condition = Operators.AND(condition, cpu.AH == 0x0)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.AL == 0x30)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_AAD_5_symbolic(self):
''' Instruction AAD_5
Groups: not64bitmode
0x80702fd: aad 0xf
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x80702fd] = '\xd5'
mem[0x80702fe] = '\x0f'
cpu.EIP = 0x80702fd
cpu.AH = cs.new_bitvec(8)
cs.add(cpu.AH == 0x0)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x30)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80702fd, 8)== ord('\xd5'))
condition = Operators.AND(condition, cpu.read_int(0x80702fe, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0x80702ff)
condition = Operators.AND(condition, cpu.AH == 0x0)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.AL == 0x30)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_AAM_1_symbolic(self):
''' Instruction AAM_1
Groups: not64bitmode
0x8070306: aam
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x8070306] = '\xd4'
mem[0x8070307] = '\n'
cpu.EIP = 0x8070306
cpu.AH = cs.new_bitvec(8)
cs.add(cpu.AH == 0x0)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x0)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8070306, 8)== ord('\xd4'))
condition = Operators.AND(condition, cpu.read_int(0x8070307, 8)== ord('\n'))
condition = Operators.AND(condition, cpu.EIP == 0x8070308)
condition = Operators.AND(condition, cpu.AH == 0x0)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.AL == 0x0)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_AAM_2_symbolic(self):
''' Instruction AAM_2
Groups: not64bitmode
0x807030a: aam 0xff
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x807030a] = '\xd4'
mem[0x807030b] = '\xff'
cpu.EIP = 0x807030a
cpu.AH = cs.new_bitvec(8)
cs.add(cpu.AH == 0x0)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x0)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807030a, 8)== ord('\xd4'))
condition = Operators.AND(condition, cpu.read_int(0x807030b, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0x807030c)
condition = Operators.AND(condition, cpu.AH == 0x0)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.AL == 0x0)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_AAM_3_symbolic(self):
''' Instruction AAM_3
Groups: not64bitmode
0x8070308: aam 0xf
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x8070308] = '\xd4'
mem[0x8070309] = '\x0f'
cpu.EIP = 0x8070308
cpu.AH = cs.new_bitvec(8)
cs.add(cpu.AH == 0x0)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x0)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8070308, 8)== ord('\xd4'))
condition = Operators.AND(condition, cpu.read_int(0x8070309, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0x807030a)
condition = Operators.AND(condition, cpu.AH == 0x0)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.AL == 0x0)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ADD_1_symbolic(self):
''' Instruction ADD_1
Groups:
0xf7fec387: add ecx, edi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec388] = '\xf9'
mem[0xf7fec387] = '\x01'
cpu.EIP = 0xf7fec387
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x5c6b)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7e22474)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fec388, 8)== ord('\xf9'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec387, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fec389)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.ECX == 0xf7e280df)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.EDI == 0xf7e22474)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ADD_10_symbolic(self):
''' Instruction ADD_10
Groups:
0xf7fe71b9: add dword ptr [eax], edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fbf000, 0x1000, 'rwx')
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fbf780)
value = cs.new_bitvec(8)
cs.add(value == 0xa0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fbf781)
value = cs.new_bitvec(8)
cs.add(value == 0xe9)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fbf782)
value = cs.new_bitvec(8)
cs.add(value == 0x6)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fbf783)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fe71b9] = '\x01'
mem[0xf7fe71ba] = '\x10'
cpu.EIP = 0xf7fe71b9
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7fbf780)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7e15000)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fbf780, 8)== ord('\xa0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fbf781, 8)== ord('9'))
condition = Operators.AND(condition, cpu.read_int(0xf7fbf782, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fbf783, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b9, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71ba, 8)== ord('\x10'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71bb)
condition = Operators.AND(condition, cpu.EAX == 0xf7fbf780)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EDX == 0xf7e15000)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ADD_11_symbolic(self):
''' Instruction ADD_11
Groups:
0xf7ff41d7: add ebx, 0x1315
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff41d7] = '\x81'
mem[0xf7ff41d8] = '\xc3'
mem[0xf7ff41d9] = '\x15'
mem[0xf7ff41da] = '\x13'
mem[0xf7ff41db] = '\x00'
mem[0xf7ff41dc] = '\x00'
cpu.EIP = 0xf7ff41d7
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EBX = cs.new_bitvec(32)
cs.add(cpu.EBX == 0xf7ff41d7)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff41d7, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff41d8, 8)== ord('\xc3'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff41d9, 8)== ord('\x15'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff41da, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff41db, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff41dc, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff41dd)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.EBX == 0xf7ff54ec)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ADD_12_symbolic(self):
''' Instruction ADD_12
Groups:
0xf7fe71b9: add dword ptr [eax], edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fbf000, 0x1000, 'rwx')
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fbfb0c)
value = cs.new_bitvec(8)
cs.add(value == 0xf0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fbfb0d)
value = cs.new_bitvec(8)
cs.add(value == 0x1e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fbfb0e)
value = cs.new_bitvec(8)
cs.add(value == 0x7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fbfb0f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fe71b9] = '\x01'
mem[0xf7fe71ba] = '\x10'
cpu.EIP = 0xf7fe71b9
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7fbfb0c)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7e15000)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fbfb0c, 8)== ord('\xf0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fbfb0d, 8)== ord('n'))
condition = Operators.AND(condition, cpu.read_int(0xf7fbfb0e, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fbfb0f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b9, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71ba, 8)== ord('\x10'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71bb)
condition = Operators.AND(condition, cpu.EAX == 0xf7fbfb0c)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EDX == 0xf7e15000)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ADD_13_symbolic(self):
''' Instruction ADD_13
Groups:
0xf7fe7299: add eax, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7299] = '\x01'
mem[0xf7fe729a] = '\xc0'
cpu.EIP = 0xf7fe7299
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7299, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe729a, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe729b)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ADD_14_symbolic(self):
''' Instruction ADD_14
Groups:
0xf7fe71aa: add eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71aa] = '\x01'
mem[0xf7fe71ab] = '\xd0'
cpu.EIP = 0xf7fe71aa
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x1aacdc)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7e15000)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe71aa, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71ab, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71ac)
condition = Operators.AND(condition, cpu.EAX == 0xf7fbfcdc)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EDX == 0xf7e15000)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ADD_15_symbolic(self):
''' Instruction ADD_15
Groups:
0xf7fe9c44: add dword ptr [ebp - 0x20], 1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe9c44] = '\x83'
mem[0xf7fe9c45] = 'E'
mem[0xf7fe9c46] = '\xe0'
mem[0xf7fe9c47] = '\x01'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd478)
value = cs.new_bitvec(8)
cs.add(value == 0xe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd479)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd47a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd47b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0xf7fe9c44
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd498)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe9c44, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9c45, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9c46, 8)== ord('\xe0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9c47, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xffffd478, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xffffd479, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd47a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd47b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe9c48)
condition = Operators.AND(condition, cpu.EBP == 0xffffd498)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ADD_16_symbolic(self):
''' Instruction ADD_16
Groups:
0xf7fe56a2: add edx, 1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a2] = '\x83'
mem[0xf7fe56a3] = '\xc2'
mem[0xf7fe56a4] = '\x01'
cpu.EIP = 0xf7fe56a2
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7e25acc)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a2, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a3, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a4, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56a5)
condition = Operators.AND(condition, cpu.EDX == 0xf7e25acd)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ADD_17_symbolic(self):
''' Instruction ADD_17
Groups:
0xf7fe71b9: add dword ptr [eax], edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fbf000, 0x1000, 'rwx')
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71b9] = '\x01'
mem[0xf7fe71ba] = '\x10'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fbf09c)
value = cs.new_bitvec(8)
cs.add(value == 0x88)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fbf09d)
value = cs.new_bitvec(8)
cs.add(value == 0x1e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fbf09e)
value = cs.new_bitvec(8)
cs.add(value == 0x16)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fbf09f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0xf7fe71b9
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7fbf09c)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7e15000)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b9, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71ba, 8)== ord('\x10'))
condition = Operators.AND(condition, cpu.read_int(0xf7fbf09c, 8)== ord('\x88'))
condition = Operators.AND(condition, cpu.read_int(0xf7fbf09d, 8)== ord('n'))
condition = Operators.AND(condition, cpu.read_int(0xf7fbf09e, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7fbf09f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71bb)
condition = Operators.AND(condition, cpu.EAX == 0xf7fbf09c)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EDX == 0xf7e15000)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ADD_18_symbolic(self):
''' Instruction ADD_18
Groups:
0xf7fe71aa: add eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71aa] = '\x01'
mem[0xf7fe71ab] = '\xd0'
cpu.EIP = 0xf7fe71aa
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x1aa628)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7e15000)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe71aa, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71ab, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71ac)
condition = Operators.AND(condition, cpu.EAX == 0xf7fbf628)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EDX == 0xf7e15000)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ADD_19_symbolic(self):
''' Instruction ADD_19
Groups:
0xf7fe4d33: add esp, 0x2c
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4d33] = '\x83'
mem[0xf7fe4d34] = '\xc4'
mem[0xf7fe4d35] = ','
cpu.EIP = 0xf7fe4d33
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2b0)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4d33, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4d34, 8)== ord('\xc4'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4d35, 8)== ord(','))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4d36)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2dc)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ADD_2_symbolic(self):
''' Instruction ADD_2
Groups:
0xf7fe7213: add ecx, dword ptr [ebp - 0x78]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd480)
value = cs.new_bitvec(8)
cs.add(value == 0xd4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd481)
value = cs.new_bitvec(8)
cs.add(value == 0x8e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd482)
value = cs.new_bitvec(8)
cs.add(value == 0xe1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd483)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
mem[0xf7fe7213] = '\x03'
mem[0xf7fe7214] = 'M'
mem[0xf7fe7215] = '\x88'
cpu.EIP = 0xf7fe7213
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd4f8)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd480, 8)== ord('\xd4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd481, 8)== ord('\x8e'))
condition = Operators.AND(condition, cpu.read_int(0xffffd482, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0xffffd483, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7213, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7214, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7215, 8)== ord('\x88'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7216)
condition = Operators.AND(condition, cpu.EBP == 0xffffd4f8)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.ECX == 0xf7e18ed4)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ADD_20_symbolic(self):
''' Instruction ADD_20
Groups:
0xf7fe71fc: add esi, dword ptr [edi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e2c000, 0x1000, 'rwx')
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e2c18c)
value = cs.new_bitvec(8)
cs.add(value == 0x18)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e2c18d)
value = cs.new_bitvec(8)
cs.add(value == 0xaf)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e2c18e)
value = cs.new_bitvec(8)
cs.add(value == 0x1a)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e2c18f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fe71fc] = '\x03'
mem[0xf7fe71fd] = '7'
cpu.EIP = 0xf7fe71fc
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7e2c18c)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7e15000)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e2c18c, 8)== ord('\x18'))
condition = Operators.AND(condition, cpu.read_int(0xf7e2c18d, 8)== ord('\xaf'))
condition = Operators.AND(condition, cpu.read_int(0xf7e2c18e, 8)== ord('\x1a'))
condition = Operators.AND(condition, cpu.read_int(0xf7e2c18f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71fc, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71fd, 8)== ord('7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71fe)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.EDI == 0xf7e2c18c)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.ESI == 0xf7fbff18)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ADD_21_symbolic(self):
''' Instruction ADD_21
Groups:
0xf7fe56aa: add edi, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56aa] = '\x01'
mem[0xf7fe56ab] = '\xc7'
cpu.EIP = 0xf7fe56aa
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x72)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x2f2c5d89)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe56aa, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ab, 8)== ord('\xc7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56ac)
condition = Operators.AND(condition, cpu.EAX == 0x72)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.EDI == 0x2f2c5dfb)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ADD_3_symbolic(self):
''' Instruction ADD_3
Groups:
0xf7fe56aa: add edi, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56aa] = '\x01'
mem[0xf7fe56ab] = '\xc7'
cpu.EIP = 0xf7fe56aa
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x69)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x6f268490)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe56aa, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ab, 8)== ord('\xc7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56ac)
condition = Operators.AND(condition, cpu.EAX == 0x69)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.EDI == 0x6f2684f9)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ADD_4_symbolic(self):
''' Instruction ADD_4
Groups:
0xf7eaa0d9: add eax, 1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa0d9] = '\x83'
mem[0xf7eaa0da] = '\xc0'
mem[0xf7eaa0db] = '\x01'
cpu.EIP = 0xf7eaa0d9
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x26)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7eaa0d9, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa0da, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa0db, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.EIP == 0xf7eaa0dc)
condition = Operators.AND(condition, cpu.EAX == 0x27)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ADD_5_symbolic(self):
''' Instruction ADD_5
Groups:
0x8070234: add byte ptr [ebp], 0xff
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
mem[0x8070234] = '\x80'
mem[0x8070235] = 'E'
mem[0x8070236] = '\x00'
mem[0x8070237] = '\xff'
cpu.EIP = 0x8070234
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\xfd'))
condition = Operators.AND(condition, cpu.read_int(0x8070234, 8)== ord('\x80'))
condition = Operators.AND(condition, cpu.read_int(0x8070235, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x8070236, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8070237, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0x8070238)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ADD_6_symbolic(self):
''' Instruction ADD_6
Groups:
0xf7fe71b6: add esi, 8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71b8] = '\x08'
mem[0xf7fe71b6] = '\x83'
mem[0xf7fe71b7] = '\xc6'
cpu.EIP = 0xf7fe71b6
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7e2b534)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b8, 8)== ord('\x08'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b6, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b7, 8)== ord('\xc6'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71b9)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.ESI == 0xf7e2b53c)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ADD_7_symbolic(self):
''' Instruction ADD_7
Groups:
0xf7fe71aa: add eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71aa] = '\x01'
mem[0xf7fe71ab] = '\xd0'
cpu.EIP = 0xf7fe71aa
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x1a9498)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7e15000)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe71aa, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71ab, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71ac)
condition = Operators.AND(condition, cpu.EAX == 0xf7fbe498)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EDX == 0xf7e15000)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ADD_8_symbolic(self):
''' Instruction ADD_8
Groups:
0xf7fe56a2: add edx, 1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a2] = '\x83'
mem[0xf7fe56a3] = '\xc2'
mem[0xf7fe56a4] = '\x01'
cpu.EIP = 0xf7fe56a2
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7e23c44)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a2, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a3, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a4, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56a5)
condition = Operators.AND(condition, cpu.EDX == 0xf7e23c45)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ADD_9_symbolic(self):
''' Instruction ADD_9
Groups:
0xf7fe56a8: add edi, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a8] = '\x01'
mem[0xf7fe56a9] = '\xcf'
cpu.EIP = 0xf7fe56a8
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xfecf2720)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xc7f67939)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a8, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a9, 8)== ord('\xcf'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56aa)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.ECX == 0xfecf2720)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.EDI == 0xc6c5a059)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_AND_1_symbolic(self):
''' Instruction AND_1
Groups:
0x806c452: and dword ptr [ebp], 0xff
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0806c000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x806c452] = '\x81'
mem[0x806c453] = 'e'
mem[0x806c454] = '\x00'
mem[0x806c455] = '\xff'
mem[0x806c456] = '\x00'
mem[0x806c457] = '\x00'
mem[0x806c458] = '\x00'
cpu.EIP = 0x806c452
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x806c452, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0x806c453, 8)== ord('e'))
condition = Operators.AND(condition, cpu.read_int(0x806c454, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x806c455, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0x806c456, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x806c457, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x806c458, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x806c459)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_AND_10_symbolic(self):
''' Instruction AND_10
Groups:
0xf7fe88dd: and edx, 3
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe8000, 0x1000, 'rwx')
mem[0xf7fe88dd] = '\x83'
mem[0xf7fe88de] = '\xe2'
mem[0xf7fe88df] = '\x03'
cpu.EIP = 0xf7fe88dd
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x21)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe88dd, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe88de, 8)== ord('\xe2'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe88df, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe88e0)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.EDX == 0x1)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_AND_11_symbolic(self):
''' Instruction AND_11
Groups:
0xf7ff3eed: and edx, 0x1010100
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3eed] = '\x81'
mem[0xf7ff3eee] = '\xe2'
mem[0xf7ff3eef] = '\x00'
mem[0xf7ff3ef0] = '\x01'
mem[0xf7ff3ef1] = '\x01'
mem[0xf7ff3ef2] = '\x01'
cpu.EIP = 0xf7ff3eed
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xfefcfef8)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3eed, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3eee, 8)== ord('\xe2'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3eef, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3ef0, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3ef1, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3ef2, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3ef3)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_AND_12_symbolic(self):
''' Instruction AND_12
Groups:
0x804a3e4: and dword ptr [ebp], 0xff
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804a000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x804a3e4] = '\x81'
mem[0x804a3e5] = 'e'
mem[0x804a3e6] = '\x00'
mem[0x804a3e7] = '\xff'
mem[0x804a3e8] = '\x00'
mem[0x804a3e9] = '\x00'
mem[0x804a3ea] = '\x00'
cpu.EIP = 0x804a3e4
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804a3e4, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0x804a3e5, 8)== ord('e'))
condition = Operators.AND(condition, cpu.read_int(0x804a3e6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804a3e7, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0x804a3e8, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804a3e9, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804a3ea, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x804a3eb)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_AND_13_symbolic(self):
''' Instruction AND_13
Groups:
0x8069701: and edx, 0xff
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08069000, 0x1000, 'rwx')
mem[0x8069701] = '\x81'
mem[0x8069702] = '\xe2'
mem[0x8069703] = '\xff'
mem[0x8069704] = '\x00'
mem[0x8069705] = '\x00'
mem[0x8069706] = '\x00'
cpu.EIP = 0x8069701
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8069701, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0x8069702, 8)== ord('\xe2'))
condition = Operators.AND(condition, cpu.read_int(0x8069703, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0x8069704, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8069705, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8069706, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8069707)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_AND_14_symbolic(self):
''' Instruction AND_14
Groups:
0x8065b70: and dword ptr [ebp], 0xff
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x10)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8065b70] = '\x81'
mem[0x8065b71] = 'e'
mem[0x8065b72] = '\x00'
mem[0x8065b73] = '\xff'
mem[0x8065b74] = '\x00'
mem[0x8065b75] = '\x00'
mem[0x8065b76] = '\x00'
cpu.EIP = 0x8065b70
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x10'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8065b70, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0x8065b71, 8)== ord('e'))
condition = Operators.AND(condition, cpu.read_int(0x8065b72, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8065b73, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0x8065b74, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8065b75, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8065b76, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8065b77)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_AND_15_symbolic(self):
''' Instruction AND_15
Groups:
0x8064eb1: and dword ptr [ebp], 0xff
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08064000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x10)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8064eb1] = '\x81'
mem[0x8064eb2] = 'e'
mem[0x8064eb3] = '\x00'
mem[0x8064eb4] = '\xff'
mem[0x8064eb5] = '\x00'
mem[0x8064eb6] = '\x00'
mem[0x8064eb7] = '\x00'
cpu.EIP = 0x8064eb1
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x10'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8064eb1, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0x8064eb2, 8)== ord('e'))
condition = Operators.AND(condition, cpu.read_int(0x8064eb3, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8064eb4, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0x8064eb5, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8064eb6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8064eb7, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8064eb8)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_AND_16_symbolic(self):
''' Instruction AND_16
Groups:
0x806b598: and dword ptr [ebp], 0xff
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0806b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x806b598] = '\x81'
mem[0x806b599] = 'e'
mem[0x806b59a] = '\x00'
mem[0x806b59b] = '\xff'
mem[0x806b59c] = '\x00'
mem[0x806b59d] = '\x00'
mem[0x806b59e] = '\x00'
cpu.EIP = 0x806b598
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x806b598, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0x806b599, 8)== ord('e'))
condition = Operators.AND(condition, cpu.read_int(0x806b59a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x806b59b, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0x806b59c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x806b59d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x806b59e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x806b59f)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_AND_17_symbolic(self):
''' Instruction AND_17
Groups:
0x805b447: and eax, 0xff
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x805b448] = '\xff'
mem[0x805b449] = '\x00'
mem[0x805b44a] = '\x00'
mem[0x805b44b] = '\x00'
mem[0x805b447] = '%'
cpu.EIP = 0x805b447
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xeb)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805b448, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0x805b449, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805b44a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805b44b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805b447, 8)== ord('%'))
condition = Operators.AND(condition, cpu.EIP == 0x805b44c)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0xeb)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_AND_18_symbolic(self):
''' Instruction AND_18
Groups:
0x805a902: and eax, 0xff
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805a000, 0x1000, 'rwx')
mem[0x805a902] = '%'
mem[0x805a903] = '\xff'
mem[0x805a904] = '\x00'
mem[0x805a905] = '\x00'
mem[0x805a906] = '\x00'
cpu.EIP = 0x805a902
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xeb)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805a902, 8)== ord('%'))
condition = Operators.AND(condition, cpu.read_int(0x805a903, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0x805a904, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805a905, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805a906, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x805a907)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0xeb)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_AND_19_symbolic(self):
''' Instruction AND_19
Groups:
0x806aae2: and dword ptr [ebp], 0xff
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0806a000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x806aae2] = '\x81'
mem[0x806aae3] = 'e'
mem[0x806aae4] = '\x00'
mem[0x806aae5] = '\xff'
mem[0x806aae6] = '\x00'
mem[0x806aae7] = '\x00'
mem[0x806aae8] = '\x00'
cpu.EIP = 0x806aae2
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x806aae2, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0x806aae3, 8)== ord('e'))
condition = Operators.AND(condition, cpu.read_int(0x806aae4, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x806aae5, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0x806aae6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x806aae7, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x806aae8, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x806aae9)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_AND_2_symbolic(self):
''' Instruction AND_2
Groups:
0x805dc21: and dword ptr [ebp], 0xff
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x805dc21] = '\x81'
mem[0x805dc22] = 'e'
mem[0x805dc23] = '\x00'
mem[0x805dc24] = '\xff'
mem[0x805dc25] = '\x00'
mem[0x805dc26] = '\x00'
mem[0x805dc27] = '\x00'
cpu.EIP = 0x805dc21
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805dc21, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0x805dc22, 8)== ord('e'))
condition = Operators.AND(condition, cpu.read_int(0x805dc23, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805dc24, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0x805dc25, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805dc26, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805dc27, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x805dc28)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_AND_20_symbolic(self):
''' Instruction AND_20
Groups:
0x805a4fc: and eax, 0xff
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805a000, 0x1000, 'rwx')
mem[0x805a500] = '\x00'
mem[0x805a4fc] = '%'
mem[0x805a4fd] = '\xff'
mem[0x805a4fe] = '\x00'
mem[0x805a4ff] = '\x00'
cpu.EIP = 0x805a4fc
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xeb)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805a500, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805a4fc, 8)== ord('%'))
condition = Operators.AND(condition, cpu.read_int(0x805a4fd, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0x805a4fe, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805a4ff, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x805a501)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0xeb)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_AND_21_symbolic(self):
''' Instruction AND_21
Groups:
0x8060799: and dword ptr [ebp], 0xff
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08060000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8060799] = '\x81'
mem[0x806079a] = 'e'
mem[0x806079b] = '\x00'
mem[0x806079c] = '\xff'
mem[0x806079d] = '\x00'
mem[0x806079e] = '\x00'
mem[0x806079f] = '\x00'
cpu.EIP = 0x8060799
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8060799, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0x806079a, 8)== ord('e'))
condition = Operators.AND(condition, cpu.read_int(0x806079b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x806079c, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0x806079d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x806079e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x806079f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x80607a0)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_AND_3_symbolic(self):
''' Instruction AND_3
Groups:
0x806e0cf: and dword ptr [ebp], 0xff
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0806e000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x806e0cf] = '\x81'
mem[0x806e0d0] = 'e'
mem[0x806e0d1] = '\x00'
mem[0x806e0d2] = '\xff'
mem[0x806e0d3] = '\x00'
mem[0x806e0d4] = '\x00'
mem[0x806e0d5] = '\x00'
cpu.EIP = 0x806e0cf
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x806e0cf, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0x806e0d0, 8)== ord('e'))
condition = Operators.AND(condition, cpu.read_int(0x806e0d1, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x806e0d2, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0x806e0d3, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x806e0d4, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x806e0d5, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x806e0d6)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_AND_4_symbolic(self):
''' Instruction AND_4
Groups:
0x806cf9f: and edx, 0xff
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0806c000, 0x1000, 'rwx')
mem[0x806cfa0] = '\xe2'
mem[0x806cfa1] = '\xff'
mem[0x806cfa2] = '\x00'
mem[0x806cfa3] = '\x00'
mem[0x806cfa4] = '\x00'
mem[0x806cf9f] = '\x81'
cpu.EIP = 0x806cf9f
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xfa)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x806cfa0, 8)== ord('\xe2'))
condition = Operators.AND(condition, cpu.read_int(0x806cfa1, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0x806cfa2, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x806cfa3, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x806cfa4, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x806cf9f, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.EIP == 0x806cfa5)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EDX == 0xfa)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_AND_5_symbolic(self):
''' Instruction AND_5
Groups:
0x8062394: and dword ptr [ebp], 0xff
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08062000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x10)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8062394] = '\x81'
mem[0x8062395] = 'e'
mem[0x8062396] = '\x00'
mem[0x8062397] = '\xff'
mem[0x8062398] = '\x00'
mem[0x8062399] = '\x00'
mem[0x806239a] = '\x00'
cpu.EIP = 0x8062394
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x10'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8062394, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0x8062395, 8)== ord('e'))
condition = Operators.AND(condition, cpu.read_int(0x8062396, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8062397, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0x8062398, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8062399, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x806239a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x806239b)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_AND_6_symbolic(self):
''' Instruction AND_6
Groups:
0xf7fe212b: and ecx, 7
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe2000, 0x1000, 'rwx')
mem[0xf7fe212b] = '\x83'
mem[0xf7fe212c] = '\xe1'
mem[0xf7fe212d] = '\x07'
cpu.EIP = 0xf7fe212b
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x6)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe212b, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe212c, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe212d, 8)== ord('\x07'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe212e)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ECX == 0x6)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_AND_7_symbolic(self):
''' Instruction AND_7
Groups:
0x804bf30: and edx, 0xff
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804b000, 0x1000, 'rwx')
mem[0x804bf30] = '\x81'
mem[0x804bf31] = '\xe2'
mem[0x804bf32] = '\xff'
mem[0x804bf33] = '\x00'
mem[0x804bf34] = '\x00'
mem[0x804bf35] = '\x00'
cpu.EIP = 0x804bf30
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf0)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804bf30, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0x804bf31, 8)== ord('\xe2'))
condition = Operators.AND(condition, cpu.read_int(0x804bf32, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0x804bf33, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804bf34, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804bf35, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x804bf36)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EDX == 0xf0)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_AND_8_symbolic(self):
''' Instruction AND_8
Groups:
0xf7fec3da: and edx, 0x7fff
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec3da] = '\x81'
mem[0xf7fec3db] = '\xe2'
mem[0xf7fec3dc] = '\xff'
mem[0xf7fec3dd] = '\x7f'
mem[0xf7fec3de] = '\x00'
mem[0xf7fec3df] = '\x00'
cpu.EIP = 0xf7fec3da
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x19)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fec3da, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec3db, 8)== ord('\xe2'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec3dc, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec3dd, 8)== ord('\x7f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec3de, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec3df, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fec3e0)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.EDX == 0x19)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_AND_9_symbolic(self):
''' Instruction AND_9
Groups:
0x80494c9: and edx, 0xff
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08049000, 0x1000, 'rwx')
mem[0x80494c9] = '\x81'
mem[0x80494ca] = '\xe2'
mem[0x80494cb] = '\xff'
mem[0x80494cc] = '\x00'
mem[0x80494cd] = '\x00'
mem[0x80494ce] = '\x00'
cpu.EIP = 0x80494c9
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf0)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80494c9, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0x80494ca, 8)== ord('\xe2'))
condition = Operators.AND(condition, cpu.read_int(0x80494cb, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0x80494cc, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x80494cd, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x80494ce, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x80494cf)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EDX == 0xf0)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BSF_1_symbolic(self):
''' Instruction BSF_1
Groups:
0x806b25c: bsf cx, dx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0806b000, 0x1000, 'rwx')
mem[0x806b25c] = 'f'
mem[0x806b25d] = '\x0f'
mem[0x806b25e] = '\xbc'
mem[0x806b25f] = '\xca'
cpu.EIP = 0x806b25c
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x746e)
cpu.DX = cs.new_bitvec(16)
cs.add(cpu.DX == 0xfa)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x806b25c, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x806b25d, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x806b25e, 8)== ord('\xbc'))
condition = Operators.AND(condition, cpu.read_int(0x806b25f, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0x806b260)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CX == 0x1)
condition = Operators.AND(condition, cpu.DX == 0xfa)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BSF_2_symbolic(self):
''' Instruction BSF_2
Groups:
0x806b294: bsf cx, word ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0806b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x806b294] = 'f'
mem[0x806b295] = '\x0f'
mem[0x806b296] = '\xbc'
mem[0x806b297] = 'M'
mem[0x806b298] = '\x00'
cpu.EIP = 0x806b294
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x1)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x806b294, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x806b295, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x806b296, 8)== ord('\xbc'))
condition = Operators.AND(condition, cpu.read_int(0x806b297, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x806b298, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x806b299)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CX == 0x1)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BSF_3_symbolic(self):
''' Instruction BSF_3
Groups:
0x806b335: bsf ecx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0806b000, 0x1000, 'rwx')
mem[0x806b335] = '\x0f'
mem[0x806b336] = '\xbc'
mem[0x806b337] = '\xca'
cpu.EIP = 0x806b335
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xfa)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x6c650001)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x806b335, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x806b336, 8)== ord('\xbc'))
condition = Operators.AND(condition, cpu.read_int(0x806b337, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0x806b338)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.EDX == 0xfa)
condition = Operators.AND(condition, cpu.ECX == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BSF_4_symbolic(self):
''' Instruction BSF_4
Groups:
0x806b36c: bsf ecx, dword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0806b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x806b36c] = '\x0f'
mem[0x806b36d] = '\xbc'
mem[0x806b36e] = 'M'
mem[0x806b36f] = '\x00'
cpu.EIP = 0x806b36c
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x1)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x806b36c, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x806b36d, 8)== ord('\xbc'))
condition = Operators.AND(condition, cpu.read_int(0x806b36e, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x806b36f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x806b370)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.ECX == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BSR_1_symbolic(self):
''' Instruction BSR_1
Groups:
0x80661a3: bsr cx, word ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08066000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x80661a3] = 'f'
mem[0x80661a4] = '\x0f'
mem[0x80661a5] = '\xbd'
mem[0x80661a6] = 'M'
mem[0x80661a7] = '\x00'
cpu.EIP = 0x80661a3
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0xfc00)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x80661a3, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x80661a4, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80661a5, 8)== ord('\xbd'))
condition = Operators.AND(condition, cpu.read_int(0x80661a6, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x80661a7, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x80661a8)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CX == 0xfc00)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BSR_2_symbolic(self):
''' Instruction BSR_2
Groups:
0xf7e2e8e8: bsr ecx, dword ptr [esp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e2e000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd600)
value = cs.new_bitvec(8)
cs.add(value == 0x1f)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7e2e8e8] = '\x0f'
mem[0xf7e2e8e9] = '\xbd'
mem[0xf7e2e8ea] = '\x0c'
mem[0xf7e2e8eb] = '$'
cpu.EIP = 0xf7e2e8e8
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x200)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd600, 8)== ord('\x1f'))
condition = Operators.AND(condition, cpu.read_int(0xffffd601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e2e8e8, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7e2e8e9, 8)== ord('\xbd'))
condition = Operators.AND(condition, cpu.read_int(0xf7e2e8ea, 8)== ord('\x0c'))
condition = Operators.AND(condition, cpu.read_int(0xf7e2e8eb, 8)== ord('$'))
condition = Operators.AND(condition, cpu.EIP == 0xf7e2e8ec)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.ESP == 0xffffd600)
condition = Operators.AND(condition, cpu.ECX == 0x4)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BSR_3_symbolic(self):
''' Instruction BSR_3
Groups:
0x806627b: bsr ecx, dword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08066000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x806627b] = '\x0f'
mem[0x806627c] = '\xbd'
mem[0x806627d] = 'M'
mem[0x806627e] = '\x00'
cpu.EIP = 0x806627b
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x80f1fc00)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x806627b, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x806627c, 8)== ord('\xbd'))
condition = Operators.AND(condition, cpu.read_int(0x806627d, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x806627e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x806627f)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.ECX == 0x80f1fc00)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BSR_4_symbolic(self):
''' Instruction BSR_4
Groups:
0x8066244: bsr ecx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08066000, 0x1000, 'rwx')
mem[0x8066244] = '\x0f'
mem[0x8066245] = '\xbd'
mem[0x8066246] = '\xca'
cpu.EIP = 0x8066244
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x80f1fc00)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8066244, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8066245, 8)== ord('\xbd'))
condition = Operators.AND(condition, cpu.read_int(0x8066246, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0x8066247)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.ECX == 0x80f1fc00)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BSR_5_symbolic(self):
''' Instruction BSR_5
Groups:
0x806616b: bsr cx, dx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08066000, 0x1000, 'rwx')
mem[0x806616b] = 'f'
mem[0x806616c] = '\x0f'
mem[0x806616d] = '\xbd'
mem[0x806616e] = '\xca'
cpu.EIP = 0x806616b
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0xfc00)
cpu.DX = cs.new_bitvec(16)
cs.add(cpu.DX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x806616b, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x806616c, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x806616d, 8)== ord('\xbd'))
condition = Operators.AND(condition, cpu.read_int(0x806616e, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0x806616f)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CX == 0xfc00)
condition = Operators.AND(condition, cpu.DX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BSWAP_1_symbolic(self):
''' Instruction BSWAP_1
Groups:
0x807937c: bswap ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x807937c] = '\x0f'
mem[0x807937d] = '\xc9'
cpu.EIP = 0x807937c
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x80008001)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807937c, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x807937d, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.EIP == 0x807937e)
condition = Operators.AND(condition, cpu.ECX == 0x1800080)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BTC_1_symbolic(self):
''' Instruction BTC_1
Groups:
0x8061077: btc ecx, 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08061000, 0x1000, 'rwx')
mem[0x8061078] = '\xba'
mem[0x8061079] = '\xf9'
mem[0x806107a] = '\x04'
mem[0x8061077] = '\x0f'
cpu.EIP = 0x8061077
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xffffffef)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8061078, 8)== ord('\xba'))
condition = Operators.AND(condition, cpu.read_int(0x8061079, 8)== ord('\xf9'))
condition = Operators.AND(condition, cpu.read_int(0x806107a, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.read_int(0x8061077, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0x806107b)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.ECX == 0xffffffff)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BTC_2_symbolic(self):
''' Instruction BTC_2
Groups:
0x8060f33: btc cx, dx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08060000, 0x1000, 'rwx')
mem[0x8060f33] = 'f'
mem[0x8060f34] = '\x0f'
mem[0x8060f35] = '\xbb'
mem[0x8060f36] = '\xd1'
cpu.EIP = 0x8060f33
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0xffff)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.DX = cs.new_bitvec(16)
cs.add(cpu.DX == 0xec)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8060f33, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8060f34, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8060f35, 8)== ord('\xbb'))
condition = Operators.AND(condition, cpu.read_int(0x8060f36, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.EIP == 0x8060f37)
condition = Operators.AND(condition, cpu.CX == 0xefff)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.DX == 0xec)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BTC_3_symbolic(self):
''' Instruction BTC_3
Groups:
0x80610a2: btc ecx, -1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08061000, 0x1000, 'rwx')
mem[0x80610a2] = '\x0f'
mem[0x80610a3] = '\xba'
mem[0x80610a4] = '\xf9'
mem[0x80610a5] = '\xff'
cpu.EIP = 0x80610a2
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xffffffff)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80610a2, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80610a3, 8)== ord('\xba'))
condition = Operators.AND(condition, cpu.read_int(0x80610a4, 8)== ord('\xf9'))
condition = Operators.AND(condition, cpu.read_int(0x80610a5, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0x80610a6)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.ECX == 0x7fffffff)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BTC_4_symbolic(self):
''' Instruction BTC_4
Groups:
0x8060fac: btc cx, 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08060000, 0x1000, 'rwx')
mem[0x8060fb0] = '\x04'
mem[0x8060fac] = 'f'
mem[0x8060fad] = '\x0f'
mem[0x8060fae] = '\xba'
mem[0x8060faf] = '\xf9'
cpu.EIP = 0x8060fac
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0xefff)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8060fb0, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.read_int(0x8060fac, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8060fad, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8060fae, 8)== ord('\xba'))
condition = Operators.AND(condition, cpu.read_int(0x8060faf, 8)== ord('\xf9'))
condition = Operators.AND(condition, cpu.EIP == 0x8060fb1)
condition = Operators.AND(condition, cpu.CX == 0xefef)
condition = Operators.AND(condition, cpu.CF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BTC_5_symbolic(self):
''' Instruction BTC_5
Groups:
0x806100c: btc ecx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08061000, 0x1000, 'rwx')
mem[0x806100c] = '\x0f'
mem[0x806100d] = '\xbb'
mem[0x806100e] = '\xd1'
cpu.EIP = 0x806100c
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xec)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xffffefef)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x806100c, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x806100d, 8)== ord('\xbb'))
condition = Operators.AND(condition, cpu.read_int(0x806100e, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.EIP == 0x806100f)
condition = Operators.AND(condition, cpu.EDX == 0xec)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.ECX == 0xffffffef)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BTR_1_symbolic(self):
''' Instruction BTR_1
Groups:
0x805beed: btr ecx, -1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x805bef0] = '\xff'
mem[0x805beed] = '\x0f'
mem[0x805beee] = '\xba'
mem[0x805beef] = '\xf1'
cpu.EIP = 0x805beed
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x80000000)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805bef0, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0x805beed, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x805beee, 8)== ord('\xba'))
condition = Operators.AND(condition, cpu.read_int(0x805beef, 8)== ord('\xf1'))
condition = Operators.AND(condition, cpu.EIP == 0x805bef1)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BTR_2_symbolic(self):
''' Instruction BTR_2
Groups:
0x805bec2: btr ecx, 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x805bec2] = '\x0f'
mem[0x805bec3] = '\xba'
mem[0x805bec4] = '\xf1'
mem[0x805bec5] = '\x04'
cpu.EIP = 0x805bec2
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x80000000)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805bec2, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x805bec3, 8)== ord('\xba'))
condition = Operators.AND(condition, cpu.read_int(0x805bec4, 8)== ord('\xf1'))
condition = Operators.AND(condition, cpu.read_int(0x805bec5, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.EIP == 0x805bec6)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.ECX == 0x80000000)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BTR_3_symbolic(self):
''' Instruction BTR_3
Groups:
0x805bdf7: btr cx, 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x805bdf8] = '\x0f'
mem[0x805bdf9] = '\xba'
mem[0x805bdfa] = '\xf1'
mem[0x805bdfb] = '\x04'
mem[0x805bdf7] = 'f'
cpu.EIP = 0x805bdf7
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x10)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805bdf8, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x805bdf9, 8)== ord('\xba'))
condition = Operators.AND(condition, cpu.read_int(0x805bdfa, 8)== ord('\xf1'))
condition = Operators.AND(condition, cpu.read_int(0x805bdfb, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.read_int(0x805bdf7, 8)== ord('f'))
condition = Operators.AND(condition, cpu.EIP == 0x805bdfc)
condition = Operators.AND(condition, cpu.CX == 0x0)
condition = Operators.AND(condition, cpu.CF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BTR_4_symbolic(self):
''' Instruction BTR_4
Groups:
0x805be57: btr ecx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x805be58] = '\xb3'
mem[0x805be59] = '\xd1'
mem[0x805be57] = '\x0f'
cpu.EIP = 0x805be57
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xec)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x80000000)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805be58, 8)== ord('\xb3'))
condition = Operators.AND(condition, cpu.read_int(0x805be59, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.read_int(0x805be57, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0x805be5a)
condition = Operators.AND(condition, cpu.EDX == 0xec)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.ECX == 0x80000000)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BTR_5_symbolic(self):
''' Instruction BTR_5
Groups:
0x805bd7e: btr cx, dx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x805bd80] = '\xb3'
mem[0x805bd81] = '\xd1'
mem[0x805bd7e] = 'f'
mem[0x805bd7f] = '\x0f'
cpu.EIP = 0x805bd7e
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x1010)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.DX = cs.new_bitvec(16)
cs.add(cpu.DX == 0xec)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805bd80, 8)== ord('\xb3'))
condition = Operators.AND(condition, cpu.read_int(0x805bd81, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.read_int(0x805bd7e, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x805bd7f, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0x805bd82)
condition = Operators.AND(condition, cpu.CX == 0x10)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.DX == 0xec)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BTS_1_symbolic(self):
''' Instruction BTS_1
Groups:
0x805bbab: bts ecx, 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x805bbab] = '\x0f'
mem[0x805bbac] = '\xba'
mem[0x805bbad] = '\xe9'
mem[0x805bbae] = '\x04'
cpu.EIP = 0x805bbab
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x1010)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805bbab, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x805bbac, 8)== ord('\xba'))
condition = Operators.AND(condition, cpu.read_int(0x805bbad, 8)== ord('\xe9'))
condition = Operators.AND(condition, cpu.read_int(0x805bbae, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.EIP == 0x805bbaf)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.ECX == 0x1010)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BTS_2_symbolic(self):
''' Instruction BTS_2
Groups:
0x805bba8: bts ecx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x805bba8] = '\x0f'
mem[0x805bba9] = '\xab'
mem[0x805bbaa] = '\xd1'
cpu.EIP = 0x805bba8
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x3ec)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x1010)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805bba8, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x805bba9, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.read_int(0x805bbaa, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.EIP == 0x805bbab)
condition = Operators.AND(condition, cpu.EDX == 0x3ec)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.ECX == 0x1010)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BTS_3_symbolic(self):
''' Instruction BTS_3
Groups:
0x805bba3: bts cx, 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x805bba3] = 'f'
mem[0x805bba4] = '\x0f'
mem[0x805bba5] = '\xba'
mem[0x805bba6] = '\xe9'
mem[0x805bba7] = '\x04'
cpu.EIP = 0x805bba3
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x1000)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805bba3, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x805bba4, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x805bba5, 8)== ord('\xba'))
condition = Operators.AND(condition, cpu.read_int(0x805bba6, 8)== ord('\xe9'))
condition = Operators.AND(condition, cpu.read_int(0x805bba7, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.EIP == 0x805bba8)
condition = Operators.AND(condition, cpu.CX == 0x1010)
condition = Operators.AND(condition, cpu.CF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BTS_4_symbolic(self):
''' Instruction BTS_4
Groups:
0x805bb9f: bts cx, dx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x805bba0] = '\x0f'
mem[0x805bba1] = '\xab'
mem[0x805bba2] = '\xd1'
mem[0x805bb9f] = 'f'
cpu.EIP = 0x805bb9f
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x0)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.DX = cs.new_bitvec(16)
cs.add(cpu.DX == 0x3ec)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805bba0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x805bba1, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.read_int(0x805bba2, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.read_int(0x805bb9f, 8)== ord('f'))
condition = Operators.AND(condition, cpu.EIP == 0x805bba3)
condition = Operators.AND(condition, cpu.CX == 0x1000)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.DX == 0x3ec)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BTS_5_symbolic(self):
''' Instruction BTS_5
Groups:
0x805bbaf: bts ecx, -1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x805bbb0] = '\xba'
mem[0x805bbb1] = '\xe9'
mem[0x805bbb2] = '\xff'
mem[0x805bbaf] = '\x0f'
cpu.EIP = 0x805bbaf
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x1010)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805bbb0, 8)== ord('\xba'))
condition = Operators.AND(condition, cpu.read_int(0x805bbb1, 8)== ord('\xe9'))
condition = Operators.AND(condition, cpu.read_int(0x805bbb2, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0x805bbaf, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0x805bbb3)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.ECX == 0x80001010)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BT_1_symbolic(self):
''' Instruction BT_1
Groups:
0x80486c3: bt ecx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem[0x80486c3] = '\x0f'
mem[0x80486c4] = '\xa3'
mem[0x80486c5] = '\xd1'
cpu.EIP = 0x80486c3
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf0)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80486c3, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80486c4, 8)== ord('\xa3'))
condition = Operators.AND(condition, cpu.read_int(0x80486c5, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.EIP == 0x80486c6)
condition = Operators.AND(condition, cpu.EDX == 0xf0)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BT_10_symbolic(self):
''' Instruction BT_10
Groups:
0xf7fe4cc0: bt eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x1)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x467)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc1, 8)== ord('\xa3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc2, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4cc3)
condition = Operators.AND(condition, cpu.EDX == 0x1)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.EAX == 0x467)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BT_11_symbolic(self):
''' Instruction BT_11
Groups:
0xf7fe4cc0: bt eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x2)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x467)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc1, 8)== ord('\xa3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc2, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4cc3)
condition = Operators.AND(condition, cpu.EDX == 0x2)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.EAX == 0x467)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BT_12_symbolic(self):
''' Instruction BT_12
Groups:
0xf7fe4cc0: bt eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x1)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x467)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc1, 8)== ord('\xa3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc2, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4cc3)
condition = Operators.AND(condition, cpu.EDX == 0x1)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.EAX == 0x467)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BT_13_symbolic(self):
''' Instruction BT_13
Groups:
0xf7fe4cc0: bt eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x1)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x467)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc1, 8)== ord('\xa3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc2, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4cc3)
condition = Operators.AND(condition, cpu.EDX == 0x1)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.EAX == 0x467)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BT_14_symbolic(self):
''' Instruction BT_14
Groups:
0xf7fe4cc0: bt eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x1)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x467)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc1, 8)== ord('\xa3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc2, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4cc3)
condition = Operators.AND(condition, cpu.EDX == 0x1)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.EAX == 0x467)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BT_15_symbolic(self):
''' Instruction BT_15
Groups:
0xf7fe4cc0: bt eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x1)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x467)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc1, 8)== ord('\xa3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc2, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4cc3)
condition = Operators.AND(condition, cpu.EDX == 0x1)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.EAX == 0x467)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BT_16_symbolic(self):
''' Instruction BT_16
Groups:
0x80485ea: bt cx, dx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem[0x80485ea] = 'f'
mem[0x80485eb] = '\x0f'
mem[0x80485ec] = '\xa3'
mem[0x80485ed] = '\xd1'
cpu.EIP = 0x80485ea
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x0)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.DX = cs.new_bitvec(16)
cs.add(cpu.DX == 0xf0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80485ea, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x80485eb, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80485ec, 8)== ord('\xa3'))
condition = Operators.AND(condition, cpu.read_int(0x80485ed, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.EIP == 0x80485ee)
condition = Operators.AND(condition, cpu.CX == 0x0)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.DX == 0xf0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BT_17_symbolic(self):
''' Instruction BT_17
Groups:
0xf7fe4cc0: bt eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x1)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x467)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc1, 8)== ord('\xa3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc2, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4cc3)
condition = Operators.AND(condition, cpu.EDX == 0x1)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.EAX == 0x467)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BT_18_symbolic(self):
''' Instruction BT_18
Groups:
0xf7fe4cc0: bt eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x1)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x467)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc1, 8)== ord('\xa3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc2, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4cc3)
condition = Operators.AND(condition, cpu.EDX == 0x1)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.EAX == 0x467)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BT_19_symbolic(self):
''' Instruction BT_19
Groups:
0xf7fe4cc0: bt eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x1)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x467)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc1, 8)== ord('\xa3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc2, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4cc3)
condition = Operators.AND(condition, cpu.EDX == 0x1)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.EAX == 0x467)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BT_2_symbolic(self):
''' Instruction BT_2
Groups:
0xf7fe4cc0: bt eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x1)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x467)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc1, 8)== ord('\xa3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc2, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4cc3)
condition = Operators.AND(condition, cpu.EDX == 0x1)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.EAX == 0x467)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BT_20_symbolic(self):
''' Instruction BT_20
Groups:
0xf7fe4cc0: bt eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x1)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x467)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc1, 8)== ord('\xa3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc2, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4cc3)
condition = Operators.AND(condition, cpu.EDX == 0x1)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.EAX == 0x467)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BT_21_symbolic(self):
''' Instruction BT_21
Groups:
0xf7fe4cc0: bt eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x1)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x467)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc1, 8)== ord('\xa3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc2, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4cc3)
condition = Operators.AND(condition, cpu.EDX == 0x1)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.EAX == 0x467)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BT_3_symbolic(self):
''' Instruction BT_3
Groups:
0xf7fe4cc0: bt eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x1)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x467)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc1, 8)== ord('\xa3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc2, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4cc3)
condition = Operators.AND(condition, cpu.EDX == 0x1)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.EAX == 0x467)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BT_4_symbolic(self):
''' Instruction BT_4
Groups:
0xf7fe4cc0: bt eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x1)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x467)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc1, 8)== ord('\xa3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc2, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4cc3)
condition = Operators.AND(condition, cpu.EDX == 0x1)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.EAX == 0x467)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BT_5_symbolic(self):
''' Instruction BT_5
Groups:
0xf7fe4cc0: bt eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x1)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x467)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc1, 8)== ord('\xa3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc2, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4cc3)
condition = Operators.AND(condition, cpu.EDX == 0x1)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.EAX == 0x467)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BT_6_symbolic(self):
''' Instruction BT_6
Groups:
0xf7fe4cc0: bt eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x1)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x467)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc1, 8)== ord('\xa3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc2, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4cc3)
condition = Operators.AND(condition, cpu.EDX == 0x1)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.EAX == 0x467)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BT_7_symbolic(self):
''' Instruction BT_7
Groups:
0xf7fe4cc0: bt eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x1)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x467)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc1, 8)== ord('\xa3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc2, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4cc3)
condition = Operators.AND(condition, cpu.EDX == 0x1)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.EAX == 0x467)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BT_8_symbolic(self):
''' Instruction BT_8
Groups:
0x8048759: bt ecx, -1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem[0x8048759] = '\x0f'
mem[0x804875a] = '\xba'
mem[0x804875b] = '\xe1'
mem[0x804875c] = '\xff'
cpu.EIP = 0x8048759
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8048759, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804875a, 8)== ord('\xba'))
condition = Operators.AND(condition, cpu.read_int(0x804875b, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0x804875c, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0x804875d)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_BT_9_symbolic(self):
''' Instruction BT_9
Groups:
0xf7fe4cc0: bt eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc0] = '\x0f'
mem[0xf7fe4cc1] = '\xa3'
mem[0xf7fe4cc2] = '\xd0'
cpu.EIP = 0xf7fe4cc0
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x1)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x467)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc1, 8)== ord('\xa3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc2, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4cc3)
condition = Operators.AND(condition, cpu.EDX == 0x1)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.EAX == 0x467)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CALL_1_symbolic(self):
''' Instruction CALL_1
Groups: call, not64bitmode
0xf7fec303: call 0xf7fdc820
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd400)
value = cs.new_bitvec(8)
cs.add(value == 0x3)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd401)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd402)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fec303] = '\xe8'
mem[0xf7fec304] = '\x18'
mem[0xf7fec305] = '\x05'
mem[0xf7fec306] = '\xff'
mem[0xf7fec307] = '\xff'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd403)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd404)
value = cs.new_bitvec(8)
cs.add(value == 0x10)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3fc)
value = cs.new_bitvec(8)
cs.add(value == 0xc1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3fd)
value = cs.new_bitvec(8)
cs.add(value == 0xc1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3fe)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3ff)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fec303
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd488)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd400)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd400, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0xffffd401, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd402, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec303, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec304, 8)== ord('\x18'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec305, 8)== ord('\x05'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec306, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec307, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd403, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd404, 8)== ord('\x10'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3fc, 8)== ord('\x08'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3fd, 8)== ord('\xc3'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3fe, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3ff, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fdc820)
condition = Operators.AND(condition, cpu.EBP == 0xffffd488)
condition = Operators.AND(condition, cpu.ESP == 0xffffd3fc)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CALL_10_symbolic(self):
''' Instruction CALL_10
Groups: call, not64bitmode
0xf7ff0819: call 0xf7ff0590
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7ff0819] = '\xe8'
mem[0xf7ff081a] = 'r'
mem[0xf7ff081b] = '\xfd'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd01c)
value = cs.new_bitvec(8)
cs.add(value == 0x1e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd01d)
value = cs.new_bitvec(8)
cs.add(value == 0x8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd01e)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd01f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd020)
value = cs.new_bitvec(8)
cs.add(value == 0xcd)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd021)
value = cs.new_bitvec(8)
cs.add(value == 0x5e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd022)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd023)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd024)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7ff081c] = '\xff'
mem[0xf7ff081d] = '\xff'
cpu.EIP = 0xf7ff0819
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0x306)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd020)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff0819, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff081a, 8)== ord('r'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff081b, 8)== ord('\xfd'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff081c, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff081d, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd01e, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd01f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd020, 8)== ord('\xcd'))
condition = Operators.AND(condition, cpu.read_int(0xffffd021, 8)== ord('^'))
condition = Operators.AND(condition, cpu.read_int(0xffffd022, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd023, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd024, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd01c, 8)== ord('\x1e'))
condition = Operators.AND(condition, cpu.read_int(0xffffd01d, 8)== ord('\x08'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff0590)
condition = Operators.AND(condition, cpu.EBP == 0x306)
condition = Operators.AND(condition, cpu.ESP == 0xffffd01c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CALL_11_symbolic(self):
''' Instruction CALL_11
Groups: call, not64bitmode
0xf7fe54ef: call 0xf7fe4c80
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2f3)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ef)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
mem[0xf7fe54f0] = '\x8c'
mem[0xf7fe54f1] = '\xf7'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ec)
value = cs.new_bitvec(8)
cs.add(value == 0x34)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ed)
value = cs.new_bitvec(8)
cs.add(value == 0x4e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ee)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
mem[0xf7fe54ef] = '\xe8'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2f0)
value = cs.new_bitvec(8)
cs.add(value == 0xc4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2f1)
value = cs.new_bitvec(8)
cs.add(value == 0xb1)
mem[addr] = value
mem[0xf7fe54f2] = '\xff'
mem[0xf7fe54f3] = '\xff'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2f4)
value = cs.new_bitvec(8)
cs.add(value == 0xdc)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2f2)
value = cs.new_bitvec(8)
cs.add(value == 0xfd)
mem[addr] = value
cpu.EIP = 0xf7fe54ef
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xf7fdab18)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2f0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd2f3, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ef, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2f0, 8)== ord('\xc4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2f1, 8)== ord('\xb1'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ec, 8)== ord('\xf4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ed, 8)== ord('T'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ee, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54ef, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54f0, 8)== ord('\x8c'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54f1, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54f2, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54f3, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2f4, 8)== ord('\xdc'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2f2, 8)== ord('\xfd'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4c80)
condition = Operators.AND(condition, cpu.EBP == 0xf7fdab18)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2ec)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CALL_12_symbolic(self):
''' Instruction CALL_12
Groups: call, not64bitmode
0xf7fe72f3: call 0xf7fe5670
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd440)
value = cs.new_bitvec(8)
cs.add(value == 0x10)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd441)
value = cs.new_bitvec(8)
cs.add(value == 0xaa)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd442)
value = cs.new_bitvec(8)
cs.add(value == 0xfd)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd443)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd444)
value = cs.new_bitvec(8)
cs.add(value == 0xa8)
mem[addr] = value
mem[0xf7fe72f3] = '\xe8'
mem[0xf7fe72f4] = 'x'
mem[0xf7fe72f5] = '\xe3'
mem[0xf7fe72f6] = '\xff'
mem[0xf7fe72f7] = '\xff'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43c)
value = cs.new_bitvec(8)
cs.add(value == 0xf8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43d)
value = cs.new_bitvec(8)
cs.add(value == 0x72)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43e)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe72f3
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd4f8)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd440)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd440, 8)== ord('\x10'))
condition = Operators.AND(condition, cpu.read_int(0xffffd441, 8)== ord('\xaa'))
condition = Operators.AND(condition, cpu.read_int(0xffffd442, 8)== ord('\xfd'))
condition = Operators.AND(condition, cpu.read_int(0xffffd443, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd444, 8)== ord('\xa8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72f3, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72f4, 8)== ord('x'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72f5, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72f6, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72f7, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43c, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43d, 8)== ord('r'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43e, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe5670)
condition = Operators.AND(condition, cpu.EBP == 0xffffd4f8)
condition = Operators.AND(condition, cpu.ESP == 0xffffd43c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CALL_13_symbolic(self):
''' Instruction CALL_13
Groups: call, not64bitmode
0xf7fe8bc3: call 0xf7ff45f0
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe8000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe8bc3] = '\xe8'
mem[0xf7fe8bc4] = '('
mem[0xf7fe8bc5] = '\xba'
mem[0xf7fe8bc6] = '\x00'
mem[0xf7fe8bc7] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd34c)
value = cs.new_bitvec(8)
cs.add(value == 0x9d)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd34d)
value = cs.new_bitvec(8)
cs.add(value == 0x8b)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd34e)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd34f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd350)
value = cs.new_bitvec(8)
cs.add(value == 0xf4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd351)
value = cs.new_bitvec(8)
cs.add(value == 0xaa)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd352)
value = cs.new_bitvec(8)
cs.add(value == 0xfd)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd353)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd354)
value = cs.new_bitvec(8)
cs.add(value == 0x80)
mem[addr] = value
cpu.EIP = 0xf7fe8bc3
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd4f8)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd350)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe8bc3, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe8bc4, 8)== ord('('))
condition = Operators.AND(condition, cpu.read_int(0xf7fe8bc5, 8)== ord('\xba'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe8bc6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe8bc7, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd34c, 8)== ord('\xc8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd34d, 8)== ord('\x8b'))
condition = Operators.AND(condition, cpu.read_int(0xffffd34e, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd34f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd350, 8)== ord('\xf4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd351, 8)== ord('\xaa'))
condition = Operators.AND(condition, cpu.read_int(0xffffd352, 8)== ord('\xfd'))
condition = Operators.AND(condition, cpu.read_int(0xffffd353, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd354, 8)== ord('\x80'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff45f0)
condition = Operators.AND(condition, cpu.EBP == 0xffffd4f8)
condition = Operators.AND(condition, cpu.ESP == 0xffffd34c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CALL_14_symbolic(self):
''' Instruction CALL_14
Groups: call, not64bitmode
0xf7eaa007: call 0xf7f3b7db
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd580)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd581)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd582)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd583)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd584)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7eaa007] = '\xe8'
mem[0xf7eaa008] = '\xcf'
mem[0xf7eaa009] = '\x17'
mem[0xf7eaa00a] = '\t'
mem[0xf7eaa00b] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd57c)
value = cs.new_bitvec(8)
cs.add(value == 0xc)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd57d)
value = cs.new_bitvec(8)
cs.add(value == 0xa0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd57e)
value = cs.new_bitvec(8)
cs.add(value == 0xea)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd57f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7eaa007
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xc2)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd580)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd580, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd581, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd582, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd583, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd584, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa007, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa008, 8)== ord('\xcf'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa009, 8)== ord('\x17'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa00a, 8)== ord('\t'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa00b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd57c, 8)== ord('\x0c'))
condition = Operators.AND(condition, cpu.read_int(0xffffd57d, 8)== ord('\xa0'))
condition = Operators.AND(condition, cpu.read_int(0xffffd57e, 8)== ord('\xea'))
condition = Operators.AND(condition, cpu.read_int(0xffffd57f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7f3b7db)
condition = Operators.AND(condition, cpu.EBP == 0xc2)
condition = Operators.AND(condition, cpu.ESP == 0xffffd57c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CALL_15_symbolic(self):
''' Instruction CALL_15
Groups: call, not64bitmode
0xf7feabc3: call dword ptr [ebx + 0x558]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fea000, 0x1000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd340)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd341)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd342)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7feabc3] = '\xff'
mem[0xf7feabc4] = '\x93'
mem[0xf7feabc5] = 'X'
mem[0xf7feabc6] = '\x05'
mem[0xf7feabc7] = '\x00'
mem[0xf7feabc8] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd344)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd343)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffd558)
value = cs.new_bitvec(8)
cs.add(value == 0x20)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffd559)
value = cs.new_bitvec(8)
cs.add(value == 0xd1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffd55a)
value = cs.new_bitvec(8)
cs.add(value == 0xfd)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffd55b)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd33c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd33d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd33e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd33f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0xf7feabc3
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd4f8)
cpu.EBX = cs.new_bitvec(32)
cs.add(cpu.EBX == 0xf7ffd000)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd340)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd340, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd341, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd342, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7feabc3, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7feabc4, 8)== ord('\x93'))
condition = Operators.AND(condition, cpu.read_int(0xf7feabc5, 8)== ord('X'))
condition = Operators.AND(condition, cpu.read_int(0xf7feabc6, 8)== ord('\x05'))
condition = Operators.AND(condition, cpu.read_int(0xf7feabc7, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7feabc8, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd344, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd343, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffd558, 8)== ord(' '))
condition = Operators.AND(condition, cpu.read_int(0xf7ffd559, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffd55a, 8)== ord('\xfd'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffd55b, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd33c, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0xffffd33d, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.read_int(0xffffd33e, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd33f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fdd120)
condition = Operators.AND(condition, cpu.EBP == 0xffffd4f8)
condition = Operators.AND(condition, cpu.EBX == 0xf7ffd000)
condition = Operators.AND(condition, cpu.ESP == 0xffffd33c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CALL_16_symbolic(self):
''' Instruction CALL_16
Groups: call, not64bitmode
0xf7fe72f3: call 0xf7fe5670
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd440)
value = cs.new_bitvec(8)
cs.add(value == 0x10)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd441)
value = cs.new_bitvec(8)
cs.add(value == 0xaa)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd442)
value = cs.new_bitvec(8)
cs.add(value == 0xfd)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd443)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd444)
value = cs.new_bitvec(8)
cs.add(value == 0xa8)
mem[addr] = value
mem[0xf7fe72f3] = '\xe8'
mem[0xf7fe72f4] = 'x'
mem[0xf7fe72f5] = '\xe3'
mem[0xf7fe72f6] = '\xff'
mem[0xf7fe72f7] = '\xff'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43c)
value = cs.new_bitvec(8)
cs.add(value == 0xf8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43d)
value = cs.new_bitvec(8)
cs.add(value == 0x72)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43e)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe72f3
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd4f8)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd440)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd440, 8)== ord('\x10'))
condition = Operators.AND(condition, cpu.read_int(0xffffd441, 8)== ord('\xaa'))
condition = Operators.AND(condition, cpu.read_int(0xffffd442, 8)== ord('\xfd'))
condition = Operators.AND(condition, cpu.read_int(0xffffd443, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd444, 8)== ord('\xa8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72f3, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72f4, 8)== ord('x'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72f5, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72f6, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72f7, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43c, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43d, 8)== ord('r'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43e, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe5670)
condition = Operators.AND(condition, cpu.EBP == 0xffffd4f8)
condition = Operators.AND(condition, cpu.ESP == 0xffffd43c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CALL_17_symbolic(self):
''' Instruction CALL_17
Groups: call, not64bitmode
0xf7fe568c: call 0xf7ff4768
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd380)
value = cs.new_bitvec(8)
cs.add(value == 0xe8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd381)
value = cs.new_bitvec(8)
cs.add(value == 0xd3)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd382)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd383)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd384)
value = cs.new_bitvec(8)
cs.add(value == 0xd4)
mem[addr] = value
mem[0xf7fe568c] = '\xe8'
mem[0xf7fe568d] = '\xd7'
mem[0xf7fe568e] = '\xf0'
mem[0xf7fe568f] = '\x00'
mem[0xf7fe5690] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37c)
value = cs.new_bitvec(8)
cs.add(value == 0x7a)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37d)
value = cs.new_bitvec(8)
cs.add(value == 0x57)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37e)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe568c
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd438)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd380)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd380, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd381, 8)== ord('\xd3'))
condition = Operators.AND(condition, cpu.read_int(0xffffd382, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd383, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd384, 8)== ord('\xd4'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe568c, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe568d, 8)== ord('\xd7'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe568e, 8)== ord('\xf0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe568f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe5690, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37c, 8)== ord('\x91'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37d, 8)== ord('V'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37e, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4768)
condition = Operators.AND(condition, cpu.EBP == 0xffffd438)
condition = Operators.AND(condition, cpu.ESP == 0xffffd37c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CALL_18_symbolic(self):
''' Instruction CALL_18
Groups: call, not64bitmode
0xf7ff0a62: call 0xf7ff0590
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd022)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd023)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd024)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd01c)
value = cs.new_bitvec(8)
cs.add(value == 0x1e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd01d)
value = cs.new_bitvec(8)
cs.add(value == 0x8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd01e)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd01f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd020)
value = cs.new_bitvec(8)
cs.add(value == 0xcd)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd021)
value = cs.new_bitvec(8)
cs.add(value == 0x5e)
mem[addr] = value
mem[0xf7ff0a62] = '\xe8'
mem[0xf7ff0a63] = ')'
mem[0xf7ff0a64] = '\xfb'
mem[0xf7ff0a65] = '\xff'
mem[0xf7ff0a66] = '\xff'
cpu.EIP = 0xf7ff0a62
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0x340)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd020)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd022, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd023, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd024, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd01c, 8)== ord('g'))
condition = Operators.AND(condition, cpu.read_int(0xffffd01d, 8)== ord('\n'))
condition = Operators.AND(condition, cpu.read_int(0xffffd01e, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd01f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd020, 8)== ord('\xcd'))
condition = Operators.AND(condition, cpu.read_int(0xffffd021, 8)== ord('^'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0a62, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0a63, 8)== ord(')'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0a64, 8)== ord('\xfb'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0a65, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0a66, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff0590)
condition = Operators.AND(condition, cpu.EBP == 0x340)
condition = Operators.AND(condition, cpu.ESP == 0xffffd01c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CALL_19_symbolic(self):
''' Instruction CALL_19
Groups: call, not64bitmode
0xf7fe4d98: call 0xf7ff3e60
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe4d98] = '\xe8'
mem[0xf7fe4d99] = '\xc3'
mem[0xf7fe4d9a] = '\xf0'
mem[0xf7fe4d9b] = '\x00'
mem[0xf7fe4d9c] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ac)
value = cs.new_bitvec(8)
cs.add(value == 0x97)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ad)
value = cs.new_bitvec(8)
cs.add(value == 0x4c)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ae)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2af)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2b0)
value = cs.new_bitvec(8)
cs.add(value == 0x61)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2b1)
value = cs.new_bitvec(8)
cs.add(value == 0x80)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2b2)
value = cs.new_bitvec(8)
cs.add(value == 0xe2)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2b3)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2b4)
value = cs.new_bitvec(8)
cs.add(value == 0x61)
mem[addr] = value
cpu.EIP = 0xf7fe4d98
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xf7fdaba8)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2b0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4d98, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4d99, 8)== ord('\xc3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4d9a, 8)== ord('\xf0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4d9b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4d9c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ac, 8)== ord('\x9d'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ad, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ae, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2af, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2b0, 8)== ord('a'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2b1, 8)== ord('\x80'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2b2, 8)== ord('\xe2'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2b3, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2b4, 8)== ord('a'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e60)
condition = Operators.AND(condition, cpu.EBP == 0xf7fdaba8)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2ac)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CALL_2_symbolic(self):
''' Instruction CALL_2
Groups: call, not64bitmode
0xf7eaa8b1: call 0xf7f3b7db
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd439)
value = cs.new_bitvec(8)
cs.add(value == 0xd0)
mem[addr] = value
mem[0xf7eaa8b1] = '\xe8'
mem[0xf7eaa8b2] = '%'
mem[0xf7eaa8b3] = '\x0f'
mem[0xf7eaa8b4] = '\t'
mem[0xf7eaa8b5] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd436)
value = cs.new_bitvec(8)
cs.add(value == 0xe9)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd437)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd438)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd434)
value = cs.new_bitvec(8)
cs.add(value == 0x76)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43a)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43b)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43c)
value = cs.new_bitvec(8)
cs.add(value == 0x8c)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd435)
value = cs.new_bitvec(8)
cs.add(value == 0x78)
mem[addr] = value
cpu.EIP = 0xf7eaa8b1
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd4f8)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd438)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd439, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa8b1, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa8b2, 8)== ord('%'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa8b3, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa8b4, 8)== ord('\t'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa8b5, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd436, 8)== ord('\xea'))
condition = Operators.AND(condition, cpu.read_int(0xffffd437, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd438, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd434, 8)== ord('\xb6'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43a, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43b, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43c, 8)== ord('\x8c'))
condition = Operators.AND(condition, cpu.read_int(0xffffd435, 8)== ord('\xa8'))
condition = Operators.AND(condition, cpu.EIP == 0xf7f3b7db)
condition = Operators.AND(condition, cpu.EBP == 0xffffd4f8)
condition = Operators.AND(condition, cpu.ESP == 0xffffd434)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CALL_20_symbolic(self):
''' Instruction CALL_20
Groups: call, not64bitmode
0xf7fe9d3c: call 0xf7fdc810
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe9d40] = '\xff'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3ec)
value = cs.new_bitvec(8)
cs.add(value == 0x1b)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3ed)
value = cs.new_bitvec(8)
cs.add(value == 0x9c)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3ee)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3ef)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f0)
value = cs.new_bitvec(8)
cs.add(value == 0xb8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f1)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f2)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f3)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f4)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fe9d3c] = '\xe8'
mem[0xf7fe9d3d] = '\xcf'
mem[0xf7fe9d3e] = '*'
mem[0xf7fe9d3f] = '\xff'
cpu.EIP = 0xf7fe9d3c
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd498)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd3f0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe9d40, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3ec, 8)== ord('A'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3ed, 8)== ord('\x9d'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3ee, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3ef, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f0, 8)== ord('\xb8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f1, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f2, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f3, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f4, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9d3c, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9d3d, 8)== ord('\xcf'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9d3e, 8)== ord('*'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9d3f, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fdc810)
condition = Operators.AND(condition, cpu.EBP == 0xffffd498)
condition = Operators.AND(condition, cpu.ESP == 0xffffd3ec)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CALL_21_symbolic(self):
''' Instruction CALL_21
Groups: call, not64bitmode
0xf7fe3b46: call 0xf7fdc810
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe3000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe3b46] = '\xe8'
mem[0xf7fe3b47] = '\xc5'
mem[0xf7fe3b48] = '\x8c'
mem[0xf7fe3b49] = '\xff'
mem[0xf7fe3b4a] = '\xff'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd49c)
value = cs.new_bitvec(8)
cs.add(value == 0x36)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd49d)
value = cs.new_bitvec(8)
cs.add(value == 0x3b)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd49e)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd49f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4a0)
value = cs.new_bitvec(8)
cs.add(value == 0x14)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4a1)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4a2)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4a3)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4a4)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0xf7fe3b46
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd4f8)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd4a0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe3b46, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe3b47, 8)== ord('\xc5'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe3b48, 8)== ord('\x8c'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe3b49, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe3b4a, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd49c, 8)== ord('K'))
condition = Operators.AND(condition, cpu.read_int(0xffffd49d, 8)== ord(';'))
condition = Operators.AND(condition, cpu.read_int(0xffffd49e, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd49f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4a0, 8)== ord('\x14'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4a1, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4a2, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4a3, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4a4, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fdc810)
condition = Operators.AND(condition, cpu.EBP == 0xffffd4f8)
condition = Operators.AND(condition, cpu.ESP == 0xffffd49c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CALL_3_symbolic(self):
''' Instruction CALL_3
Groups: call, not64bitmode
0xf7fe4d98: call 0xf7ff3e60
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe4d98] = '\xe8'
mem[0xf7fe4d99] = '\xc3'
mem[0xf7fe4d9a] = '\xf0'
mem[0xf7fe4d9b] = '\x00'
mem[0xf7fe4d9c] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ac)
value = cs.new_bitvec(8)
cs.add(value == 0xe2)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ad)
value = cs.new_bitvec(8)
cs.add(value == 0x4c)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ae)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2af)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2b0)
value = cs.new_bitvec(8)
cs.add(value == 0x34)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2b1)
value = cs.new_bitvec(8)
cs.add(value == 0xc6)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2b2)
value = cs.new_bitvec(8)
cs.add(value == 0xfd)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2b3)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2b4)
value = cs.new_bitvec(8)
cs.add(value == 0xac)
mem[addr] = value
cpu.EIP = 0xf7fe4d98
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xf7fdadb8)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2b0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4d98, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4d99, 8)== ord('\xc3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4d9a, 8)== ord('\xf0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4d9b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4d9c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ac, 8)== ord('\x9d'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ad, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ae, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2af, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2b0, 8)== ord('4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2b1, 8)== ord('\xc6'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2b2, 8)== ord('\xfd'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2b3, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2b4, 8)== ord('\xac'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e60)
condition = Operators.AND(condition, cpu.EBP == 0xf7fdadb8)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2ac)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CALL_4_symbolic(self):
''' Instruction CALL_4
Groups: call, not64bitmode
0xf7fe54ef: call 0xf7fe4c80
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2f3)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ef)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
mem[0xf7fe54f0] = '\x8c'
mem[0xf7fe54f1] = '\xf7'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ec)
value = cs.new_bitvec(8)
cs.add(value == 0x34)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ed)
value = cs.new_bitvec(8)
cs.add(value == 0x4e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ee)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
mem[0xf7fe54ef] = '\xe8'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2f0)
value = cs.new_bitvec(8)
cs.add(value == 0xc4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2f1)
value = cs.new_bitvec(8)
cs.add(value == 0xb1)
mem[addr] = value
mem[0xf7fe54f2] = '\xff'
mem[0xf7fe54f3] = '\xff'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2f4)
value = cs.new_bitvec(8)
cs.add(value == 0xdc)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2f2)
value = cs.new_bitvec(8)
cs.add(value == 0xfd)
mem[addr] = value
cpu.EIP = 0xf7fe54ef
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xf7fdab18)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2f0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd2f3, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ef, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2f0, 8)== ord('\xc4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2f1, 8)== ord('\xb1'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ec, 8)== ord('\xf4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ed, 8)== ord('T'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ee, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54ef, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54f0, 8)== ord('\x8c'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54f1, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54f2, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54f3, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2f4, 8)== ord('\xdc'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2f2, 8)== ord('\xfd'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4c80)
condition = Operators.AND(condition, cpu.EBP == 0xf7fdab18)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2ec)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CALL_5_symbolic(self):
''' Instruction CALL_5
Groups: call, not64bitmode
0xf7ff41d2: call 0xf7ff4768
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7ff41d2] = '\xe8'
mem[0xf7ff41d3] = '\x91'
mem[0xf7ff41d4] = '\x05'
mem[0xf7ff41d5] = '\x00'
mem[0xf7ff41d6] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd030)
value = cs.new_bitvec(8)
cs.add(value == 0xd7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd031)
value = cs.new_bitvec(8)
cs.add(value == 0x41)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd032)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd033)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd034)
value = cs.new_bitvec(8)
cs.add(value == 0x44)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd035)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd036)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd037)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd038)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0xf7ff41d2
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd088)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd034)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff41d2, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff41d3, 8)== ord('\x91'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff41d4, 8)== ord('\x05'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff41d5, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff41d6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd030, 8)== ord('\xd7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd031, 8)== ord('A'))
condition = Operators.AND(condition, cpu.read_int(0xffffd032, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd033, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd034, 8)== ord('D'))
condition = Operators.AND(condition, cpu.read_int(0xffffd035, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd036, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd037, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd038, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4768)
condition = Operators.AND(condition, cpu.EBP == 0xffffd088)
condition = Operators.AND(condition, cpu.ESP == 0xffffd030)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CALL_6_symbolic(self):
''' Instruction CALL_6
Groups: call, not64bitmode
0xf7fe568c: call 0xf7ff4768
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd380)
value = cs.new_bitvec(8)
cs.add(value == 0xe8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd381)
value = cs.new_bitvec(8)
cs.add(value == 0xd3)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd382)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd383)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd384)
value = cs.new_bitvec(8)
cs.add(value == 0xb8)
mem[addr] = value
mem[0xf7fe568c] = '\xe8'
mem[0xf7fe568d] = '\xd7'
mem[0xf7fe568e] = '\xf0'
mem[0xf7fe568f] = '\x00'
mem[0xf7fe5690] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37c)
value = cs.new_bitvec(8)
cs.add(value == 0x7a)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37d)
value = cs.new_bitvec(8)
cs.add(value == 0x57)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37e)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe568c
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd438)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd380)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd380, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd381, 8)== ord('\xd3'))
condition = Operators.AND(condition, cpu.read_int(0xffffd382, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd383, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd384, 8)== ord('\xb8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe568c, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe568d, 8)== ord('\xd7'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe568e, 8)== ord('\xf0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe568f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe5690, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37c, 8)== ord('\x91'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37d, 8)== ord('V'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37e, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4768)
condition = Operators.AND(condition, cpu.EBP == 0xffffd438)
condition = Operators.AND(condition, cpu.ESP == 0xffffd37c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CALL_7_symbolic(self):
''' Instruction CALL_7
Groups: call, not64bitmode
0xf7fe72f3: call 0xf7fe5670
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd440)
value = cs.new_bitvec(8)
cs.add(value == 0x10)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd441)
value = cs.new_bitvec(8)
cs.add(value == 0xaa)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd442)
value = cs.new_bitvec(8)
cs.add(value == 0xfd)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd443)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd444)
value = cs.new_bitvec(8)
cs.add(value == 0xa8)
mem[addr] = value
mem[0xf7fe72f3] = '\xe8'
mem[0xf7fe72f4] = 'x'
mem[0xf7fe72f5] = '\xe3'
mem[0xf7fe72f6] = '\xff'
mem[0xf7fe72f7] = '\xff'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43c)
value = cs.new_bitvec(8)
cs.add(value == 0xf8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43d)
value = cs.new_bitvec(8)
cs.add(value == 0x72)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43e)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe72f3
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd4f8)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd440)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd440, 8)== ord('\x10'))
condition = Operators.AND(condition, cpu.read_int(0xffffd441, 8)== ord('\xaa'))
condition = Operators.AND(condition, cpu.read_int(0xffffd442, 8)== ord('\xfd'))
condition = Operators.AND(condition, cpu.read_int(0xffffd443, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd444, 8)== ord('\xa8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72f3, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72f4, 8)== ord('x'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72f5, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72f6, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72f7, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43c, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43d, 8)== ord('r'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43e, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe5670)
condition = Operators.AND(condition, cpu.EBP == 0xffffd4f8)
condition = Operators.AND(condition, cpu.ESP == 0xffffd43c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CALL_8_symbolic(self):
''' Instruction CALL_8
Groups: call, not64bitmode
0xf7fe5775: call 0xf7fe4e10
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd380)
value = cs.new_bitvec(8)
cs.add(value == 0xe8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd381)
value = cs.new_bitvec(8)
cs.add(value == 0xd3)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd382)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd383)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd384)
value = cs.new_bitvec(8)
cs.add(value == 0x44)
mem[addr] = value
mem[0xf7fe5775] = '\xe8'
mem[0xf7fe5776] = '\x96'
mem[0xf7fe5777] = '\xf6'
mem[0xf7fe5778] = '\xff'
mem[0xf7fe5779] = '\xff'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37c)
value = cs.new_bitvec(8)
cs.add(value == 0x91)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37d)
value = cs.new_bitvec(8)
cs.add(value == 0x56)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37e)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe5775
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd438)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd380)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd380, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd381, 8)== ord('\xd3'))
condition = Operators.AND(condition, cpu.read_int(0xffffd382, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd383, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd384, 8)== ord('D'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe5775, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe5776, 8)== ord('\x96'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe5777, 8)== ord('\xf6'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe5778, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe5779, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37c, 8)== ord('z'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37d, 8)== ord('W'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37e, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4e10)
condition = Operators.AND(condition, cpu.EBP == 0xffffd438)
condition = Operators.AND(condition, cpu.ESP == 0xffffd37c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CALL_9_symbolic(self):
''' Instruction CALL_9
Groups: call, not64bitmode
0xf7fe72f3: call 0xf7fe5670
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd440)
value = cs.new_bitvec(8)
cs.add(value == 0x10)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd441)
value = cs.new_bitvec(8)
cs.add(value == 0xaa)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd442)
value = cs.new_bitvec(8)
cs.add(value == 0xfd)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd443)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd444)
value = cs.new_bitvec(8)
cs.add(value == 0xa8)
mem[addr] = value
mem[0xf7fe72f3] = '\xe8'
mem[0xf7fe72f4] = 'x'
mem[0xf7fe72f5] = '\xe3'
mem[0xf7fe72f6] = '\xff'
mem[0xf7fe72f7] = '\xff'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43c)
value = cs.new_bitvec(8)
cs.add(value == 0xf8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43d)
value = cs.new_bitvec(8)
cs.add(value == 0x72)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43e)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe72f3
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd4f8)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd440)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd440, 8)== ord('\x10'))
condition = Operators.AND(condition, cpu.read_int(0xffffd441, 8)== ord('\xaa'))
condition = Operators.AND(condition, cpu.read_int(0xffffd442, 8)== ord('\xfd'))
condition = Operators.AND(condition, cpu.read_int(0xffffd443, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd444, 8)== ord('\xa8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72f3, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72f4, 8)== ord('x'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72f5, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72f6, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72f7, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43c, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43d, 8)== ord('r'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43e, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe5670)
condition = Operators.AND(condition, cpu.EBP == 0xffffd4f8)
condition = Operators.AND(condition, cpu.ESP == 0xffffd43c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CBW_1_symbolic(self):
''' Instruction CBW_1
Groups:
0x8060d84: cbw
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08060000, 0x1000, 'rwx')
mem[0x8060d84] = 'f'
mem[0x8060d85] = '\x98'
cpu.EIP = 0x8060d84
cpu.AX = cs.new_bitvec(16)
cs.add(cpu.AX == 0xeb)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8060d84, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8060d85, 8)== ord('\x98'))
condition = Operators.AND(condition, cpu.EIP == 0x8060d86)
condition = Operators.AND(condition, cpu.AX == 0xffeb)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CDQ_1_symbolic(self):
''' Instruction CDQ_1
Groups:
0x804d63b: cdq
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x804d63b] = '\x99'
cpu.EIP = 0x804d63b
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf0)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xeb6eb6eb)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804d63b, 8)== ord('\x99'))
condition = Operators.AND(condition, cpu.EIP == 0x804d63c)
condition = Operators.AND(condition, cpu.EDX == 0xffffffff)
condition = Operators.AND(condition, cpu.EAX == 0xeb6eb6eb)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CDQ_2_symbolic(self):
''' Instruction CDQ_2
Groups:
0x80702fa: cdq
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x80702fa] = '\x99'
cpu.EIP = 0x80702fa
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xfa)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xffffecf8)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80702fa, 8)== ord('\x99'))
condition = Operators.AND(condition, cpu.EIP == 0x80702fb)
condition = Operators.AND(condition, cpu.EDX == 0xffffffff)
condition = Operators.AND(condition, cpu.EAX == 0xffffecf8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CLC_1_symbolic(self):
''' Instruction CLC_1
Groups:
0x80701bc: clc
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x80701bc] = '\xf8'
cpu.EIP = 0x80701bc
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80701bc, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.EIP == 0x80701bd)
condition = Operators.AND(condition, cpu.CF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CLD_1_symbolic(self):
''' Instruction CLD_1
Groups:
0xf7ff4540: cld
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4540] = '\xfc'
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0xf7ff4540
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff4540, 8)== ord('\xfc'))
condition = Operators.AND(condition, cpu.DF == False)
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4541)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CLD_10_symbolic(self):
''' Instruction CLD_10
Groups:
0xf7ff4540: cld
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4540] = '\xfc'
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0xf7ff4540
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff4540, 8)== ord('\xfc'))
condition = Operators.AND(condition, cpu.DF == False)
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4541)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CLD_11_symbolic(self):
''' Instruction CLD_11
Groups:
0xf7ff4607: cld
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4607] = '\xfc'
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0xf7ff4607
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff4607, 8)== ord('\xfc'))
condition = Operators.AND(condition, cpu.DF == False)
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4608)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CLD_12_symbolic(self):
''' Instruction CLD_12
Groups:
0xf7ff4607: cld
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4607] = '\xfc'
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0xf7ff4607
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff4607, 8)== ord('\xfc'))
condition = Operators.AND(condition, cpu.DF == False)
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4608)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CLD_13_symbolic(self):
''' Instruction CLD_13
Groups:
0xf7ff4540: cld
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4540] = '\xfc'
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0xf7ff4540
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff4540, 8)== ord('\xfc'))
condition = Operators.AND(condition, cpu.DF == False)
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4541)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CLD_14_symbolic(self):
''' Instruction CLD_14
Groups:
0xf7ff4540: cld
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4540] = '\xfc'
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0xf7ff4540
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff4540, 8)== ord('\xfc'))
condition = Operators.AND(condition, cpu.DF == False)
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4541)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CLD_15_symbolic(self):
''' Instruction CLD_15
Groups:
0xf7ff4540: cld
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4540] = '\xfc'
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0xf7ff4540
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff4540, 8)== ord('\xfc'))
condition = Operators.AND(condition, cpu.DF == False)
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4541)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CLD_16_symbolic(self):
''' Instruction CLD_16
Groups:
0xf7ff4607: cld
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4607] = '\xfc'
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0xf7ff4607
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff4607, 8)== ord('\xfc'))
condition = Operators.AND(condition, cpu.DF == False)
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4608)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CLD_17_symbolic(self):
''' Instruction CLD_17
Groups:
0xf7ff4607: cld
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4607] = '\xfc'
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0xf7ff4607
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff4607, 8)== ord('\xfc'))
condition = Operators.AND(condition, cpu.DF == False)
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4608)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CLD_18_symbolic(self):
''' Instruction CLD_18
Groups:
0xf7ff44e0: cld
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff44e0] = '\xfc'
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0xf7ff44e0
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff44e0, 8)== ord('\xfc'))
condition = Operators.AND(condition, cpu.DF == False)
condition = Operators.AND(condition, cpu.EIP == 0xf7ff44e1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CLD_19_symbolic(self):
''' Instruction CLD_19
Groups:
0xf7ff4540: cld
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4540] = '\xfc'
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0xf7ff4540
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff4540, 8)== ord('\xfc'))
condition = Operators.AND(condition, cpu.DF == False)
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4541)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CLD_2_symbolic(self):
''' Instruction CLD_2
Groups:
0xf7ff4540: cld
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4540] = '\xfc'
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0xf7ff4540
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff4540, 8)== ord('\xfc'))
condition = Operators.AND(condition, cpu.DF == False)
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4541)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CLD_20_symbolic(self):
''' Instruction CLD_20
Groups:
0xf7ff4540: cld
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4540] = '\xfc'
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0xf7ff4540
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff4540, 8)== ord('\xfc'))
condition = Operators.AND(condition, cpu.DF == False)
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4541)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CLD_21_symbolic(self):
''' Instruction CLD_21
Groups:
0xf7ff4540: cld
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4540] = '\xfc'
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0xf7ff4540
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff4540, 8)== ord('\xfc'))
condition = Operators.AND(condition, cpu.DF == False)
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4541)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CLD_3_symbolic(self):
''' Instruction CLD_3
Groups:
0xf7ff44e0: cld
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff44e0] = '\xfc'
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0xf7ff44e0
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff44e0, 8)== ord('\xfc'))
condition = Operators.AND(condition, cpu.DF == False)
condition = Operators.AND(condition, cpu.EIP == 0xf7ff44e1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CLD_4_symbolic(self):
''' Instruction CLD_4
Groups:
0xf7ff4540: cld
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4540] = '\xfc'
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0xf7ff4540
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff4540, 8)== ord('\xfc'))
condition = Operators.AND(condition, cpu.DF == False)
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4541)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CLD_5_symbolic(self):
''' Instruction CLD_5
Groups:
0xf7ff4607: cld
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4607] = '\xfc'
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0xf7ff4607
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff4607, 8)== ord('\xfc'))
condition = Operators.AND(condition, cpu.DF == False)
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4608)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CLD_6_symbolic(self):
''' Instruction CLD_6
Groups:
0xf7ff44e0: cld
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff44e0] = '\xfc'
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0xf7ff44e0
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff44e0, 8)== ord('\xfc'))
condition = Operators.AND(condition, cpu.DF == False)
condition = Operators.AND(condition, cpu.EIP == 0xf7ff44e1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CLD_7_symbolic(self):
''' Instruction CLD_7
Groups:
0xf7ff4607: cld
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4607] = '\xfc'
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0xf7ff4607
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff4607, 8)== ord('\xfc'))
condition = Operators.AND(condition, cpu.DF == False)
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4608)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CLD_8_symbolic(self):
''' Instruction CLD_8
Groups:
0x807019f: cld
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x807019f] = '\xfc'
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0x807019f
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807019f, 8)== ord('\xfc'))
condition = Operators.AND(condition, cpu.DF == False)
condition = Operators.AND(condition, cpu.EIP == 0x80701a0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CLD_9_symbolic(self):
''' Instruction CLD_9
Groups:
0xf7ff4607: cld
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4607] = '\xfc'
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0xf7ff4607
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff4607, 8)== ord('\xfc'))
condition = Operators.AND(condition, cpu.DF == False)
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4608)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVAE_1_symbolic(self):
''' Instruction CMOVAE_1
Groups: cmov
0xf7fec1d5: cmovae eax, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec1d5] = '\x0f'
mem[0xf7fec1d6] = 'C'
mem[0xf7fec1d7] = '\xc1'
cpu.EIP = 0xf7fec1d5
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x2)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fec1d5, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec1d6, 8)== ord('C'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec1d7, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fec1d8)
condition = Operators.AND(condition, cpu.ECX == 0x0)
condition = Operators.AND(condition, cpu.EAX == 0x2)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVAE_10_symbolic(self):
''' Instruction CMOVAE_10
Groups: cmov
0xf7fec1d5: cmovae eax, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec1d5] = '\x0f'
mem[0xf7fec1d6] = 'C'
mem[0xf7fec1d7] = '\xc1'
cpu.EIP = 0xf7fec1d5
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x23)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x24)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fec1d5, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec1d6, 8)== ord('C'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec1d7, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fec1d8)
condition = Operators.AND(condition, cpu.ECX == 0x24)
condition = Operators.AND(condition, cpu.EAX == 0x24)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVAE_11_symbolic(self):
''' Instruction CMOVAE_11
Groups: cmov
0xf7fec2ae: cmovae edx, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec2b0] = '\xd1'
mem[0xf7fec2ae] = '\x0f'
mem[0xf7fec2af] = 'C'
cpu.EIP = 0xf7fec2ae
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x1)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fec2b0, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec2ae, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec2af, 8)== ord('C'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fec2b1)
condition = Operators.AND(condition, cpu.EDX == 0x1)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVAE_12_symbolic(self):
''' Instruction CMOVAE_12
Groups: cmov
0x8048431: cmovae cx, word ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8048431] = 'f'
mem[0x8048432] = '\x0f'
mem[0x8048433] = 'C'
mem[0x8048434] = 'M'
mem[0x8048435] = '\x00'
cpu.EIP = 0x8048431
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x6ff0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8048431, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8048432, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8048433, 8)== ord('C'))
condition = Operators.AND(condition, cpu.read_int(0x8048434, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x8048435, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8048436)
condition = Operators.AND(condition, cpu.CX == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVAE_2_symbolic(self):
''' Instruction CMOVAE_2
Groups: cmov
0x8048439: cmovae ecx, dword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8048439] = '\x0f'
mem[0x804843a] = 'C'
mem[0x804843b] = 'M'
mem[0x804843c] = '\x00'
cpu.EIP = 0x8048439
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xe6fe6ff0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8048439, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804843a, 8)== ord('C'))
condition = Operators.AND(condition, cpu.read_int(0x804843b, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x804843c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x804843d)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVAE_3_symbolic(self):
''' Instruction CMOVAE_3
Groups: cmov
0xf7fec1d5: cmovae eax, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec1d5] = '\x0f'
mem[0xf7fec1d6] = 'C'
mem[0xf7fec1d7] = '\xc1'
cpu.EIP = 0xf7fec1d5
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x22)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x24)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fec1d5, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec1d6, 8)== ord('C'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec1d7, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fec1d8)
condition = Operators.AND(condition, cpu.ECX == 0x24)
condition = Operators.AND(condition, cpu.EAX == 0x24)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVAE_4_symbolic(self):
''' Instruction CMOVAE_4
Groups: cmov
0xf7fec2ae: cmovae edx, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec2b0] = '\xd1'
mem[0xf7fec2ae] = '\x0f'
mem[0xf7fec2af] = 'C'
cpu.EIP = 0xf7fec2ae
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x1)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fec2b0, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec2ae, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec2af, 8)== ord('C'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fec2b1)
condition = Operators.AND(condition, cpu.EDX == 0x1)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVAE_5_symbolic(self):
''' Instruction CMOVAE_5
Groups: cmov
0xf7fec1d5: cmovae eax, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec1d5] = '\x0f'
mem[0xf7fec1d6] = 'C'
mem[0xf7fec1d7] = '\xc1'
cpu.EIP = 0xf7fec1d5
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x24)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fec1d5, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec1d6, 8)== ord('C'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec1d7, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fec1d8)
condition = Operators.AND(condition, cpu.ECX == 0x0)
condition = Operators.AND(condition, cpu.EAX == 0x24)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVAE_6_symbolic(self):
''' Instruction CMOVAE_6
Groups: cmov
0xf7fed76a: cmovae edx, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fed000, 0x1000, 'rwx')
mem[0xf7fed76a] = '\x0f'
mem[0xf7fed76b] = 'C'
mem[0xf7fed76c] = '\xd1'
cpu.EIP = 0xf7fed76a
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x1)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fed76a, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed76b, 8)== ord('C'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed76c, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fed76d)
condition = Operators.AND(condition, cpu.EDX == 0x1)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVAE_7_symbolic(self):
''' Instruction CMOVAE_7
Groups: cmov
0x804842d: cmovae cx, dx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem[0x8048430] = '\xca'
mem[0x804842d] = 'f'
mem[0x804842e] = '\x0f'
mem[0x804842f] = 'C'
cpu.EIP = 0x804842d
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x0)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.DX = cs.new_bitvec(16)
cs.add(cpu.DX == 0x6ff0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8048430, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.read_int(0x804842d, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x804842e, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804842f, 8)== ord('C'))
condition = Operators.AND(condition, cpu.EIP == 0x8048431)
condition = Operators.AND(condition, cpu.CX == 0x6ff0)
condition = Operators.AND(condition, cpu.DX == 0x6ff0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVAE_8_symbolic(self):
''' Instruction CMOVAE_8
Groups: cmov
0xf7fec2ae: cmovae edx, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec2b0] = '\xd1'
mem[0xf7fec2ae] = '\x0f'
mem[0xf7fec2af] = 'C'
cpu.EIP = 0xf7fec2ae
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x1)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x24)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fec2b0, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec2ae, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec2af, 8)== ord('C'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fec2b1)
condition = Operators.AND(condition, cpu.EDX == 0x24)
condition = Operators.AND(condition, cpu.ECX == 0x24)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVAE_9_symbolic(self):
''' Instruction CMOVAE_9
Groups: cmov
0x8048436: cmovae ecx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem[0x8048438] = '\xca'
mem[0x8048436] = '\x0f'
mem[0x8048437] = 'C'
cpu.EIP = 0x8048436
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xe6fe6ff0)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8048438, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.read_int(0x8048436, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8048437, 8)== ord('C'))
condition = Operators.AND(condition, cpu.EIP == 0x8048439)
condition = Operators.AND(condition, cpu.EDX == 0xe6fe6ff0)
condition = Operators.AND(condition, cpu.ECX == 0xe6fe6ff0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVA_1_symbolic(self):
''' Instruction CMOVA_1
Groups: cmov
0xf7fe231d: cmova edx, dword ptr [ebp - 0x9c]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe2000, 0x1000, 'rwx')
mem.mmap(0xffffc000, 0x1000, 'rwx')
mem[0xf7fe231d] = '\x0f'
mem[0xf7fe231e] = 'G'
mem[0xf7fe231f] = '\x95'
mem[0xf7fe2320] = 'd'
mem[0xf7fe2321] = '\xff'
mem[0xf7fe2322] = '\xff'
mem[0xf7fe2323] = '\xff'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffcfec)
value = cs.new_bitvec(8)
cs.add(value == 0x7c)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffcfed)
value = cs.new_bitvec(8)
cs.add(value == 0x3a)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffcfee)
value = cs.new_bitvec(8)
cs.add(value == 0xfc)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffcfef)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe231d
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd088)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7fc1000)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe231d, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe231e, 8)== ord('G'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe231f, 8)== ord('\x95'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe2320, 8)== ord('d'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe2321, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe2322, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe2323, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffcfec, 8)== ord('|'))
condition = Operators.AND(condition, cpu.read_int(0xffffcfed, 8)== ord(':'))
condition = Operators.AND(condition, cpu.read_int(0xffffcfee, 8)== ord('\xfc'))
condition = Operators.AND(condition, cpu.read_int(0xffffcfef, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe2324)
condition = Operators.AND(condition, cpu.EDX == 0xf7fc1000)
condition = Operators.AND(condition, cpu.EBP == 0xffffd088)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVA_2_symbolic(self):
''' Instruction CMOVA_2
Groups: cmov
0x804d67b: cmova cx, dx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x804d67b] = 'f'
mem[0x804d67c] = '\x0f'
mem[0x804d67d] = 'G'
mem[0x804d67e] = '\xca'
cpu.EIP = 0x804d67b
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x0)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.DX = cs.new_bitvec(16)
cs.add(cpu.DX == 0xffff)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804d67b, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x804d67c, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d67d, 8)== ord('G'))
condition = Operators.AND(condition, cpu.read_int(0x804d67e, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0x804d67f)
condition = Operators.AND(condition, cpu.CX == 0x0)
condition = Operators.AND(condition, cpu.DX == 0xffff)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVA_3_symbolic(self):
''' Instruction CMOVA_3
Groups: cmov
0x804d67f: cmova cx, word ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x804d680] = '\x0f'
mem[0x804d681] = 'G'
mem[0x804d682] = 'M'
mem[0x804d683] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x804d67f] = 'f'
cpu.EIP = 0x804d67f
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804d680, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d681, 8)== ord('G'))
condition = Operators.AND(condition, cpu.read_int(0x804d682, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x804d683, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804d67f, 8)== ord('f'))
condition = Operators.AND(condition, cpu.EIP == 0x804d684)
condition = Operators.AND(condition, cpu.CX == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVA_4_symbolic(self):
''' Instruction CMOVA_4
Groups: cmov
0x804d684: cmova ecx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x804d684] = '\x0f'
mem[0x804d685] = 'G'
mem[0x804d686] = '\xca'
cpu.EIP = 0x804d684
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xffffffff)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804d684, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d685, 8)== ord('G'))
condition = Operators.AND(condition, cpu.read_int(0x804d686, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0x804d687)
condition = Operators.AND(condition, cpu.EDX == 0xffffffff)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVA_5_symbolic(self):
''' Instruction CMOVA_5
Groups: cmov
0x804d687: cmova ecx, dword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x804d687] = '\x0f'
mem[0x804d688] = 'G'
mem[0x804d689] = 'M'
mem[0x804d68a] = '\x00'
cpu.EIP = 0x804d687
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804d687, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d688, 8)== ord('G'))
condition = Operators.AND(condition, cpu.read_int(0x804d689, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x804d68a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x804d68b)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVBE_1_symbolic(self):
''' Instruction CMOVBE_1
Groups: cmov
0x805988d: cmovbe cx, word ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0xf4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0xc9)
mem[addr] = value
mem[0x805988d] = 'f'
mem[0x805988e] = '\x0f'
mem[0x805988f] = 'F'
mem[0x8059890] = 'M'
mem[0x8059891] = '\x00'
cpu.EIP = 0x805988d
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0xc703)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\xf4'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0x805988d, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x805988e, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x805988f, 8)== ord('F'))
condition = Operators.AND(condition, cpu.read_int(0x8059890, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x8059891, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8059892)
condition = Operators.AND(condition, cpu.CX == 0xc703)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVBE_2_symbolic(self):
''' Instruction CMOVBE_2
Groups: cmov
0x8059889: cmovbe cx, dx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x8059889] = 'f'
mem[0x805988a] = '\x0f'
mem[0x805988b] = 'F'
mem[0x805988c] = '\xca'
cpu.EIP = 0x8059889
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0xc703)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.DX = cs.new_bitvec(16)
cs.add(cpu.DX == 0xc8f8)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8059889, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x805988a, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x805988b, 8)== ord('F'))
condition = Operators.AND(condition, cpu.read_int(0x805988c, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0x805988d)
condition = Operators.AND(condition, cpu.CX == 0xc703)
condition = Operators.AND(condition, cpu.DX == 0xc8f8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVBE_3_symbolic(self):
''' Instruction CMOVBE_3
Groups: cmov
0x8059892: cmovbe ecx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x8059892] = '\x0f'
mem[0x8059893] = 'F'
mem[0x8059894] = '\xca'
cpu.EIP = 0x8059892
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xc8f8)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xffffc703)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8059892, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8059893, 8)== ord('F'))
condition = Operators.AND(condition, cpu.read_int(0x8059894, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0x8059895)
condition = Operators.AND(condition, cpu.EDX == 0xc8f8)
condition = Operators.AND(condition, cpu.ECX == 0xffffc703)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVBE_4_symbolic(self):
''' Instruction CMOVBE_4
Groups: cmov
0xf7fe6d28: cmovbe edx, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe6d28] = '\x0f'
mem[0xf7fe6d29] = 'F'
mem[0xf7fe6d2a] = '\xd1'
cpu.EIP = 0xf7fe6d28
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x4e5)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x542)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe6d28, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe6d29, 8)== ord('F'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe6d2a, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe6d2b)
condition = Operators.AND(condition, cpu.EDX == 0x4e5)
condition = Operators.AND(condition, cpu.ECX == 0x542)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVBE_5_symbolic(self):
''' Instruction CMOVBE_5
Groups: cmov
0xf7fe6d28: cmovbe edx, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe6d28] = '\x0f'
mem[0xf7fe6d29] = 'F'
mem[0xf7fe6d2a] = '\xd1'
cpu.EIP = 0xf7fe6d28
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xb)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xe)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe6d28, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe6d29, 8)== ord('F'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe6d2a, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe6d2b)
condition = Operators.AND(condition, cpu.EDX == 0xb)
condition = Operators.AND(condition, cpu.ECX == 0xe)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVBE_6_symbolic(self):
''' Instruction CMOVBE_6
Groups: cmov
0xf7fe0a66: cmovbe eax, esi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe0000, 0x1000, 'rwx')
mem[0xf7fe0a68] = '\xc6'
mem[0xf7fe0a66] = '\x0f'
mem[0xf7fe0a67] = 'F'
cpu.EIP = 0xf7fe0a66
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xe)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xb)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe0a68, 8)== ord('\xc6'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe0a66, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe0a67, 8)== ord('F'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe0a69)
condition = Operators.AND(condition, cpu.ESI == 0xe)
condition = Operators.AND(condition, cpu.EAX == 0xb)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVBE_7_symbolic(self):
''' Instruction CMOVBE_7
Groups: cmov
0x8059895: cmovbe ecx, dword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0xf4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0xc9)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8059895] = '\x0f'
mem[0x8059896] = 'F'
mem[0x8059897] = 'M'
mem[0x8059898] = '\x00'
cpu.EIP = 0x8059895
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xffffc703)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\xf4'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8059895, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8059896, 8)== ord('F'))
condition = Operators.AND(condition, cpu.read_int(0x8059897, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x8059898, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8059899)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.ECX == 0xffffc703)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVB_1_symbolic(self):
''' Instruction CMOVB_1
Groups: cmov
0xf7ff3e81: cmovb eax, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e81] = '\x0f'
mem[0xf7ff3e82] = 'B'
mem[0xf7ff3e83] = '\xc1'
cpu.EIP = 0xf7ff3e81
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x1)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xffffffff)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e81, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e82, 8)== ord('B'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e83, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e84)
condition = Operators.AND(condition, cpu.ECX == 0xffffffff)
condition = Operators.AND(condition, cpu.EAX == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVB_10_symbolic(self):
''' Instruction CMOVB_10
Groups: cmov
0xf7ff3e81: cmovb eax, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e81] = '\x0f'
mem[0xf7ff3e82] = 'B'
mem[0xf7ff3e83] = '\xc1'
cpu.EIP = 0xf7ff3e81
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x1)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xffffffff)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e81, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e82, 8)== ord('B'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e83, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e84)
condition = Operators.AND(condition, cpu.ECX == 0xffffffff)
condition = Operators.AND(condition, cpu.EAX == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVB_11_symbolic(self):
''' Instruction CMOVB_11
Groups: cmov
0xf7ff3e81: cmovb eax, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e81] = '\x0f'
mem[0xf7ff3e82] = 'B'
mem[0xf7ff3e83] = '\xc1'
cpu.EIP = 0xf7ff3e81
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x1)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xffffffff)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e81, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e82, 8)== ord('B'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e83, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e84)
condition = Operators.AND(condition, cpu.ECX == 0xffffffff)
condition = Operators.AND(condition, cpu.EAX == 0xffffffff)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVB_12_symbolic(self):
''' Instruction CMOVB_12
Groups: cmov
0xf7ff3e81: cmovb eax, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e81] = '\x0f'
mem[0xf7ff3e82] = 'B'
mem[0xf7ff3e83] = '\xc1'
cpu.EIP = 0xf7ff3e81
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x1)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xffffffff)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e81, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e82, 8)== ord('B'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e83, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e84)
condition = Operators.AND(condition, cpu.ECX == 0xffffffff)
condition = Operators.AND(condition, cpu.EAX == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVB_13_symbolic(self):
''' Instruction CMOVB_13
Groups: cmov
0xf7fec2ce: cmovb ecx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec2d0] = '\xca'
mem[0xf7fec2ce] = '\x0f'
mem[0xf7fec2cf] = 'B'
cpu.EIP = 0xf7fec2ce
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x9)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x24)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fec2d0, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec2ce, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec2cf, 8)== ord('B'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fec2d1)
condition = Operators.AND(condition, cpu.EDX == 0x9)
condition = Operators.AND(condition, cpu.ECX == 0x24)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVB_14_symbolic(self):
''' Instruction CMOVB_14
Groups: cmov
0xf7ff3e81: cmovb eax, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e81] = '\x0f'
mem[0xf7ff3e82] = 'B'
mem[0xf7ff3e83] = '\xc1'
cpu.EIP = 0xf7ff3e81
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x1)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xffffffff)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e81, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e82, 8)== ord('B'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e83, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e84)
condition = Operators.AND(condition, cpu.ECX == 0xffffffff)
condition = Operators.AND(condition, cpu.EAX == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVB_15_symbolic(self):
''' Instruction CMOVB_15
Groups: cmov
0xf7ff3e81: cmovb eax, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e81] = '\x0f'
mem[0xf7ff3e82] = 'B'
mem[0xf7ff3e83] = '\xc1'
cpu.EIP = 0xf7ff3e81
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x1)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xffffffff)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e81, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e82, 8)== ord('B'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e83, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e84)
condition = Operators.AND(condition, cpu.ECX == 0xffffffff)
condition = Operators.AND(condition, cpu.EAX == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVB_16_symbolic(self):
''' Instruction CMOVB_16
Groups: cmov
0x804d68f: cmovb cx, word ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x804d68f] = 'f'
mem[0x804d690] = '\x0f'
mem[0x804d691] = 'B'
mem[0x804d692] = 'M'
mem[0x804d693] = '\x00'
cpu.EIP = 0x804d68f
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804d68f, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x804d690, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d691, 8)== ord('B'))
condition = Operators.AND(condition, cpu.read_int(0x804d692, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x804d693, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x804d694)
condition = Operators.AND(condition, cpu.CX == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVB_17_symbolic(self):
''' Instruction CMOVB_17
Groups: cmov
0xf7fec2ce: cmovb ecx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec2d0] = '\xca'
mem[0xf7fec2ce] = '\x0f'
mem[0xf7fec2cf] = 'B'
cpu.EIP = 0xf7fec2ce
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xc)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x24)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fec2d0, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec2ce, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec2cf, 8)== ord('B'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fec2d1)
condition = Operators.AND(condition, cpu.EDX == 0xc)
condition = Operators.AND(condition, cpu.ECX == 0x24)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVB_18_symbolic(self):
''' Instruction CMOVB_18
Groups: cmov
0xf7fec2ce: cmovb ecx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec2d0] = '\xca'
mem[0xf7fec2ce] = '\x0f'
mem[0xf7fec2cf] = 'B'
cpu.EIP = 0xf7fec2ce
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x12)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x24)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fec2d0, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec2ce, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec2cf, 8)== ord('B'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fec2d1)
condition = Operators.AND(condition, cpu.EDX == 0x12)
condition = Operators.AND(condition, cpu.ECX == 0x24)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVB_19_symbolic(self):
''' Instruction CMOVB_19
Groups: cmov
0xf7fec2ce: cmovb ecx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec2d0] = '\xca'
mem[0xf7fec2ce] = '\x0f'
mem[0xf7fec2cf] = 'B'
cpu.EIP = 0xf7fec2ce
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x4)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x3)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fec2d0, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec2ce, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec2cf, 8)== ord('B'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fec2d1)
condition = Operators.AND(condition, cpu.EDX == 0x4)
condition = Operators.AND(condition, cpu.ECX == 0x4)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVB_2_symbolic(self):
''' Instruction CMOVB_2
Groups: cmov
0xf7fec2ce: cmovb ecx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec2d0] = '\xca'
mem[0xf7fec2ce] = '\x0f'
mem[0xf7fec2cf] = 'B'
cpu.EIP = 0xf7fec2ce
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x1e)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x24)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fec2d0, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec2ce, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec2cf, 8)== ord('B'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fec2d1)
condition = Operators.AND(condition, cpu.EDX == 0x1e)
condition = Operators.AND(condition, cpu.ECX == 0x24)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVB_20_symbolic(self):
''' Instruction CMOVB_20
Groups: cmov
0xf7ff3e81: cmovb eax, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e81] = '\x0f'
mem[0xf7ff3e82] = 'B'
mem[0xf7ff3e83] = '\xc1'
cpu.EIP = 0xf7ff3e81
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x1)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xffffffff)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e81, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e82, 8)== ord('B'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e83, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e84)
condition = Operators.AND(condition, cpu.ECX == 0xffffffff)
condition = Operators.AND(condition, cpu.EAX == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVB_21_symbolic(self):
''' Instruction CMOVB_21
Groups: cmov
0xf7fec2ce: cmovb ecx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec2d0] = '\xca'
mem[0xf7fec2ce] = '\x0f'
mem[0xf7fec2cf] = 'B'
cpu.EIP = 0xf7fec2ce
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x2)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x1)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fec2d0, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec2ce, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec2cf, 8)== ord('B'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fec2d1)
condition = Operators.AND(condition, cpu.EDX == 0x2)
condition = Operators.AND(condition, cpu.ECX == 0x2)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVB_3_symbolic(self):
''' Instruction CMOVB_3
Groups: cmov
0xf7ff3e81: cmovb eax, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e81] = '\x0f'
mem[0xf7ff3e82] = 'B'
mem[0xf7ff3e83] = '\xc1'
cpu.EIP = 0xf7ff3e81
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x1)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xffffffff)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e81, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e82, 8)== ord('B'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e83, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e84)
condition = Operators.AND(condition, cpu.ECX == 0xffffffff)
condition = Operators.AND(condition, cpu.EAX == 0xffffffff)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVB_4_symbolic(self):
''' Instruction CMOVB_4
Groups: cmov
0xf7ff3e81: cmovb eax, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e81] = '\x0f'
mem[0xf7ff3e82] = 'B'
mem[0xf7ff3e83] = '\xc1'
cpu.EIP = 0xf7ff3e81
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x1)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xffffffff)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e81, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e82, 8)== ord('B'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e83, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e84)
condition = Operators.AND(condition, cpu.ECX == 0xffffffff)
condition = Operators.AND(condition, cpu.EAX == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVB_5_symbolic(self):
''' Instruction CMOVB_5
Groups: cmov
0xf7fec2ce: cmovb ecx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec2d0] = '\xca'
mem[0xf7fec2ce] = '\x0f'
mem[0xf7fec2cf] = 'B'
cpu.EIP = 0xf7fec2ce
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x20)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x24)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fec2d0, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec2ce, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec2cf, 8)== ord('B'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fec2d1)
condition = Operators.AND(condition, cpu.EDX == 0x20)
condition = Operators.AND(condition, cpu.ECX == 0x24)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVB_6_symbolic(self):
''' Instruction CMOVB_6
Groups: cmov
0xf7fec2ce: cmovb ecx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec2d0] = '\xca'
mem[0xf7fec2ce] = '\x0f'
mem[0xf7fec2cf] = 'B'
cpu.EIP = 0xf7fec2ce
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x8)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x24)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fec2d0, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec2ce, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec2cf, 8)== ord('B'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fec2d1)
condition = Operators.AND(condition, cpu.EDX == 0x8)
condition = Operators.AND(condition, cpu.ECX == 0x24)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVB_7_symbolic(self):
''' Instruction CMOVB_7
Groups: cmov
0xf7ff3e81: cmovb eax, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e81] = '\x0f'
mem[0xf7ff3e82] = 'B'
mem[0xf7ff3e83] = '\xc1'
cpu.EIP = 0xf7ff3e81
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x1)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xffffffff)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e81, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e82, 8)== ord('B'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e83, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e84)
condition = Operators.AND(condition, cpu.ECX == 0xffffffff)
condition = Operators.AND(condition, cpu.EAX == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVB_8_symbolic(self):
''' Instruction CMOVB_8
Groups: cmov
0xf7ff3e81: cmovb eax, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e81] = '\x0f'
mem[0xf7ff3e82] = 'B'
mem[0xf7ff3e83] = '\xc1'
cpu.EIP = 0xf7ff3e81
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x1)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xffffffff)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e81, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e82, 8)== ord('B'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e83, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e84)
condition = Operators.AND(condition, cpu.ECX == 0xffffffff)
condition = Operators.AND(condition, cpu.EAX == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVB_9_symbolic(self):
''' Instruction CMOVB_9
Groups: cmov
0xf7fec2ce: cmovb ecx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec2d0] = '\xca'
mem[0xf7fec2ce] = '\x0f'
mem[0xf7fec2cf] = 'B'
cpu.EIP = 0xf7fec2ce
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x1b)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x24)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fec2d0, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec2ce, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec2cf, 8)== ord('B'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fec2d1)
condition = Operators.AND(condition, cpu.EDX == 0x1b)
condition = Operators.AND(condition, cpu.ECX == 0x24)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVE_1_symbolic(self):
''' Instruction CMOVE_1
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7fdaba8)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe72c0, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72be, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72bf, 8)== ord('D'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe72c1)
condition = Operators.AND(condition, cpu.EDX == 0xf7fdaba8)
condition = Operators.AND(condition, cpu.EAX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVE_10_symbolic(self):
''' Instruction CMOVE_10
Groups: cmov
0x804d62b: cmove cx, dx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x804d62b] = 'f'
mem[0x804d62c] = '\x0f'
mem[0x804d62d] = 'D'
mem[0x804d62e] = '\xca'
cpu.EIP = 0x804d62b
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x0)
cpu.DX = cs.new_bitvec(16)
cs.add(cpu.DX == 0xf0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804d62b, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x804d62c, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d62d, 8)== ord('D'))
condition = Operators.AND(condition, cpu.read_int(0x804d62e, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0x804d62f)
condition = Operators.AND(condition, cpu.CX == 0xf0)
condition = Operators.AND(condition, cpu.DX == 0xf0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVE_11_symbolic(self):
''' Instruction CMOVE_11
Groups: cmov
0x804d637: cmove ecx, dword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x804d637] = '\x0f'
mem[0x804d638] = 'D'
mem[0x804d639] = 'M'
mem[0x804d63a] = '\x00'
cpu.EIP = 0x804d637
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804d637, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d638, 8)== ord('D'))
condition = Operators.AND(condition, cpu.read_int(0x804d639, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x804d63a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x804d63b)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVE_12_symbolic(self):
''' Instruction CMOVE_12
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7fdabf8)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe72c0, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72be, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72bf, 8)== ord('D'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe72c1)
condition = Operators.AND(condition, cpu.EDX == 0xf7fdabf8)
condition = Operators.AND(condition, cpu.EAX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVE_13_symbolic(self):
''' Instruction CMOVE_13
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7fdadb8)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe72c0, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72be, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72bf, 8)== ord('D'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe72c1)
condition = Operators.AND(condition, cpu.EDX == 0xf7fdadb8)
condition = Operators.AND(condition, cpu.EAX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVE_14_symbolic(self):
''' Instruction CMOVE_14
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7fdaba8)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe72c0, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72be, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72bf, 8)== ord('D'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe72c1)
condition = Operators.AND(condition, cpu.EDX == 0xf7fdaba8)
condition = Operators.AND(condition, cpu.EAX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVE_15_symbolic(self):
''' Instruction CMOVE_15
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7fdabb8)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe72c0, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72be, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72bf, 8)== ord('D'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe72c1)
condition = Operators.AND(condition, cpu.EDX == 0xf7fdabb8)
condition = Operators.AND(condition, cpu.EAX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVE_16_symbolic(self):
''' Instruction CMOVE_16
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7fdaba8)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe72c0, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72be, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72bf, 8)== ord('D'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe72c1)
condition = Operators.AND(condition, cpu.EDX == 0xf7fdaba8)
condition = Operators.AND(condition, cpu.EAX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVE_17_symbolic(self):
''' Instruction CMOVE_17
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7fdadf8)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe72c0, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72be, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72bf, 8)== ord('D'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe72c1)
condition = Operators.AND(condition, cpu.EDX == 0xf7fdadf8)
condition = Operators.AND(condition, cpu.EAX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVE_18_symbolic(self):
''' Instruction CMOVE_18
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7fdaba8)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe72c0, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72be, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72bf, 8)== ord('D'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe72c1)
condition = Operators.AND(condition, cpu.EDX == 0xf7fdaba8)
condition = Operators.AND(condition, cpu.EAX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVE_19_symbolic(self):
''' Instruction CMOVE_19
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7fdabb8)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe72c0, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72be, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72bf, 8)== ord('D'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe72c1)
condition = Operators.AND(condition, cpu.EDX == 0xf7fdabb8)
condition = Operators.AND(condition, cpu.EAX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVE_2_symbolic(self):
''' Instruction CMOVE_2
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7fdaba8)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe72c0, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72be, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72bf, 8)== ord('D'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe72c1)
condition = Operators.AND(condition, cpu.EDX == 0xf7fdaba8)
condition = Operators.AND(condition, cpu.EAX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVE_20_symbolic(self):
''' Instruction CMOVE_20
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7fdadf8)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe72c0, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72be, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72bf, 8)== ord('D'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe72c1)
condition = Operators.AND(condition, cpu.EDX == 0xf7fdadf8)
condition = Operators.AND(condition, cpu.EAX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVE_21_symbolic(self):
''' Instruction CMOVE_21
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7fdaba8)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe72c0, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72be, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72bf, 8)== ord('D'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe72c1)
condition = Operators.AND(condition, cpu.EDX == 0xf7fdaba8)
condition = Operators.AND(condition, cpu.EAX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVE_3_symbolic(self):
''' Instruction CMOVE_3
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7fdaba8)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe72c0, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72be, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72bf, 8)== ord('D'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe72c1)
condition = Operators.AND(condition, cpu.EDX == 0xf7fdaba8)
condition = Operators.AND(condition, cpu.EAX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVE_4_symbolic(self):
''' Instruction CMOVE_4
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7fdaba8)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe72c0, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72be, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72bf, 8)== ord('D'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe72c1)
condition = Operators.AND(condition, cpu.EDX == 0xf7fdaba8)
condition = Operators.AND(condition, cpu.EAX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVE_5_symbolic(self):
''' Instruction CMOVE_5
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7fdae38)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe72c0, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72be, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72bf, 8)== ord('D'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe72c1)
condition = Operators.AND(condition, cpu.EDX == 0xf7fdae38)
condition = Operators.AND(condition, cpu.EAX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVE_6_symbolic(self):
''' Instruction CMOVE_6
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7fdaba8)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe72c0, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72be, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72bf, 8)== ord('D'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe72c1)
condition = Operators.AND(condition, cpu.EDX == 0xf7fdaba8)
condition = Operators.AND(condition, cpu.EAX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVE_7_symbolic(self):
''' Instruction CMOVE_7
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7fdaba8)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe72c0, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72be, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72bf, 8)== ord('D'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe72c1)
condition = Operators.AND(condition, cpu.EDX == 0xf7fdaba8)
condition = Operators.AND(condition, cpu.EAX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVE_8_symbolic(self):
''' Instruction CMOVE_8
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7fdabb8)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe72c0, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72be, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72bf, 8)== ord('D'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe72c1)
condition = Operators.AND(condition, cpu.EDX == 0xf7fdabb8)
condition = Operators.AND(condition, cpu.EAX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVE_9_symbolic(self):
''' Instruction CMOVE_9
Groups: cmov
0xf7fe72be: cmove edx, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72c0] = '\xd0'
mem[0xf7fe72be] = '\x0f'
mem[0xf7fe72bf] = 'D'
cpu.EIP = 0xf7fe72be
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7fdabf8)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe72c0, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72be, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72bf, 8)== ord('D'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe72c1)
condition = Operators.AND(condition, cpu.EDX == 0xf7fdabf8)
condition = Operators.AND(condition, cpu.EAX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVGE_1_symbolic(self):
''' Instruction CMOVGE_1
Groups: cmov
0x8079470: cmovge ecx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079470] = '\x0f'
mem[0x8079471] = 'M'
mem[0x8079472] = '\xca'
cpu.EIP = 0x8079470
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xfe8f0085)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079470, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8079471, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x8079472, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0x8079473)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.ECX == 0xfe8f0085)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVGE_2_symbolic(self):
''' Instruction CMOVGE_2
Groups: cmov
0x8079473: cmovge ecx, dword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8079474] = 'M'
mem[0x8079473] = '\x0f'
mem[0x8079476] = '\x00'
mem[0x8079475] = 'M'
cpu.EIP = 0x8079473
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xfe8f0085)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8079474, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x8079473, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8079476, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8079475, 8)== ord('M'))
condition = Operators.AND(condition, cpu.EIP == 0x8079477)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.ECX == 0xfe8f0085)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVGE_3_symbolic(self):
''' Instruction CMOVGE_3
Groups: cmov
0x807946b: cmovge cx, word ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x807946b] = 'f'
mem[0x807946c] = '\x0f'
mem[0x807946d] = 'M'
mem[0x807946e] = 'M'
mem[0x807946f] = '\x00'
cpu.EIP = 0x807946b
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x85)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x807946b, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x807946c, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x807946d, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x807946e, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x807946f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8079470)
condition = Operators.AND(condition, cpu.CX == 0x85)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVGE_4_symbolic(self):
''' Instruction CMOVGE_4
Groups: cmov
0x8079467: cmovge cx, dx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079468] = '\x0f'
mem[0x8079469] = 'M'
mem[0x807946a] = '\xca'
mem[0x8079467] = 'f'
cpu.EIP = 0x8079467
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x85)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.DX = cs.new_bitvec(16)
cs.add(cpu.DX == 0x0)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079468, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8079469, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x807946a, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.read_int(0x8079467, 8)== ord('f'))
condition = Operators.AND(condition, cpu.EIP == 0x807946b)
condition = Operators.AND(condition, cpu.CX == 0x85)
condition = Operators.AND(condition, cpu.DX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVG_1_symbolic(self):
''' Instruction CMOVG_1
Groups: cmov
0x804d69b: cmovg cx, dx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x804d69b] = 'f'
mem[0x804d69c] = '\x0f'
mem[0x804d69d] = 'O'
mem[0x804d69e] = '\xca'
cpu.EIP = 0x804d69b
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x0)
cpu.DX = cs.new_bitvec(16)
cs.add(cpu.DX == 0xffff)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804d69b, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x804d69c, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d69d, 8)== ord('O'))
condition = Operators.AND(condition, cpu.read_int(0x804d69e, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0x804d69f)
condition = Operators.AND(condition, cpu.CX == 0x0)
condition = Operators.AND(condition, cpu.DX == 0xffff)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVG_2_symbolic(self):
''' Instruction CMOVG_2
Groups: cmov
0x804d6a7: cmovg ecx, dword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x804d6a7] = '\x0f'
mem[0x804d6a8] = 'O'
mem[0x804d6a9] = 'M'
mem[0x804d6aa] = '\x00'
cpu.EIP = 0x804d6a7
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804d6a7, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d6a8, 8)== ord('O'))
condition = Operators.AND(condition, cpu.read_int(0x804d6a9, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x804d6aa, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x804d6ab)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVG_3_symbolic(self):
''' Instruction CMOVG_3
Groups: cmov
0x804d6a4: cmovg ecx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x804d6a4] = '\x0f'
mem[0x804d6a5] = 'O'
mem[0x804d6a6] = '\xca'
cpu.EIP = 0x804d6a4
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xffffffff)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804d6a4, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d6a5, 8)== ord('O'))
condition = Operators.AND(condition, cpu.read_int(0x804d6a6, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0x804d6a7)
condition = Operators.AND(condition, cpu.EDX == 0xffffffff)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVG_4_symbolic(self):
''' Instruction CMOVG_4
Groups: cmov
0x804d69f: cmovg cx, word ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x804d6a0] = '\x0f'
mem[0x804d6a1] = 'O'
mem[0x804d6a2] = 'M'
mem[0x804d6a3] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x804d69f] = 'f'
cpu.EIP = 0x804d69f
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804d6a0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d6a1, 8)== ord('O'))
condition = Operators.AND(condition, cpu.read_int(0x804d6a2, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x804d6a3, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804d69f, 8)== ord('f'))
condition = Operators.AND(condition, cpu.EIP == 0x804d6a4)
condition = Operators.AND(condition, cpu.CX == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVLE_1_symbolic(self):
''' Instruction CMOVLE_1
Groups: cmov
0x80702ea: cmovle cx, dx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x80702ea] = 'f'
mem[0x80702eb] = '\x0f'
mem[0x80702ec] = 'N'
mem[0x80702ed] = '\xca'
cpu.EIP = 0x80702ea
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0xb600)
cpu.DX = cs.new_bitvec(16)
cs.add(cpu.DX == 0xfa)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80702ea, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x80702eb, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80702ec, 8)== ord('N'))
condition = Operators.AND(condition, cpu.read_int(0x80702ed, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0x80702ee)
condition = Operators.AND(condition, cpu.CX == 0xfa)
condition = Operators.AND(condition, cpu.DX == 0xfa)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVLE_2_symbolic(self):
''' Instruction CMOVLE_2
Groups: cmov
0x80702f6: cmovle ecx, dword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x85)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0xe1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
mem[0x80702f6] = '\x0f'
mem[0x80702f7] = 'N'
mem[0x80702f8] = 'M'
mem[0x80702f9] = '\x00'
cpu.EIP = 0x80702f6
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xfa)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x85'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0x80702f6, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80702f7, 8)== ord('N'))
condition = Operators.AND(condition, cpu.read_int(0x80702f8, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x80702f9, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x80702fa)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.ECX == 0x1e18500)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVLE_3_symbolic(self):
''' Instruction CMOVLE_3
Groups: cmov
0x80702ee: cmovle cx, word ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x85)
mem[addr] = value
mem[0x80702ee] = 'f'
mem[0x80702ef] = '\x0f'
mem[0x80702f0] = 'N'
mem[0x80702f1] = 'M'
mem[0x80702f2] = '\x00'
cpu.EIP = 0x80702ee
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0xfa)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x85'))
condition = Operators.AND(condition, cpu.read_int(0x80702ee, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x80702ef, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80702f0, 8)== ord('N'))
condition = Operators.AND(condition, cpu.read_int(0x80702f1, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x80702f2, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x80702f3)
condition = Operators.AND(condition, cpu.CX == 0x8500)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVLE_4_symbolic(self):
''' Instruction CMOVLE_4
Groups: cmov
0x80702f3: cmovle ecx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x80702f3] = '\x0f'
mem[0x80702f4] = 'N'
mem[0x80702f5] = '\xca'
cpu.EIP = 0x80702f3
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xfa)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xffff8500)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80702f3, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80702f4, 8)== ord('N'))
condition = Operators.AND(condition, cpu.read_int(0x80702f5, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0x80702f6)
condition = Operators.AND(condition, cpu.EDX == 0xfa)
condition = Operators.AND(condition, cpu.ECX == 0xfa)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVL_1_symbolic(self):
''' Instruction CMOVL_1
Groups: cmov
0x804d64d: cmovl cx, dx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x804d650] = '\xca'
mem[0x804d64d] = 'f'
mem[0x804d64e] = '\x0f'
mem[0x804d64f] = 'L'
cpu.EIP = 0x804d64d
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x0)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.DX = cs.new_bitvec(16)
cs.add(cpu.DX == 0xffff)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804d650, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.read_int(0x804d64d, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x804d64e, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d64f, 8)== ord('L'))
condition = Operators.AND(condition, cpu.EIP == 0x804d651)
condition = Operators.AND(condition, cpu.CX == 0x0)
condition = Operators.AND(condition, cpu.DX == 0xffff)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVL_2_symbolic(self):
''' Instruction CMOVL_2
Groups: cmov
0x804d656: cmovl ecx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x804d658] = '\xca'
mem[0x804d656] = '\x0f'
mem[0x804d657] = 'L'
cpu.EIP = 0x804d656
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xffffffff)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804d658, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.read_int(0x804d656, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d657, 8)== ord('L'))
condition = Operators.AND(condition, cpu.EIP == 0x804d659)
condition = Operators.AND(condition, cpu.EDX == 0xffffffff)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVL_3_symbolic(self):
''' Instruction CMOVL_3
Groups: cmov
0x804d659: cmovl ecx, dword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x804d659] = '\x0f'
mem[0x804d65a] = 'L'
mem[0x804d65b] = 'M'
mem[0x804d65c] = '\x00'
cpu.EIP = 0x804d659
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804d659, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d65a, 8)== ord('L'))
condition = Operators.AND(condition, cpu.read_int(0x804d65b, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x804d65c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x804d65d)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVL_4_symbolic(self):
''' Instruction CMOVL_4
Groups: cmov
0x804d651: cmovl cx, word ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x804d651] = 'f'
mem[0x804d652] = '\x0f'
mem[0x804d653] = 'L'
mem[0x804d654] = 'M'
mem[0x804d655] = '\x00'
cpu.EIP = 0x804d651
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804d651, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x804d652, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d653, 8)== ord('L'))
condition = Operators.AND(condition, cpu.read_int(0x804d654, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x804d655, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x804d656)
condition = Operators.AND(condition, cpu.CX == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVNE_1_symbolic(self):
''' Instruction CMOVNE_1
Groups: cmov
0xf7fe211a: cmovne ecx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe2000, 0x1000, 'rwx')
mem[0xf7fe211a] = '\x0f'
mem[0xf7fe211b] = 'E'
mem[0xf7fe211c] = '\xca'
cpu.EIP = 0xf7fe211a
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x1)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe211a, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe211b, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe211c, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe211d)
condition = Operators.AND(condition, cpu.EDX == 0x1)
condition = Operators.AND(condition, cpu.ECX == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVNE_10_symbolic(self):
''' Instruction CMOVNE_10
Groups: cmov
0xf7fe99a0: cmovne eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe99a0] = '\x0f'
mem[0xf7fe99a1] = 'E'
mem[0xf7fe99a2] = '\xc2'
cpu.EIP = 0xf7fe99a0
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x4008000)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a1, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a2, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe99a3)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.EAX == 0x4008000)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVNE_11_symbolic(self):
''' Instruction CMOVNE_11
Groups: cmov
0xf7fe99a0: cmovne eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe99a0] = '\x0f'
mem[0xf7fe99a1] = 'E'
mem[0xf7fe99a2] = '\xc2'
cpu.EIP = 0xf7fe99a0
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x8010)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a1, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a2, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe99a3)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.EAX == 0x8010)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVNE_12_symbolic(self):
''' Instruction CMOVNE_12
Groups: cmov
0xf7fe99a0: cmovne eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe99a0] = '\x0f'
mem[0xf7fe99a1] = 'E'
mem[0xf7fe99a2] = '\xc2'
cpu.EIP = 0xf7fe99a0
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x20)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a1, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a2, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe99a3)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.EAX == 0x20)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVNE_13_symbolic(self):
''' Instruction CMOVNE_13
Groups: cmov
0xf7fe99a0: cmovne eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe99a0] = '\x0f'
mem[0xf7fe99a1] = 'E'
mem[0xf7fe99a2] = '\xc2'
cpu.EIP = 0xf7fe99a0
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x1002000)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a1, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a2, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe99a3)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.EAX == 0x1002000)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVNE_14_symbolic(self):
''' Instruction CMOVNE_14
Groups: cmov
0xf7fe686d: cmovne ebp, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe686d] = '\x0f'
mem[0xf7fe686e] = 'E'
mem[0xf7fe686f] = '\xe8'
cpu.EIP = 0xf7fe686d
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0x0)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x10)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe686d, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe686e, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe686f, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe6870)
condition = Operators.AND(condition, cpu.EBP == 0x10)
condition = Operators.AND(condition, cpu.EAX == 0x10)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVNE_15_symbolic(self):
''' Instruction CMOVNE_15
Groups: cmov
0xf7fe66d5: cmovne eax, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe66d5] = '\x0f'
mem[0xf7fe66d6] = 'E'
mem[0xf7fe66d7] = '\xc1'
cpu.EIP = 0xf7fe66d5
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7fdaacd)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf7fda838)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe66d5, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe66d6, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe66d7, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe66d8)
condition = Operators.AND(condition, cpu.ECX == 0xf7fda838)
condition = Operators.AND(condition, cpu.EAX == 0xf7fda838)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVNE_16_symbolic(self):
''' Instruction CMOVNE_16
Groups: cmov
0xf7fe66d5: cmovne eax, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe66d5] = '\x0f'
mem[0xf7fe66d6] = 'E'
mem[0xf7fe66d7] = '\xc1'
cpu.EIP = 0xf7fe66d5
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7ffdc24)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf7ff5844)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe66d5, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe66d6, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe66d7, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe66d8)
condition = Operators.AND(condition, cpu.ECX == 0xf7ff5844)
condition = Operators.AND(condition, cpu.EAX == 0xf7ffdc24)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVNE_17_symbolic(self):
''' Instruction CMOVNE_17
Groups: cmov
0xf7fe99a0: cmovne eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe99a0] = '\x0f'
mem[0xf7fe99a1] = 'E'
mem[0xf7fe99a2] = '\xc2'
cpu.EIP = 0xf7fe99a0
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x40080)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a1, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a2, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe99a3)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.EAX == 0x40080)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVNE_18_symbolic(self):
''' Instruction CMOVNE_18
Groups: cmov
0xf7fe99a0: cmovne eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe99a0] = '\x0f'
mem[0xf7fe99a1] = 'E'
mem[0xf7fe99a2] = '\xc2'
cpu.EIP = 0xf7fe99a0
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x801)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a1, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a2, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe99a3)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.EAX == 0x801)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVNE_19_symbolic(self):
''' Instruction CMOVNE_19
Groups: cmov
0xf7fe99a0: cmovne eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe99a0] = '\x0f'
mem[0xf7fe99a1] = 'E'
mem[0xf7fe99a2] = '\xc2'
cpu.EIP = 0xf7fe99a0
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x4)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a1, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a2, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe99a3)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.EAX == 0x4)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVNE_2_symbolic(self):
''' Instruction CMOVNE_2
Groups: cmov
0x80794b9: cmovne ecx, dword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x3)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x80794b9] = '\x0f'
mem[0x80794ba] = 'E'
mem[0x80794bb] = 'M'
mem[0x80794bc] = '\x00'
cpu.EIP = 0x80794b9
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x80794b9, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80794ba, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x80794bb, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x80794bc, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x80794bd)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.ECX == 0x301)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVNE_20_symbolic(self):
''' Instruction CMOVNE_20
Groups: cmov
0xf7fe99a0: cmovne eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe99a0] = '\x0f'
mem[0xf7fe99a1] = 'E'
mem[0xf7fe99a2] = '\xc2'
cpu.EIP = 0xf7fe99a0
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x2004000)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a1, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a2, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe99a3)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.EAX == 0x2004000)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVNE_21_symbolic(self):
''' Instruction CMOVNE_21
Groups: cmov
0x80794ad: cmovne cx, dx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x80794b0] = '\xca'
mem[0x80794ad] = 'f'
mem[0x80794ae] = '\x0f'
mem[0x80794af] = 'E'
cpu.EIP = 0x80794ad
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x1)
cpu.DX = cs.new_bitvec(16)
cs.add(cpu.DX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80794b0, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.read_int(0x80794ad, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x80794ae, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80794af, 8)== ord('E'))
condition = Operators.AND(condition, cpu.EIP == 0x80794b1)
condition = Operators.AND(condition, cpu.CX == 0x0)
condition = Operators.AND(condition, cpu.DX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVNE_3_symbolic(self):
''' Instruction CMOVNE_3
Groups: cmov
0xf7fe99a0: cmovne eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe99a0] = '\x0f'
mem[0xf7fe99a1] = 'E'
mem[0xf7fe99a2] = '\xc2'
cpu.EIP = 0xf7fe99a0
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x10)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a1, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a2, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe99a3)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.EAX == 0x10)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVNE_4_symbolic(self):
''' Instruction CMOVNE_4
Groups: cmov
0xf7fe99a0: cmovne eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe99a0] = '\x0f'
mem[0xf7fe99a1] = 'E'
mem[0xf7fe99a2] = '\xc2'
cpu.EIP = 0xf7fe99a0
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x40)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a1, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a2, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe99a3)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.EAX == 0x40)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVNE_5_symbolic(self):
''' Instruction CMOVNE_5
Groups: cmov
0xf7fe99a0: cmovne eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe99a0] = '\x0f'
mem[0xf7fe99a1] = 'E'
mem[0xf7fe99a2] = '\xc2'
cpu.EIP = 0xf7fe99a0
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x1)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a1, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a2, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe99a3)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.EAX == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVNE_6_symbolic(self):
''' Instruction CMOVNE_6
Groups: cmov
0xf7fe66d5: cmovne eax, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe66d5] = '\x0f'
mem[0xf7fe66d6] = 'E'
mem[0xf7fe66d7] = '\xc1'
cpu.EIP = 0xf7fe66d5
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7ffde94)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf7ff5844)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe66d5, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe66d6, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe66d7, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe66d8)
condition = Operators.AND(condition, cpu.ECX == 0xf7ff5844)
condition = Operators.AND(condition, cpu.EAX == 0xf7ffde94)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVNE_7_symbolic(self):
''' Instruction CMOVNE_7
Groups: cmov
0xf7fe99a0: cmovne eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe99a0] = '\x0f'
mem[0xf7fe99a1] = 'E'
mem[0xf7fe99a2] = '\xc2'
cpu.EIP = 0xf7fe99a0
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x1002)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a1, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a2, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe99a3)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.EAX == 0x1002)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVNE_8_symbolic(self):
''' Instruction CMOVNE_8
Groups: cmov
0xf7fe99a0: cmovne eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe99a0] = '\x0f'
mem[0xf7fe99a1] = 'E'
mem[0xf7fe99a2] = '\xc2'
cpu.EIP = 0xf7fe99a0
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x8)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a1, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a2, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe99a3)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.EAX == 0x8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVNE_9_symbolic(self):
''' Instruction CMOVNE_9
Groups: cmov
0xf7fe99a0: cmovne eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe99a0] = '\x0f'
mem[0xf7fe99a1] = 'E'
mem[0xf7fe99a2] = '\xc2'
cpu.EIP = 0xf7fe99a0
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x80)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a1, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe99a2, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe99a3)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.EAX == 0x80)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVNO_1_symbolic(self):
''' Instruction CMOVNO_1
Groups: cmov
0x80794e1: cmovno cx, word ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
mem[0x80794e1] = 'f'
mem[0x80794e2] = '\x0f'
mem[0x80794e3] = 'A'
mem[0x80794e4] = 'M'
mem[0x80794e5] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x3)
mem[addr] = value
cpu.EIP = 0x80794e1
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0x80794e1, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x80794e2, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80794e3, 8)== ord('A'))
condition = Operators.AND(condition, cpu.read_int(0x80794e4, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x80794e5, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x80794e6)
condition = Operators.AND(condition, cpu.CX == 0x301)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVNO_2_symbolic(self):
''' Instruction CMOVNO_2
Groups: cmov
0x80794e6: cmovno ecx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x80794e8] = '\xca'
mem[0x80794e6] = '\x0f'
mem[0x80794e7] = 'A'
cpu.EIP = 0x80794e6
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x301)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80794e8, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.read_int(0x80794e6, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80794e7, 8)== ord('A'))
condition = Operators.AND(condition, cpu.EIP == 0x80794e9)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVNO_3_symbolic(self):
''' Instruction CMOVNO_3
Groups: cmov
0x80794dd: cmovno cx, dx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x80794e0] = '\xca'
mem[0x80794dd] = 'f'
mem[0x80794de] = '\x0f'
mem[0x80794df] = 'A'
cpu.EIP = 0x80794dd
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x301)
cpu.DX = cs.new_bitvec(16)
cs.add(cpu.DX == 0x0)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80794e0, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.read_int(0x80794dd, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x80794de, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80794df, 8)== ord('A'))
condition = Operators.AND(condition, cpu.EIP == 0x80794e1)
condition = Operators.AND(condition, cpu.CX == 0x0)
condition = Operators.AND(condition, cpu.DX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVNO_4_symbolic(self):
''' Instruction CMOVNO_4
Groups: cmov
0x80794e9: cmovno ecx, dword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x3)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x80794e9] = '\x0f'
mem[0x80794ea] = 'A'
mem[0x80794eb] = 'M'
mem[0x80794ec] = '\x00'
cpu.EIP = 0x80794e9
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x80794e9, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80794ea, 8)== ord('A'))
condition = Operators.AND(condition, cpu.read_int(0x80794eb, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x80794ec, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x80794ed)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.ECX == 0x301)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVNP_1_symbolic(self):
''' Instruction CMOVNP_1
Groups: cmov
0x80794d1: cmovnp cx, word ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x3)
mem[addr] = value
mem[0x80794d1] = 'f'
mem[0x80794d2] = '\x0f'
mem[0x80794d3] = 'K'
mem[0x80794d4] = 'M'
mem[0x80794d5] = '\x00'
cpu.EIP = 0x80794d1
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x301)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x80794d1, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x80794d2, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80794d3, 8)== ord('K'))
condition = Operators.AND(condition, cpu.read_int(0x80794d4, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x80794d5, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x80794d6)
condition = Operators.AND(condition, cpu.CX == 0x301)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVNP_2_symbolic(self):
''' Instruction CMOVNP_2
Groups: cmov
0x80794cd: cmovnp cx, dx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x80794d0] = '\xca'
mem[0x80794cd] = 'f'
mem[0x80794ce] = '\x0f'
mem[0x80794cf] = 'K'
cpu.EIP = 0x80794cd
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x301)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.DX = cs.new_bitvec(16)
cs.add(cpu.DX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80794d0, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.read_int(0x80794cd, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x80794ce, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80794cf, 8)== ord('K'))
condition = Operators.AND(condition, cpu.EIP == 0x80794d1)
condition = Operators.AND(condition, cpu.CX == 0x301)
condition = Operators.AND(condition, cpu.DX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVNP_3_symbolic(self):
''' Instruction CMOVNP_3
Groups: cmov
0x80794d6: cmovnp ecx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x80794d8] = '\xca'
mem[0x80794d6] = '\x0f'
mem[0x80794d7] = 'K'
cpu.EIP = 0x80794d6
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x301)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80794d8, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.read_int(0x80794d6, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80794d7, 8)== ord('K'))
condition = Operators.AND(condition, cpu.EIP == 0x80794d9)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.ECX == 0x301)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVNP_4_symbolic(self):
''' Instruction CMOVNP_4
Groups: cmov
0x80794d9: cmovnp ecx, dword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x3)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x80794d9] = '\x0f'
mem[0x80794da] = 'K'
mem[0x80794db] = 'M'
mem[0x80794dc] = '\x00'
cpu.EIP = 0x80794d9
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x301)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x80794d9, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80794da, 8)== ord('K'))
condition = Operators.AND(condition, cpu.read_int(0x80794db, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x80794dc, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x80794dd)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.ECX == 0x301)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVNS_1_symbolic(self):
''' Instruction CMOVNS_1
Groups: cmov
0x80794c1: cmovns cx, word ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
mem[0x80794c1] = 'f'
mem[0x80794c2] = '\x0f'
mem[0x80794c3] = 'I'
mem[0x80794c4] = 'M'
mem[0x80794c5] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x3)
mem[addr] = value
cpu.EIP = 0x80794c1
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x301)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0x80794c1, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x80794c2, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80794c3, 8)== ord('I'))
condition = Operators.AND(condition, cpu.read_int(0x80794c4, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x80794c5, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x80794c6)
condition = Operators.AND(condition, cpu.CX == 0x301)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVNS_2_symbolic(self):
''' Instruction CMOVNS_2
Groups: cmov
0x80794c9: cmovns ecx, dword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x3)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x80794c9] = '\x0f'
mem[0x80794ca] = 'I'
mem[0x80794cb] = 'M'
mem[0x80794cc] = '\x00'
cpu.EIP = 0x80794c9
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x301)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x80794c9, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80794ca, 8)== ord('I'))
condition = Operators.AND(condition, cpu.read_int(0x80794cb, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x80794cc, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x80794cd)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.ECX == 0x301)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVNS_3_symbolic(self):
''' Instruction CMOVNS_3
Groups: cmov
0x80794bd: cmovns cx, dx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x80794c0] = '\xca'
mem[0x80794bd] = 'f'
mem[0x80794be] = '\x0f'
mem[0x80794bf] = 'I'
cpu.EIP = 0x80794bd
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x301)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.DX = cs.new_bitvec(16)
cs.add(cpu.DX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80794c0, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.read_int(0x80794bd, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x80794be, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80794bf, 8)== ord('I'))
condition = Operators.AND(condition, cpu.EIP == 0x80794c1)
condition = Operators.AND(condition, cpu.CX == 0x301)
condition = Operators.AND(condition, cpu.DX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVNS_4_symbolic(self):
''' Instruction CMOVNS_4
Groups: cmov
0x80794c6: cmovns ecx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x80794c8] = '\xca'
mem[0x80794c6] = '\x0f'
mem[0x80794c7] = 'I'
cpu.EIP = 0x80794c6
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x301)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80794c8, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.read_int(0x80794c6, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80794c7, 8)== ord('I'))
condition = Operators.AND(condition, cpu.EIP == 0x80794c9)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.ECX == 0x301)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVO_1_symbolic(self):
''' Instruction CMOVO_1
Groups: cmov
0x804d677: cmovo ecx, dword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x804d677] = '\x0f'
mem[0x804d678] = '@'
mem[0x804d679] = 'M'
mem[0x804d67a] = '\x00'
cpu.EIP = 0x804d677
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804d677, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d678, 8)== ord('@'))
condition = Operators.AND(condition, cpu.read_int(0x804d679, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x804d67a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x804d67b)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVO_2_symbolic(self):
''' Instruction CMOVO_2
Groups: cmov
0x804d674: cmovo ecx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x804d674] = '\x0f'
mem[0x804d675] = '@'
mem[0x804d676] = '\xca'
cpu.EIP = 0x804d674
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xffffffff)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804d674, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d675, 8)== ord('@'))
condition = Operators.AND(condition, cpu.read_int(0x804d676, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0x804d677)
condition = Operators.AND(condition, cpu.EDX == 0xffffffff)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVO_3_symbolic(self):
''' Instruction CMOVO_3
Groups: cmov
0x804d66b: cmovo cx, dx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x804d66b] = 'f'
mem[0x804d66c] = '\x0f'
mem[0x804d66d] = '@'
mem[0x804d66e] = '\xca'
cpu.EIP = 0x804d66b
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x0)
cpu.DX = cs.new_bitvec(16)
cs.add(cpu.DX == 0xffff)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804d66b, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x804d66c, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d66d, 8)== ord('@'))
condition = Operators.AND(condition, cpu.read_int(0x804d66e, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0x804d66f)
condition = Operators.AND(condition, cpu.CX == 0x0)
condition = Operators.AND(condition, cpu.DX == 0xffff)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVO_4_symbolic(self):
''' Instruction CMOVO_4
Groups: cmov
0x804d66f: cmovo cx, word ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x804d66f] = 'f'
mem[0x804d670] = '\x0f'
mem[0x804d671] = '@'
mem[0x804d672] = 'M'
mem[0x804d673] = '\x00'
cpu.EIP = 0x804d66f
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804d66f, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x804d670, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d671, 8)== ord('@'))
condition = Operators.AND(condition, cpu.read_int(0x804d672, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x804d673, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x804d674)
condition = Operators.AND(condition, cpu.CX == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVP_1_symbolic(self):
''' Instruction CMOVP_1
Groups: cmov
0x804d63c: cmovp cx, dx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x804d63c] = 'f'
mem[0x804d63d] = '\x0f'
mem[0x804d63e] = 'J'
mem[0x804d63f] = '\xca'
cpu.EIP = 0x804d63c
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x0)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.DX = cs.new_bitvec(16)
cs.add(cpu.DX == 0xffff)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804d63c, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x804d63d, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d63e, 8)== ord('J'))
condition = Operators.AND(condition, cpu.read_int(0x804d63f, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0x804d640)
condition = Operators.AND(condition, cpu.CX == 0xffff)
condition = Operators.AND(condition, cpu.DX == 0xffff)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVP_2_symbolic(self):
''' Instruction CMOVP_2
Groups: cmov
0x804d648: cmovp ecx, dword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x804d648] = '\x0f'
mem[0x804d649] = 'J'
mem[0x804d64a] = 'M'
mem[0x804d64b] = '\x00'
cpu.EIP = 0x804d648
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xffffffff)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804d648, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d649, 8)== ord('J'))
condition = Operators.AND(condition, cpu.read_int(0x804d64a, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x804d64b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x804d64c)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVP_3_symbolic(self):
''' Instruction CMOVP_3
Groups: cmov
0x804d640: cmovp cx, word ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x804d640] = 'f'
mem[0x804d641] = '\x0f'
mem[0x804d642] = 'J'
mem[0x804d643] = 'M'
mem[0x804d644] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0x804d640
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0xffff)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804d640, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x804d641, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d642, 8)== ord('J'))
condition = Operators.AND(condition, cpu.read_int(0x804d643, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x804d644, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x804d645)
condition = Operators.AND(condition, cpu.CX == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVP_4_symbolic(self):
''' Instruction CMOVP_4
Groups: cmov
0x804d645: cmovp ecx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x804d645] = '\x0f'
mem[0x804d646] = 'J'
mem[0x804d647] = '\xca'
cpu.EIP = 0x804d645
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xffffffff)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804d645, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d646, 8)== ord('J'))
condition = Operators.AND(condition, cpu.read_int(0x804d647, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0x804d648)
condition = Operators.AND(condition, cpu.EDX == 0xffffffff)
condition = Operators.AND(condition, cpu.ECX == 0xffffffff)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVS_1_symbolic(self):
''' Instruction CMOVS_1
Groups: cmov
0x8079391: cmovs ecx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079391] = '\x0f'
mem[0x8079392] = 'H'
mem[0x8079393] = '\xca'
cpu.EIP = 0x8079391
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x1800080)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079391, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8079392, 8)== ord('H'))
condition = Operators.AND(condition, cpu.read_int(0x8079393, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0x8079394)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.ECX == 0x1800080)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVS_2_symbolic(self):
''' Instruction CMOVS_2
Groups: cmov
0x8079394: cmovs ecx, dword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8079394] = '\x0f'
mem[0x8079395] = 'H'
mem[0x8079396] = 'M'
mem[0x8079397] = '\x00'
cpu.EIP = 0x8079394
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x1800080)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8079394, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8079395, 8)== ord('H'))
condition = Operators.AND(condition, cpu.read_int(0x8079396, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x8079397, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8079398)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.ECX == 0x1800080)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVS_3_symbolic(self):
''' Instruction CMOVS_3
Groups: cmov
0x807938c: cmovs cx, word ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x807938c] = 'f'
mem[0x807938d] = '\x0f'
mem[0x807938e] = 'H'
mem[0x807938f] = 'M'
mem[0x8079390] = '\x00'
cpu.EIP = 0x807938c
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x80)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x807938c, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x807938d, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x807938e, 8)== ord('H'))
condition = Operators.AND(condition, cpu.read_int(0x807938f, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x8079390, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8079391)
condition = Operators.AND(condition, cpu.CX == 0x80)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMOVS_4_symbolic(self):
''' Instruction CMOVS_4
Groups: cmov
0x8079388: cmovs cx, dx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079388] = 'f'
mem[0x8079389] = '\x0f'
mem[0x807938a] = 'H'
mem[0x807938b] = '\xca'
cpu.EIP = 0x8079388
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x80)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.DX = cs.new_bitvec(16)
cs.add(cpu.DX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079388, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8079389, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x807938a, 8)== ord('H'))
condition = Operators.AND(condition, cpu.read_int(0x807938b, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0x807938c)
condition = Operators.AND(condition, cpu.CX == 0x80)
condition = Operators.AND(condition, cpu.DX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMPSB_1_symbolic(self):
''' Instruction CMPSB_1
Groups:
0x8056678: cmpsb byte ptr [esi], byte ptr es:[edi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08056000, 0x1000, 'rwx')
mem.mmap(0x0807e000, 0x2000, 'rwx')
mem[0x8056678] = '\xa6'
addr = cs.new_bitvec(32)
cs.add(addr == 0x807e037)
value = cs.new_bitvec(8)
cs.add(value == 0xe5)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x807f037)
value = cs.new_bitvec(8)
cs.add(value == 0xed)
mem[addr] = value
cpu.EIP = 0x8056678
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x807f037)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0x807e037)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8056678, 8)== ord('\xa6'))
condition = Operators.AND(condition, cpu.read_int(0x807f037, 8)== ord('\xed'))
condition = Operators.AND(condition, cpu.read_int(0x807e037, 8)== ord('\xe5'))
condition = Operators.AND(condition, cpu.EIP == 0x8056679)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.EDI == 0x807f038)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.ESI == 0x807e038)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMPSD_1_symbolic(self):
''' Instruction CMPSD_1
Groups:
0x805667b: cmpsd dword ptr [esi], dword ptr es:[edi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08056000, 0x1000, 'rwx')
mem.mmap(0x0807e000, 0x2000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0x807e03b)
value = cs.new_bitvec(8)
cs.add(value == 0xe5)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x807f03b)
value = cs.new_bitvec(8)
cs.add(value == 0xed)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x807e03a)
value = cs.new_bitvec(8)
cs.add(value == 0x1e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x807e03c)
value = cs.new_bitvec(8)
cs.add(value == 0xe5)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x807f03a)
value = cs.new_bitvec(8)
cs.add(value == 0x1e)
mem[addr] = value
mem[0x805667b] = '\xa7'
addr = cs.new_bitvec(32)
cs.add(addr == 0x807f03c)
value = cs.new_bitvec(8)
cs.add(value == 0xed)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x807f03d)
value = cs.new_bitvec(8)
cs.add(value == 0xd1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x807e03d)
value = cs.new_bitvec(8)
cs.add(value == 0x51)
mem[addr] = value
cpu.EIP = 0x805667b
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x807f03a)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0x807e03a)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807e03b, 8)== ord('\xe5'))
condition = Operators.AND(condition, cpu.read_int(0x807f03a, 8)== ord('\x1e'))
condition = Operators.AND(condition, cpu.read_int(0x805667b, 8)== ord('\xa7'))
condition = Operators.AND(condition, cpu.read_int(0x807e03a, 8)== ord('\x1e'))
condition = Operators.AND(condition, cpu.read_int(0x807f03b, 8)== ord('\xed'))
condition = Operators.AND(condition, cpu.read_int(0x807e03c, 8)== ord('\xe5'))
condition = Operators.AND(condition, cpu.read_int(0x807e03d, 8)== ord('Q'))
condition = Operators.AND(condition, cpu.read_int(0x807f03d, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.read_int(0x807f03c, 8)== ord('\xed'))
condition = Operators.AND(condition, cpu.EIP == 0x805667c)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.EDI == 0x807f03e)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.ESI == 0x807e03e)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMPSW_1_symbolic(self):
''' Instruction CMPSW_1
Groups:
0x8056679: cmpsw word ptr [esi], word ptr es:[edi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08056000, 0x1000, 'rwx')
mem.mmap(0x0807e000, 0x2000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0x807e038)
value = cs.new_bitvec(8)
cs.add(value == 0xe5)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x807f039)
value = cs.new_bitvec(8)
cs.add(value == 0xd1)
mem[addr] = value
mem[0x8056679] = 'f'
addr = cs.new_bitvec(32)
cs.add(addr == 0x807f038)
value = cs.new_bitvec(8)
cs.add(value == 0xed)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x807e039)
value = cs.new_bitvec(8)
cs.add(value == 0x51)
mem[addr] = value
mem[0x805667a] = '\xa7'
cpu.EIP = 0x8056679
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x807f038)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0x807e038)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807f038, 8)== ord('\xed'))
condition = Operators.AND(condition, cpu.read_int(0x807e039, 8)== ord('Q'))
condition = Operators.AND(condition, cpu.read_int(0x8056679, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x807e038, 8)== ord('\xe5'))
condition = Operators.AND(condition, cpu.read_int(0x807f039, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.read_int(0x805667a, 8)== ord('\xa7'))
condition = Operators.AND(condition, cpu.EIP == 0x805667b)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.EDI == 0x807f03a)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.ESI == 0x807e03a)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMP_1_symbolic(self):
''' Instruction CMP_1
Groups:
0xf7fe0b35: cmp edi, 0x23
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe0000, 0x1000, 'rwx')
mem[0xf7fe0b35] = '\x83'
mem[0xf7fe0b36] = '\xff'
mem[0xf7fe0b37] = '#'
cpu.EIP = 0xf7fe0b35
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x1)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe0b35, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe0b36, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe0b37, 8)== ord('#'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe0b38)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.EDI == 0x1)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMP_10_symbolic(self):
''' Instruction CMP_10
Groups:
0xf7fe4caa: cmp word ptr [edi + 0xe], 0
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e20000, 0x1000, 'rwx')
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4caa] = 'f'
mem[0xf7fe4cab] = '\x83'
mem[0xf7fe4cac] = '\x7f'
mem[0xf7fe4cad] = '\x0e'
mem[0xf7fe4cae] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e20892)
value = cs.new_bitvec(8)
cs.add(value == 0x20)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e20893)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0xf7fe4caa
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7e20884)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4caa, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cab, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cac, 8)== ord('\x7f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cad, 8)== ord('\x0e'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cae, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e20892, 8)== ord(' '))
condition = Operators.AND(condition, cpu.read_int(0xf7e20893, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4caf)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.EDI == 0xf7e20884)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMP_11_symbolic(self):
''' Instruction CMP_11
Groups:
0xf7ff41ad: cmp ecx, 1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff41ad] = '\x83'
mem[0xf7ff41ae] = '\xf9'
mem[0xf7ff41af] = '\x01'
cpu.EIP = 0xf7ff41ad
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x14)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff41ad, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff41ae, 8)== ord('\xf9'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff41af, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff41b0)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.ECX == 0x14)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMP_12_symbolic(self):
''' Instruction CMP_12
Groups:
0xf7ff3e6a: cmp al, byte ptr [edx]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fdc000, 0x1000, 'rwx')
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6a] = ':'
mem[0xf7ff3e6b] = '\x02'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdc4fe)
value = cs.new_bitvec(8)
cs.add(value == 0x5f)
mem[addr] = value
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.EIP = 0xf7ff3e6a
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7fdc4fe)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x5f)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e6a, 8)== ord(':'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e6b, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdc4fe, 8)== ord('_'))
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e6c)
condition = Operators.AND(condition, cpu.EDX == 0xf7fdc4fe)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.AL == 0x5f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMP_13_symbolic(self):
''' Instruction CMP_13
Groups:
0xf7fe71ac: cmp byte ptr [esi + 4], 8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e2a000, 0x1000, 'rwx')
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e2af60)
value = cs.new_bitvec(8)
cs.add(value == 0x8)
mem[addr] = value
mem[0xf7fe71ac] = '\x80'
mem[0xf7fe71ad] = '~'
mem[0xf7fe71ae] = '\x04'
mem[0xf7fe71af] = '\x08'
cpu.EIP = 0xf7fe71ac
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7e2af5c)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e2af60, 8)== ord('\x08'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71ac, 8)== ord('\x80'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71ad, 8)== ord('~'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71ae, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71af, 8)== ord('\x08'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71b0)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.ESI == 0xf7e2af5c)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMP_14_symbolic(self):
''' Instruction CMP_14
Groups:
0xf7ff3e6a: cmp al, byte ptr [edx]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e28000, 0x1000, 'rwx')
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6a] = ':'
mem[0xf7ff3e6b] = '\x02'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e28067)
value = cs.new_bitvec(8)
cs.add(value == 0x32)
mem[addr] = value
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.EIP = 0xf7ff3e6a
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7e28067)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x32)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e6a, 8)== ord(':'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e6b, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.read_int(0xf7e28067, 8)== ord('2'))
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e6c)
condition = Operators.AND(condition, cpu.EDX == 0xf7e28067)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.AL == 0x32)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMP_15_symbolic(self):
''' Instruction CMP_15
Groups:
0xf7fe71bb: cmp ecx, esi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bb] = '9'
mem[0xf7fe71bc] = '\xf1'
cpu.EIP = 0xf7fe71bb
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf7e2c06c)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7e29f8c)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe71bb, 8)== ord('9'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71bc, 8)== ord('\xf1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71bd)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.ECX == 0xf7e2c06c)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.ESI == 0xf7e29f8c)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMP_16_symbolic(self):
''' Instruction CMP_16
Groups:
0xf7fe71bb: cmp ecx, esi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bb] = '9'
mem[0xf7fe71bc] = '\xf1'
cpu.EIP = 0xf7fe71bb
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf7e2c06c)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7e29f44)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe71bb, 8)== ord('9'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71bc, 8)== ord('\xf1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71bd)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.ECX == 0xf7e2c06c)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.ESI == 0xf7e29f44)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMP_17_symbolic(self):
''' Instruction CMP_17
Groups:
0xf7fe71bb: cmp ecx, esi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bb] = '9'
mem[0xf7fe71bc] = '\xf1'
cpu.EIP = 0xf7fe71bb
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf7e2c06c)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7e2bac4)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe71bb, 8)== ord('9'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71bc, 8)== ord('\xf1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71bd)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.ECX == 0xf7e2c06c)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.ESI == 0xf7e2bac4)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMP_18_symbolic(self):
''' Instruction CMP_18
Groups:
0xf7fe4fa7: cmp dl, 2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4fa8] = '\xfa'
mem[0xf7fe4fa9] = '\x02'
mem[0xf7fe4fa7] = '\x80'
cpu.EIP = 0xf7fe4fa7
cpu.DL = cs.new_bitvec(8)
cs.add(cpu.DL == 0x2)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4fa8, 8)== ord('\xfa'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4fa9, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4fa7, 8)== ord('\x80'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4faa)
condition = Operators.AND(condition, cpu.DL == 0x2)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMP_19_symbolic(self):
''' Instruction CMP_19
Groups:
0xf7ff3e6a: cmp al, byte ptr [edx]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6a] = ':'
mem[0xf7ff3e6b] = '\x02'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaac5)
value = cs.new_bitvec(8)
cs.add(value == 0x69)
mem[addr] = value
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.EIP = 0xf7ff3e6a
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7fdaac5)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x64)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e6a, 8)== ord(':'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e6b, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaac5, 8)== ord('i'))
condition = Operators.AND(condition, cpu.SF == True)
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e6c)
condition = Operators.AND(condition, cpu.EDX == 0xf7fdaac5)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.AL == 0x64)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMP_2_symbolic(self):
''' Instruction CMP_2
Groups:
0xf7fe71bb: cmp ecx, esi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bb] = '9'
mem[0xf7fe71bc] = '\xf1'
cpu.EIP = 0xf7fe71bb
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf7e2c06c)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7e2b12c)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe71bb, 8)== ord('9'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71bc, 8)== ord('\xf1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71bd)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.ECX == 0xf7e2c06c)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.ESI == 0xf7e2b12c)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMP_20_symbolic(self):
''' Instruction CMP_20
Groups:
0xf7ff3e6a: cmp al, byte ptr [edx]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fdc000, 0x1000, 'rwx')
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6a] = ':'
mem[0xf7ff3e6b] = '\x02'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdc626)
value = cs.new_bitvec(8)
cs.add(value == 0x32)
mem[addr] = value
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.EIP = 0xf7ff3e6a
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7fdc626)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x32)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e6a, 8)== ord(':'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e6b, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdc626, 8)== ord('2'))
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e6c)
condition = Operators.AND(condition, cpu.EDX == 0xf7fdc626)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.AL == 0x32)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMP_21_symbolic(self):
''' Instruction CMP_21
Groups:
0xf7fe71bb: cmp ecx, esi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bb] = '9'
mem[0xf7fe71bc] = '\xf1'
cpu.EIP = 0xf7fe71bb
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf7e2c06c)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7e2b944)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe71bb, 8)== ord('9'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71bc, 8)== ord('\xf1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71bd)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.ECX == 0xf7e2c06c)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.ESI == 0xf7e2b944)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMP_3_symbolic(self):
''' Instruction CMP_3
Groups:
0xf7ff0681: cmp cl, dl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff0681] = '8'
mem[0xf7ff0682] = '\xd1'
cpu.EIP = 0xf7ff0681
cpu.DL = cs.new_bitvec(8)
cs.add(cpu.DL == 0x62)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x62)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff0681, 8)== ord('8'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0682, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff0683)
condition = Operators.AND(condition, cpu.DL == 0x62)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CL == 0x62)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMP_4_symbolic(self):
''' Instruction CMP_4
Groups:
0xf7fe4ea2: cmp esi, dword ptr [esp + 0xac]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd39c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd39d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd39e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd39f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fe4ea2] = ';'
mem[0xf7fe4ea3] = '\xb4'
mem[0xf7fe4ea4] = '$'
mem[0xf7fe4ea5] = '\xac'
mem[0xf7fe4ea6] = '\x00'
mem[0xf7fe4ea7] = '\x00'
mem[0xf7fe4ea8] = '\x00'
cpu.EIP = 0xf7fe4ea2
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2f0)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7fda858)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd39c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd39d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd39e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd39f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4ea2, 8)== ord(';'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4ea3, 8)== ord('\xb4'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4ea4, 8)== ord('$'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4ea5, 8)== ord('\xac'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4ea6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4ea7, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4ea8, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4ea9)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2f0)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.ESI == 0xf7fda858)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMP_5_symbolic(self):
''' Instruction CMP_5
Groups:
0xf7ff3e6a: cmp al, byte ptr [edx]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e28000, 0x1000, 'rwx')
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e28099)
value = cs.new_bitvec(8)
cs.add(value == 0x47)
mem[addr] = value
mem[0xf7ff3e6a] = ':'
mem[0xf7ff3e6b] = '\x02'
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.EIP = 0xf7ff3e6a
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7e28099)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x47)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e28099, 8)== ord('G'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e6a, 8)== ord(':'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e6b, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e6c)
condition = Operators.AND(condition, cpu.EDX == 0xf7e28099)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.AL == 0x47)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMP_6_symbolic(self):
''' Instruction CMP_6
Groups:
0xf7ff0681: cmp cl, dl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff0681] = '8'
mem[0xf7ff0682] = '\xd1'
cpu.EIP = 0xf7ff0681
cpu.DL = cs.new_bitvec(8)
cs.add(cpu.DL == 0x63)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x63)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff0681, 8)== ord('8'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0682, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff0683)
condition = Operators.AND(condition, cpu.DL == 0x63)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CL == 0x63)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMP_7_symbolic(self):
''' Instruction CMP_7
Groups:
0xf7fe7f28: cmp eax, 2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7f28] = '\x83'
mem[0xf7fe7f29] = '\xf8'
mem[0xf7fe7f2a] = '\x02'
cpu.EIP = 0xf7fe7f28
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xffffffde)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7f28, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7f29, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7f2a, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7f2b)
condition = Operators.AND(condition, cpu.EAX == 0xffffffde)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMP_8_symbolic(self):
''' Instruction CMP_8
Groups:
0xf7fe579d: cmp dl, 3
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe579d] = '\x80'
mem[0xf7fe579e] = '\xfa'
mem[0xf7fe579f] = '\x03'
cpu.EIP = 0xf7fe579d
cpu.DL = cs.new_bitvec(8)
cs.add(cpu.DL == 0x0)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe579d, 8)== ord('\x80'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe579e, 8)== ord('\xfa'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe579f, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe57a0)
condition = Operators.AND(condition, cpu.DL == 0x0)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CMP_9_symbolic(self):
''' Instruction CMP_9
Groups:
0xf7fe0abc: cmp byte ptr [eax + 4], 8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fdc000, 0x1000, 'rwx')
mem.mmap(0xf7fe0000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdc780)
value = cs.new_bitvec(8)
cs.add(value == 0x8)
mem[addr] = value
mem[0xf7fe0abc] = '\x80'
mem[0xf7fe0abd] = 'x'
mem[0xf7fe0abe] = '\x04'
mem[0xf7fe0abf] = '\x08'
cpu.EIP = 0xf7fe0abc
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7fdc77c)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fdc780, 8)== ord('\x08'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe0abc, 8)== ord('\x80'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe0abd, 8)== ord('x'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe0abe, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe0abf, 8)== ord('\x08'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe0ac0)
condition = Operators.AND(condition, cpu.EAX == 0xf7fdc77c)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CWDE_1_symbolic(self):
''' Instruction CWDE_1
Groups:
0x807934a: cwde
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x807934a] = '\x98'
cpu.EIP = 0x807934a
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x137)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807934a, 8)== ord('\x98'))
condition = Operators.AND(condition, cpu.EIP == 0x807934b)
condition = Operators.AND(condition, cpu.EAX == 0x137)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_CWDE_2_symbolic(self):
''' Instruction CWDE_2
Groups:
0x807028c: cwde
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x807028c] = '\x98'
cpu.EIP = 0x807028c
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xb594ecf8)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807028c, 8)== ord('\x98'))
condition = Operators.AND(condition, cpu.EIP == 0x807028d)
condition = Operators.AND(condition, cpu.EAX == 0xffffecf8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_DEC_1_symbolic(self):
''' Instruction DEC_1
Groups: not64bitmode
0xf7ff3ee8: dec edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ee8] = 'J'
cpu.EIP = 0xf7ff3ee8
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xa0ffc9d2)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3ee8, 8)== ord('J'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3ee9)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EDX == 0xa0ffc9d1)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_DEC_10_symbolic(self):
''' Instruction DEC_10
Groups: not64bitmode
0xf7ff3ee8: dec edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ee8] = 'J'
cpu.EIP = 0xf7ff3ee8
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xc7cc96d1)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3ee8, 8)== ord('J'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3ee9)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.EDX == 0xc7cc96d0)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_DEC_11_symbolic(self):
''' Instruction DEC_11
Groups: not64bitmode
0xf7ff3f1c: dec edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3f1c] = 'J'
cpu.EIP = 0xf7ff3f1c
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x8a9198d3)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3f1c, 8)== ord('J'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3f1d)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EDX == 0x8a9198d2)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_DEC_12_symbolic(self):
''' Instruction DEC_12
Groups: not64bitmode
0x8059862: dec cx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x8059862] = 'f'
mem[0x8059863] = 'I'
cpu.EIP = 0x8059862
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0xff)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8059862, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8059863, 8)== ord('I'))
condition = Operators.AND(condition, cpu.EIP == 0x8059864)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CX == 0xfe)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_DEC_13_symbolic(self):
''' Instruction DEC_13
Groups: not64bitmode
0xf7ff3ee8: dec edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ee8] = 'J'
cpu.EIP = 0xf7ff3ee8
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xffffff99)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3ee8, 8)== ord('J'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3ee9)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.EDX == 0xffffff98)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_DEC_14_symbolic(self):
''' Instruction DEC_14
Groups: not64bitmode
0xf7ff3ee8: dec edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ee8] = 'J'
cpu.EIP = 0xf7ff3ee8
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3ee8, 8)== ord('J'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3ee9)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EDX == 0xffffffff)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_DEC_15_symbolic(self):
''' Instruction DEC_15
Groups: not64bitmode
0xf7ff3ee8: dec edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ee8] = 'J'
cpu.EIP = 0xf7ff3ee8
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x908cd19d)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3ee8, 8)== ord('J'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3ee9)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EDX == 0x908cd19c)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_DEC_16_symbolic(self):
''' Instruction DEC_16
Groups: not64bitmode
0xf7ff3ece: dec edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ece] = 'J'
cpu.EIP = 0xf7ff3ece
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x908cd19d)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3ece, 8)== ord('J'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3ecf)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EDX == 0x908cd19c)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_DEC_17_symbolic(self):
''' Instruction DEC_17
Groups: not64bitmode
0x8059864: dec ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x8059864] = 'I'
cpu.EIP = 0x8059864
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xfe)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8059864, 8)== ord('I'))
condition = Operators.AND(condition, cpu.EIP == 0x8059865)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ECX == 0xfd)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_DEC_18_symbolic(self):
''' Instruction DEC_18
Groups: not64bitmode
0xf7ff3f02: dec edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3f02] = 'J'
cpu.EIP = 0xf7ff3f02
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x9693d2ca)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3f02, 8)== ord('J'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3f03)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EDX == 0x9693d2c9)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_DEC_19_symbolic(self):
''' Instruction DEC_19
Groups: not64bitmode
0xf7ff3ece: dec edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ece] = 'J'
cpu.EIP = 0xf7ff3ece
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x908cd19d)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3ece, 8)== ord('J'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3ecf)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EDX == 0x908cd19c)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_DEC_2_symbolic(self):
''' Instruction DEC_2
Groups: not64bitmode
0xf7ff3cea: dec edi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3cea] = 'O'
cpu.EIP = 0xf7ff3cea
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x1)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3cea, 8)== ord('O'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3ceb)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.EDI == 0x0)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_DEC_20_symbolic(self):
''' Instruction DEC_20
Groups: not64bitmode
0xf7ff3ece: dec edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ece] = 'J'
cpu.EIP = 0xf7ff3ece
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x9d9693d1)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3ece, 8)== ord('J'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3ecf)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.EDX == 0x9d9693d0)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_DEC_21_symbolic(self):
''' Instruction DEC_21
Groups: not64bitmode
0xf7ff3ee8: dec edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ee8] = 'J'
cpu.EIP = 0xf7ff3ee8
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xa0ffc9d2)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3ee8, 8)== ord('J'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3ee9)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EDX == 0xa0ffc9d1)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_DEC_3_symbolic(self):
''' Instruction DEC_3
Groups: not64bitmode
0xf7ff3ece: dec edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ece] = 'J'
cpu.EIP = 0xf7ff3ece
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x9a91989b)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3ece, 8)== ord('J'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3ecf)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EDX == 0x9a91989a)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_DEC_4_symbolic(self):
''' Instruction DEC_4
Groups: not64bitmode
0xf7ff3ece: dec edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ece] = 'J'
cpu.EIP = 0xf7ff3ece
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xcc96d09e)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3ece, 8)== ord('J'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3ecf)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.EDX == 0xcc96d09d)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_DEC_5_symbolic(self):
''' Instruction DEC_5
Groups: not64bitmode
0xf7ff3f02: dec edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3f02] = 'J'
cpu.EIP = 0xf7ff3f02
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x8cd19a8c)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3f02, 8)== ord('J'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3f03)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EDX == 0x8cd19a8b)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_DEC_6_symbolic(self):
''' Instruction DEC_6
Groups: not64bitmode
0xf7ff3ece: dec edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ece] = 'J'
cpu.EIP = 0xf7ff3ece
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x8a919694)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3ece, 8)== ord('J'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3ecf)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EDX == 0x8a919693)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_DEC_7_symbolic(self):
''' Instruction DEC_7
Groups: not64bitmode
0xf7ff3ece: dec edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ece] = 'J'
cpu.EIP = 0xf7ff3ece
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x9d9693d1)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3ece, 8)== ord('J'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3ecf)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.EDX == 0x9d9693d0)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_DEC_8_symbolic(self):
''' Instruction DEC_8
Groups: not64bitmode
0xf7ff3cea: dec edi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3cea] = 'O'
cpu.EIP = 0xf7ff3cea
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x1)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3cea, 8)== ord('O'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3ceb)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.EDI == 0x0)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_DEC_9_symbolic(self):
''' Instruction DEC_9
Groups: not64bitmode
0xf7ff3ee8: dec edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ee8] = 'J'
cpu.EIP = 0xf7ff3ee8
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x93d2c9c8)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3ee8, 8)== ord('J'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3ee9)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.EDX == 0x93d2c9c7)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_EMMS_1_symbolic(self):
''' Instruction EMMS_1
Groups: mmx
0x804d5b9: emms
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x804d5b9] = '\x0f'
mem[0x804d5ba] = 'w'
cpu.EIP = 0x804d5b9
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804d5b9, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d5ba, 8)== ord('w'))
condition = Operators.AND(condition, cpu.EIP == 0x804d5bb)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_FNSTCW_1_symbolic(self):
''' Instruction FNSTCW_1
Groups:
0x8079485: fnstcw word ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8079485] = '\xd9'
mem[0x8079486] = '}'
mem[0x8079487] = '\x00'
cpu.EIP = 0x8079485
cpu.EBP = cs.new_bitvec(32)
cpu.FPCW = 0x37f
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x7f'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x8079485, 8)== ord('\xd9'))
condition = Operators.AND(condition, cpu.read_int(0x8079486, 8)== ord('}'))
condition = Operators.AND(condition, cpu.read_int(0x8079487, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8079488)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_IMUL_1_symbolic(self):
''' Instruction IMUL_1
Groups:
0x8070337: imul cx, cx, 0xffff
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x8070338] = 'i'
mem[0x8070339] = '\xc9'
mem[0x807033a] = '\xff'
mem[0x807033b] = '\xff'
mem[0x8070337] = 'f'
cpu.EIP = 0x8070337
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x0)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8070338, 8)== ord('i'))
condition = Operators.AND(condition, cpu.read_int(0x8070339, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0x807033a, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0x807033b, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0x8070337, 8)== ord('f'))
condition = Operators.AND(condition, cpu.EIP == 0x807033c)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.CX == 0x0)
condition = Operators.AND(condition, cpu.EDX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_IMUL_10_symbolic(self):
''' Instruction IMUL_10
Groups:
0xf7ff16bf: imul edi, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem[0xf7ff16c0] = '\xaf'
mem[0xf7ff16c1] = '\xf9'
mem[0xf7ff16bf] = '\x0f'
cpu.EIP = 0xf7ff16bf
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x3)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x13)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x2)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x10)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff16c0, 8)== ord('\xaf'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff16c1, 8)== ord('\xf9'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff16bf, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff16c2)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.EDI == 0x30)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x13)
condition = Operators.AND(condition, cpu.EDX == 0x2)
condition = Operators.AND(condition, cpu.ECX == 0x10)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_IMUL_11_symbolic(self):
''' Instruction IMUL_11
Groups:
0x807037d: imul ecx, edx, 0x7fffffff
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x8070380] = '\xff'
mem[0x8070381] = '\xff'
mem[0x8070382] = '\x7f'
mem[0x807037d] = 'i'
mem[0x807037e] = '\xca'
mem[0x807037f] = '\xff'
cpu.EIP = 0x807037d
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8070380, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0x8070381, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0x8070382, 8)== ord('\x7f'))
condition = Operators.AND(condition, cpu.read_int(0x807037d, 8)== ord('i'))
condition = Operators.AND(condition, cpu.read_int(0x807037e, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.read_int(0x807037f, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0x8070383)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_IMUL_12_symbolic(self):
''' Instruction IMUL_12
Groups:
0xf7fe6597: imul edx, edi, 0x4c
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe6598] = '\xd7'
mem[0xf7fe6599] = 'L'
mem[0xf7fe6597] = 'k'
cpu.EIP = 0xf7fe6597
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x0)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7ffd51c)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe6598, 8)== ord('\xd7'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe6599, 8)== ord('L'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe6597, 8)== ord('k'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe659a)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.EDI == 0x0)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0xf7ffd51c)
condition = Operators.AND(condition, cpu.EDX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_IMUL_13_symbolic(self):
''' Instruction IMUL_13
Groups:
0x8070359: imul cx, dx, 0x8000
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x8070359] = 'f'
mem[0x807035a] = 'i'
mem[0x807035b] = '\xca'
mem[0x807035c] = '\x00'
mem[0x807035d] = '\x80'
cpu.EIP = 0x8070359
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x0)
cpu.DX = cs.new_bitvec(16)
cs.add(cpu.DX == 0x0)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8070359, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x807035a, 8)== ord('i'))
condition = Operators.AND(condition, cpu.read_int(0x807035b, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.read_int(0x807035c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x807035d, 8)== ord('\x80'))
condition = Operators.AND(condition, cpu.EIP == 0x807035e)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.CX == 0x0)
condition = Operators.AND(condition, cpu.DX == 0x0)
condition = Operators.AND(condition, cpu.EDX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_IMUL_14_symbolic(self):
''' Instruction IMUL_14
Groups:
0x8070368: imul cx, word ptr [ebp], 0x8000
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x85)
mem[addr] = value
mem[0x8070368] = 'f'
mem[0x8070369] = 'i'
mem[0x807036a] = 'M'
mem[0x807036b] = '\x00'
mem[0x807036c] = '\x00'
mem[0x807036d] = '\x80'
cpu.EIP = 0x8070368
cpu.OF = cs.new_bool()
cs.add(cpu.OF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0xa00)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x85'))
condition = Operators.AND(condition, cpu.read_int(0x8070368, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8070369, 8)== ord('i'))
condition = Operators.AND(condition, cpu.read_int(0x807036a, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x807036b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x807036c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x807036d, 8)== ord('\x80'))
condition = Operators.AND(condition, cpu.EIP == 0x807036e)
condition = Operators.AND(condition, cpu.OF == True)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.CX == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.EDX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_IMUL_15_symbolic(self):
''' Instruction IMUL_15
Groups:
0x8070320: imul cx, dx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x8070320] = 'f'
mem[0x8070321] = '\x0f'
mem[0x8070322] = '\xaf'
mem[0x8070323] = '\xca'
cpu.EIP = 0x8070320
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x8500)
cpu.DX = cs.new_bitvec(16)
cs.add(cpu.DX == 0x0)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8070320, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8070321, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8070322, 8)== ord('\xaf'))
condition = Operators.AND(condition, cpu.read_int(0x8070323, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0x8070324)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.CX == 0x0)
condition = Operators.AND(condition, cpu.DX == 0x0)
condition = Operators.AND(condition, cpu.EDX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_IMUL_16_symbolic(self):
''' Instruction IMUL_16
Groups:
0xf7fe1dc2: imul eax, dword ptr [ebp + 0x20], 0x4c
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe1000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe1dc2] = 'k'
mem[0xf7fe1dc3] = 'E'
mem[0xf7fe1dc4] = ' '
mem[0xf7fe1dc5] = 'L'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd0a8)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd0a9)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd0aa)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd0ab)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0xf7fe1dc2
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7ffd040)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd088)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x3)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe1dc2, 8)== ord('k'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe1dc3, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe1dc4, 8)== ord(' '))
condition = Operators.AND(condition, cpu.read_int(0xf7fe1dc5, 8)== ord('L'))
condition = Operators.AND(condition, cpu.read_int(0xffffd0a8, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd0a9, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd0aa, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd0ab, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe1dc6)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffd088)
condition = Operators.AND(condition, cpu.EDX == 0x3)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_IMUL_17_symbolic(self):
''' Instruction IMUL_17
Groups:
0x807032d: imul cx, cx, 0xff
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x8070330] = '\xff'
mem[0x8070331] = '\x00'
mem[0x807032d] = 'f'
mem[0x807032e] = 'i'
mem[0x807032f] = '\xc9'
cpu.EIP = 0x807032d
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x0)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8070330, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0x8070331, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x807032d, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x807032e, 8)== ord('i'))
condition = Operators.AND(condition, cpu.read_int(0x807032f, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.EIP == 0x8070332)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.CX == 0x0)
condition = Operators.AND(condition, cpu.EDX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_IMUL_18_symbolic(self):
''' Instruction IMUL_18
Groups:
0x8070316: imul word ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x85)
mem[addr] = value
mem[0x8070316] = 'f'
mem[0x8070317] = '\xf7'
mem[0x8070318] = 'm'
mem[0x8070319] = '\x00'
cpu.EIP = 0x8070316
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x7b000000)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xfffffe1e)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x85'))
condition = Operators.AND(condition, cpu.read_int(0x8070316, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8070317, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0x8070318, 8)== ord('m'))
condition = Operators.AND(condition, cpu.read_int(0x8070319, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x807031a)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x7b000000)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.EDX == 0xffff0000)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_IMUL_19_symbolic(self):
''' Instruction IMUL_19
Groups:
0x807030c: imul cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x807030c] = '\xf6'
mem[0x807030d] = '\xe9'
cpu.EIP = 0x807030c
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x0)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xffff0000)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xffffffff)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807030c, 8)== ord('\xf6'))
condition = Operators.AND(condition, cpu.read_int(0x807030d, 8)== ord('\xe9'))
condition = Operators.AND(condition, cpu.EIP == 0x807030e)
condition = Operators.AND(condition, cpu.CL == 0x0)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0xffff0000)
condition = Operators.AND(condition, cpu.EDX == 0xffffffff)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_IMUL_2_symbolic(self):
''' Instruction IMUL_2
Groups:
0x807030e: imul cx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x8070310] = '\xe9'
mem[0x807030e] = 'f'
mem[0x807030f] = '\xf7'
cpu.EIP = 0x807030e
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xffff0000)
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x8500)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xffffffff)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8070310, 8)== ord('\xe9'))
condition = Operators.AND(condition, cpu.read_int(0x807030e, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x807030f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0x8070311)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0xffff0000)
condition = Operators.AND(condition, cpu.CX == 0x8500)
condition = Operators.AND(condition, cpu.EDX == 0xffff0000)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_IMUL_20_symbolic(self):
''' Instruction IMUL_20
Groups:
0x8070313: imul byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8070313] = '\xf6'
mem[0x8070314] = 'm'
mem[0x8070315] = '\x00'
cpu.EIP = 0x8070313
cpu.OF = cs.new_bool()
cs.add(cpu.OF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x7b000000)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xfffffe1e)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8070313, 8)== ord('\xf6'))
condition = Operators.AND(condition, cpu.read_int(0x8070314, 8)== ord('m'))
condition = Operators.AND(condition, cpu.read_int(0x8070315, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8070316)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x7b000000)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.EDX == 0xfffffe1e)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_IMUL_21_symbolic(self):
''' Instruction IMUL_21
Groups:
0xf7fed3c3: imul eax, edi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fed000, 0x1000, 'rwx')
mem[0xf7fed3c3] = '\x0f'
mem[0xf7fed3c4] = '\xaf'
mem[0xf7fed3c5] = '\xc7'
cpu.EIP = 0xf7fed3c3
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x40)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x1c)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xb)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fed3c3, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed3c4, 8)== ord('\xaf'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed3c5, 8)== ord('\xc7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fed3c6)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.EDI == 0x40)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x700)
condition = Operators.AND(condition, cpu.EDX == 0xb)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_IMUL_3_symbolic(self):
''' Instruction IMUL_3
Groups:
0x807031d: imul dword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x85)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0xe1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
mem[0x807031d] = '\xf7'
mem[0x807031e] = 'm'
mem[0x807031f] = '\x00'
cpu.EIP = 0x807031d
cpu.OF = cs.new_bool()
cs.add(cpu.OF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xe75ae7)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x85'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0x807031d, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0x807031e, 8)== ord('m'))
condition = Operators.AND(condition, cpu.read_int(0x807031f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8070320)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.EDX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_IMUL_4_symbolic(self):
''' Instruction IMUL_4
Groups:
0xf7fe6734: imul eax, dword ptr [esp + 0x58], 0x4c
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem.mmap(0xffffc000, 0x1000, 'rwx')
mem[0xf7fe6738] = 'L'
mem[0xf7fe6734] = 'k'
mem[0xf7fe6735] = 'D'
mem[0xf7fe6736] = '$'
mem[0xf7fe6737] = 'X'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffcf88)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffcf89)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffcf8a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffcf8b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0xf7fe6734
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffcf30)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7fdaa10)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe6738, 8)== ord('L'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe6734, 8)== ord('k'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe6735, 8)== ord('D'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe6736, 8)== ord('$'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe6737, 8)== ord('X'))
condition = Operators.AND(condition, cpu.read_int(0xffffcf88, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffcf89, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffcf8a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffcf8b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe6739)
condition = Operators.AND(condition, cpu.ESP == 0xffffcf30)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.EDX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_IMUL_5_symbolic(self):
''' Instruction IMUL_5
Groups:
0xf7fe65c5: imul edx, edi, 0x4c
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe65c5] = 'k'
mem[0xf7fe65c6] = '\xd7'
mem[0xf7fe65c7] = 'L'
cpu.EIP = 0xf7fe65c5
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x0)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7ffdc28)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7ffd040)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe65c5, 8)== ord('k'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe65c6, 8)== ord('\xd7'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe65c7, 8)== ord('L'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe65c8)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.EDI == 0x0)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0xf7ffdc28)
condition = Operators.AND(condition, cpu.EDX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_IMUL_6_symbolic(self):
''' Instruction IMUL_6
Groups:
0xf7fe6597: imul edx, edi, 0x4c
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe6598] = '\xd7'
mem[0xf7fe6599] = 'L'
mem[0xf7fe6597] = 'k'
cpu.EIP = 0xf7fe6597
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x0)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7ffd51c)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe6598, 8)== ord('\xd7'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe6599, 8)== ord('L'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe6597, 8)== ord('k'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe659a)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.EDI == 0x0)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0xf7ffd51c)
condition = Operators.AND(condition, cpu.EDX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_IMUL_7_symbolic(self):
''' Instruction IMUL_7
Groups:
0xf7eaa033: imul edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa033] = '\xf7'
mem[0xf7eaa034] = '\xea'
cpu.EIP = 0xf7eaa033
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x55555556)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x3)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7eaa033, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa034, 8)== ord('\xea'))
condition = Operators.AND(condition, cpu.EIP == 0xf7eaa035)
condition = Operators.AND(condition, cpu.EDX == 0x1)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.OF == True)
condition = Operators.AND(condition, cpu.EAX == 0x2)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_IMUL_8_symbolic(self):
''' Instruction IMUL_8
Groups:
0xf7ff16bf: imul edi, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem[0xf7ff16c0] = '\xaf'
mem[0xf7ff16c1] = '\xf9'
mem[0xf7ff16bf] = '\x0f'
cpu.EIP = 0xf7ff16bf
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x2ed)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x2ed)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x100)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x1)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff16c0, 8)== ord('\xaf'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff16c1, 8)== ord('\xf9'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff16bf, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff16c2)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.EDI == 0x2ed)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x2ed)
condition = Operators.AND(condition, cpu.EDX == 0x100)
condition = Operators.AND(condition, cpu.ECX == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_IMUL_9_symbolic(self):
''' Instruction IMUL_9
Groups:
0x8070343: imul ecx, ecx, 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x8070343] = 'k'
mem[0x8070344] = '\xc9'
mem[0x8070345] = '\x04'
cpu.EIP = 0x8070343
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8070343, 8)== ord('k'))
condition = Operators.AND(condition, cpu.read_int(0x8070344, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0x8070345, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.EIP == 0x8070346)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_INC_1_symbolic(self):
''' Instruction INC_1
Groups: not64bitmode
0x80798f6: inc esi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x80798f6] = 'F'
cpu.EIP = 0x80798f6
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0x9)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80798f6, 8)== ord('F'))
condition = Operators.AND(condition, cpu.EIP == 0x80798f7)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ESI == 0xa)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_INC_10_symbolic(self):
''' Instruction INC_10
Groups: not64bitmode
0xf7ff3e6e: inc ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6e] = 'A'
cpu.EIP = 0xf7ff3e6e
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf7fdc639)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e6e, 8)== ord('A'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e6f)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == True)
condition = Operators.AND(condition, cpu.ECX == 0xf7fdc63a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_INC_11_symbolic(self):
''' Instruction INC_11
Groups: not64bitmode
0xf7ff3e6f: inc edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6f] = 'B'
cpu.EIP = 0xf7ff3e6f
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7e280a2)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e6f, 8)== ord('B'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e70)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EDX == 0xf7e280a3)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_INC_12_symbolic(self):
''' Instruction INC_12
Groups: not64bitmode
0xf7ff3e6e: inc ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6e] = 'A'
cpu.EIP = 0xf7ff3e6e
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf7e2806a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e6e, 8)== ord('A'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e6f)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == True)
condition = Operators.AND(condition, cpu.ECX == 0xf7e2806b)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_INC_13_symbolic(self):
''' Instruction INC_13
Groups: not64bitmode
0xf7ff3e6e: inc ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6e] = 'A'
cpu.EIP = 0xf7ff3e6e
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf7e2806a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e6e, 8)== ord('A'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e6f)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == True)
condition = Operators.AND(condition, cpu.ECX == 0xf7e2806b)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_INC_14_symbolic(self):
''' Instruction INC_14
Groups: not64bitmode
0xf7ff3e6e: inc ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6e] = 'A'
cpu.EIP = 0xf7ff3e6e
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf7e2809f)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e6e, 8)== ord('A'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e6f)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == True)
condition = Operators.AND(condition, cpu.ECX == 0xf7e280a0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_INC_15_symbolic(self):
''' Instruction INC_15
Groups: not64bitmode
0x807b66d: inc edi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b66d] = 'G'
cpu.EIP = 0x807b66d
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xd)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b66d, 8)== ord('G'))
condition = Operators.AND(condition, cpu.EIP == 0x807b66e)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.EDI == 0xe)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_INC_16_symbolic(self):
''' Instruction INC_16
Groups: not64bitmode
0xf7e901c4: inc edi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e90000, 0x1000, 'rwx')
mem[0xf7e901c4] = 'G'
cpu.EIP = 0xf7e901c4
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xffffffff)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e901c4, 8)== ord('G'))
condition = Operators.AND(condition, cpu.EIP == 0xf7e901c5)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.EDI == 0x0)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_INC_17_symbolic(self):
''' Instruction INC_17
Groups: not64bitmode
0xf7ff3e6e: inc ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6e] = 'A'
cpu.EIP = 0xf7ff3e6e
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x80481f3)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e6e, 8)== ord('A'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e6f)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ECX == 0x80481f4)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_INC_18_symbolic(self):
''' Instruction INC_18
Groups: not64bitmode
0x807adab: inc esi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807adab] = 'F'
cpu.EIP = 0x807adab
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807adab, 8)== ord('F'))
condition = Operators.AND(condition, cpu.EIP == 0x807adac)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ESI == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_INC_19_symbolic(self):
''' Instruction INC_19
Groups: not64bitmode
0xf7ff3e6e: inc ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6e] = 'A'
cpu.EIP = 0xf7ff3e6e
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf7e2806e)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e6e, 8)== ord('A'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e6f)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == True)
condition = Operators.AND(condition, cpu.ECX == 0xf7e2806f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_INC_2_symbolic(self):
''' Instruction INC_2
Groups: not64bitmode
0xf7ff3e6e: inc ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6e] = 'A'
cpu.EIP = 0xf7ff3e6e
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf7e28054)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e6e, 8)== ord('A'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e6f)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == True)
condition = Operators.AND(condition, cpu.ECX == 0xf7e28055)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_INC_20_symbolic(self):
''' Instruction INC_20
Groups: not64bitmode
0x807a42d: inc esi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a42d] = 'F'
cpu.EIP = 0x807a42d
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a42d, 8)== ord('F'))
condition = Operators.AND(condition, cpu.EIP == 0x807a42e)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ESI == 0x10)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_INC_21_symbolic(self):
''' Instruction INC_21
Groups: not64bitmode
0x8079cb3: inc esi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079cb3] = 'F'
cpu.EIP = 0x8079cb3
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0x10)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079cb3, 8)== ord('F'))
condition = Operators.AND(condition, cpu.EIP == 0x8079cb4)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ESI == 0x11)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_INC_3_symbolic(self):
''' Instruction INC_3
Groups: not64bitmode
0xf7ff3e6e: inc ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6e] = 'A'
cpu.EIP = 0xf7ff3e6e
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf7e28065)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e6e, 8)== ord('A'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e6f)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == True)
condition = Operators.AND(condition, cpu.ECX == 0xf7e28066)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_INC_4_symbolic(self):
''' Instruction INC_4
Groups: not64bitmode
0x8079f01: inc edi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079f01] = 'G'
cpu.EIP = 0x8079f01
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x7)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079f01, 8)== ord('G'))
condition = Operators.AND(condition, cpu.EIP == 0x8079f02)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.EDI == 0x8)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_INC_5_symbolic(self):
''' Instruction INC_5
Groups: not64bitmode
0xf7ff3e6e: inc ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6e] = 'A'
cpu.EIP = 0xf7ff3e6e
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf7e28050)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e6e, 8)== ord('A'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e6f)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == True)
condition = Operators.AND(condition, cpu.ECX == 0xf7e28051)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_INC_6_symbolic(self):
''' Instruction INC_6
Groups: not64bitmode
0xf7ff3e6f: inc edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6f] = 'B'
cpu.EIP = 0xf7ff3e6f
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7e28067)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e6f, 8)== ord('B'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e70)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.EDX == 0xf7e28068)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_INC_7_symbolic(self):
''' Instruction INC_7
Groups: not64bitmode
0xf7ff3e6f: inc edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6f] = 'B'
cpu.EIP = 0xf7ff3e6f
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7fdc613)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e6f, 8)== ord('B'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e70)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EDX == 0xf7fdc614)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_INC_8_symbolic(self):
''' Instruction INC_8
Groups: not64bitmode
0xf7ff3e6e: inc ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6e] = 'A'
cpu.EIP = 0xf7ff3e6e
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf7e28062)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e6e, 8)== ord('A'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e6f)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == True)
condition = Operators.AND(condition, cpu.ECX == 0xf7e28063)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_INC_9_symbolic(self):
''' Instruction INC_9
Groups: not64bitmode
0xf7ff3e6f: inc edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6f] = 'B'
cpu.EIP = 0xf7ff3e6f
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7e27290)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e6f, 8)== ord('B'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e70)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.EDX == 0xf7e27291)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JAE_1_symbolic(self):
''' Instruction JAE_1
Groups: jump
0xf7fddb2d: jae 0xf7fddbb3
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fdd000, 0x1000, 'rwx')
mem[0xf7fddb2d] = '\x0f'
mem[0xf7fddb2e] = '\x83'
mem[0xf7fddb2f] = '\x80'
mem[0xf7fddb30] = '\x00'
mem[0xf7fddb31] = '\x00'
mem[0xf7fddb32] = '\x00'
cpu.EIP = 0xf7fddb2d
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fddb2d, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fddb2e, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7fddb2f, 8)== ord('\x80'))
condition = Operators.AND(condition, cpu.read_int(0xf7fddb30, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fddb31, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fddb32, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fddb33)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JAE_10_symbolic(self):
''' Instruction JAE_10
Groups: jump
0xf7fe4cc3: jae 0xf7fe4d78
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc3] = '\x0f'
mem[0xf7fe4cc4] = '\x83'
mem[0xf7fe4cc5] = '\xaf'
mem[0xf7fe4cc6] = '\x00'
mem[0xf7fe4cc7] = '\x00'
mem[0xf7fe4cc8] = '\x00'
cpu.EIP = 0xf7fe4cc3
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc3, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc4, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc5, 8)== ord('\xaf'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc7, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc8, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4cc9)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JAE_11_symbolic(self):
''' Instruction JAE_11
Groups: jump
0xf7fe4cc3: jae 0xf7fe4d78
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc3] = '\x0f'
mem[0xf7fe4cc4] = '\x83'
mem[0xf7fe4cc5] = '\xaf'
mem[0xf7fe4cc6] = '\x00'
mem[0xf7fe4cc7] = '\x00'
mem[0xf7fe4cc8] = '\x00'
cpu.EIP = 0xf7fe4cc3
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc3, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc4, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc5, 8)== ord('\xaf'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc7, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc8, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4cc9)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JAE_12_symbolic(self):
''' Instruction JAE_12
Groups: jump
0xf7fddb2d: jae 0xf7fddbb3
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fdd000, 0x1000, 'rwx')
mem[0xf7fddb2d] = '\x0f'
mem[0xf7fddb2e] = '\x83'
mem[0xf7fddb2f] = '\x80'
mem[0xf7fddb30] = '\x00'
mem[0xf7fddb31] = '\x00'
mem[0xf7fddb32] = '\x00'
cpu.EIP = 0xf7fddb2d
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fddb2d, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fddb2e, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7fddb2f, 8)== ord('\x80'))
condition = Operators.AND(condition, cpu.read_int(0xf7fddb30, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fddb31, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fddb32, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fddb33)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JAE_13_symbolic(self):
''' Instruction JAE_13
Groups: jump
0xf7fe4cc3: jae 0xf7fe4d78
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc3] = '\x0f'
mem[0xf7fe4cc4] = '\x83'
mem[0xf7fe4cc5] = '\xaf'
mem[0xf7fe4cc6] = '\x00'
mem[0xf7fe4cc7] = '\x00'
mem[0xf7fe4cc8] = '\x00'
cpu.EIP = 0xf7fe4cc3
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc3, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc4, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc5, 8)== ord('\xaf'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc7, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc8, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4cc9)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JAE_14_symbolic(self):
''' Instruction JAE_14
Groups: jump
0xf7fe4cc3: jae 0xf7fe4d78
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc3] = '\x0f'
mem[0xf7fe4cc4] = '\x83'
mem[0xf7fe4cc5] = '\xaf'
mem[0xf7fe4cc6] = '\x00'
mem[0xf7fe4cc7] = '\x00'
mem[0xf7fe4cc8] = '\x00'
cpu.EIP = 0xf7fe4cc3
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc3, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc4, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc5, 8)== ord('\xaf'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc7, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc8, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4cc9)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JAE_15_symbolic(self):
''' Instruction JAE_15
Groups: jump
0x807ab94: jae 0x807ab99
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807ab94] = 's'
mem[0x807ab95] = '\x03'
cpu.EIP = 0x807ab94
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807ab94, 8)== ord('s'))
condition = Operators.AND(condition, cpu.read_int(0x807ab95, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807ab96)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JAE_16_symbolic(self):
''' Instruction JAE_16
Groups: jump
0xf7fe1fcd: jae 0xf7fe21e8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe1000, 0x1000, 'rwx')
mem[0xf7fe1fcd] = '\x0f'
mem[0xf7fe1fce] = '\x83'
mem[0xf7fe1fcf] = '\x15'
mem[0xf7fe1fd0] = '\x02'
mem[0xf7fe1fd1] = '\x00'
mem[0xf7fe1fd2] = '\x00'
cpu.EIP = 0xf7fe1fcd
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe1fcd, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe1fce, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe1fcf, 8)== ord('\x15'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe1fd0, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe1fd1, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe1fd2, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe1fd3)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JAE_17_symbolic(self):
''' Instruction JAE_17
Groups: jump
0xf7e9019c: jae 0xf7e9027c
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e90000, 0x1000, 'rwx')
mem[0xf7e901a0] = '\x00'
mem[0xf7e901a1] = '\x00'
mem[0xf7e9019c] = '\x0f'
mem[0xf7e9019d] = '\x83'
mem[0xf7e9019e] = '\xda'
mem[0xf7e9019f] = '\x00'
cpu.EIP = 0xf7e9019c
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e901a0, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e901a1, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e9019c, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7e9019d, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7e9019e, 8)== ord('\xda'))
condition = Operators.AND(condition, cpu.read_int(0xf7e9019f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7e901a2)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JAE_18_symbolic(self):
''' Instruction JAE_18
Groups: jump
0xf7ff4648: jae 0xf7ff464b
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4648] = 's'
mem[0xf7ff4649] = '\x01'
cpu.EIP = 0xf7ff4648
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff4648, 8)== ord('s'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff4649, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff464a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JAE_19_symbolic(self):
''' Instruction JAE_19
Groups: jump
0xf7eaa0c6: jae 0xf7eaa0e4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa0c6] = 's'
mem[0xf7eaa0c7] = '\x1c'
cpu.EIP = 0xf7eaa0c6
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7eaa0c6, 8)== ord('s'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa0c7, 8)== ord('\x1c'))
condition = Operators.AND(condition, cpu.EIP == 0xf7eaa0c8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JAE_2_symbolic(self):
''' Instruction JAE_2
Groups: jump
0xf7eaa0c6: jae 0xf7eaa0e4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa0c6] = 's'
mem[0xf7eaa0c7] = '\x1c'
cpu.EIP = 0xf7eaa0c6
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7eaa0c6, 8)== ord('s'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa0c7, 8)== ord('\x1c'))
condition = Operators.AND(condition, cpu.EIP == 0xf7eaa0c8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JAE_20_symbolic(self):
''' Instruction JAE_20
Groups: jump
0xf7eaa0c6: jae 0xf7eaa0e4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa0c6] = 's'
mem[0xf7eaa0c7] = '\x1c'
cpu.EIP = 0xf7eaa0c6
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7eaa0c6, 8)== ord('s'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa0c7, 8)== ord('\x1c'))
condition = Operators.AND(condition, cpu.EIP == 0xf7eaa0c8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JAE_21_symbolic(self):
''' Instruction JAE_21
Groups: jump
0xf7ff3d5f: jae 0xf7ff3e32
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3d60] = '\x83'
mem[0xf7ff3d61] = '\xcd'
mem[0xf7ff3d62] = '\x00'
mem[0xf7ff3d63] = '\x00'
mem[0xf7ff3d64] = '\x00'
mem[0xf7ff3d5f] = '\x0f'
cpu.EIP = 0xf7ff3d5f
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3d60, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3d61, 8)== ord('\xcd'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3d62, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3d63, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3d64, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3d5f, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3d65)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JAE_3_symbolic(self):
''' Instruction JAE_3
Groups: jump
0x807b4c9: jae 0x807b4ce
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b4c9] = 's'
mem[0x807b4ca] = '\x03'
cpu.EIP = 0x807b4c9
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b4c9, 8)== ord('s'))
condition = Operators.AND(condition, cpu.read_int(0x807b4ca, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b4ce)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JAE_4_symbolic(self):
''' Instruction JAE_4
Groups: jump
0xf7ff15a0: jae 0xf7ff15aa
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem[0xf7ff15a0] = 's'
mem[0xf7ff15a1] = '\x08'
cpu.EIP = 0xf7ff15a0
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff15a0, 8)== ord('s'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff15a1, 8)== ord('\x08'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff15a2)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JAE_5_symbolic(self):
''' Instruction JAE_5
Groups: jump
0xf7fe4cc3: jae 0xf7fe4d78
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cc3] = '\x0f'
mem[0xf7fe4cc4] = '\x83'
mem[0xf7fe4cc5] = '\xaf'
mem[0xf7fe4cc6] = '\x00'
mem[0xf7fe4cc7] = '\x00'
mem[0xf7fe4cc8] = '\x00'
cpu.EIP = 0xf7fe4cc3
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc3, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc4, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc5, 8)== ord('\xaf'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc7, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cc8, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4cc9)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JAE_6_symbolic(self):
''' Instruction JAE_6
Groups: jump
0x807abb8: jae 0x807abbd
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807abb8] = 's'
mem[0x807abb9] = '\x03'
cpu.EIP = 0x807abb8
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807abb8, 8)== ord('s'))
condition = Operators.AND(condition, cpu.read_int(0x807abb9, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807abba)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JAE_7_symbolic(self):
''' Instruction JAE_7
Groups: jump
0x807a4b3: jae 0x807a4b8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a4b3] = 's'
mem[0x807a4b4] = '\x03'
cpu.EIP = 0x807a4b3
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a4b3, 8)== ord('s'))
condition = Operators.AND(condition, cpu.read_int(0x807a4b4, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807a4b8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JAE_8_symbolic(self):
''' Instruction JAE_8
Groups: jump
0xf7ff4543: jae 0xf7ff4546
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4543] = 's'
mem[0xf7ff4544] = '\x01'
cpu.EIP = 0xf7ff4543
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff4543, 8)== ord('s'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff4544, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4545)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JAE_9_symbolic(self):
''' Instruction JAE_9
Groups: jump
0xf7e901d1: jae 0xf7e90279
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e90000, 0x1000, 'rwx')
mem[0xf7e901d1] = '\x0f'
mem[0xf7e901d2] = '\x83'
mem[0xf7e901d3] = '\xa2'
mem[0xf7e901d4] = '\x00'
mem[0xf7e901d5] = '\x00'
mem[0xf7e901d6] = '\x00'
cpu.EIP = 0xf7e901d1
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e901d1, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7e901d2, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7e901d3, 8)== ord('\xa2'))
condition = Operators.AND(condition, cpu.read_int(0xf7e901d4, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e901d5, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e901d6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7e901d7)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JA_1_symbolic(self):
''' Instruction JA_1
Groups: jump
0xf7ff062a: ja 0xf7ff06a8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff062a] = 'w'
mem[0xf7ff062b] = '|'
cpu.EIP = 0xf7ff062a
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff062a, 8)== ord('w'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff062b, 8)== ord('|'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff06a8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JA_10_symbolic(self):
''' Instruction JA_10
Groups: jump
0xf7fe4f87: ja 0xf7fe4e88
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f87] = '\x0f'
mem[0xf7fe4f88] = '\x87'
mem[0xf7fe4f89] = '\xfb'
mem[0xf7fe4f8a] = '\xfe'
mem[0xf7fe4f8b] = '\xff'
mem[0xf7fe4f8c] = '\xff'
cpu.EIP = 0xf7fe4f87
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f87, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f88, 8)== ord('\x87'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f89, 8)== ord('\xfb'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f8a, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f8b, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f8c, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4e88)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JA_11_symbolic(self):
''' Instruction JA_11
Groups: jump
0xf7fe71bd: ja 0xf7fe71a8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bd] = 'w'
mem[0xf7fe71be] = '\xe9'
cpu.EIP = 0xf7fe71bd
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe71bd, 8)== ord('w'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71be, 8)== ord('\xe9'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71a8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JA_12_symbolic(self):
''' Instruction JA_12
Groups: jump
0xf7fe71bd: ja 0xf7fe71a8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bd] = 'w'
mem[0xf7fe71be] = '\xe9'
cpu.EIP = 0xf7fe71bd
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe71bd, 8)== ord('w'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71be, 8)== ord('\xe9'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71a8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JA_13_symbolic(self):
''' Instruction JA_13
Groups: jump
0xf7fe735a: ja 0xf7fe71f0
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe735a] = '\x0f'
mem[0xf7fe735b] = '\x87'
mem[0xf7fe735c] = '\x90'
mem[0xf7fe735d] = '\xfe'
mem[0xf7fe735e] = '\xff'
mem[0xf7fe735f] = '\xff'
cpu.EIP = 0xf7fe735a
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe735a, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe735b, 8)== ord('\x87'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe735c, 8)== ord('\x90'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe735d, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe735e, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe735f, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71f0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JA_14_symbolic(self):
''' Instruction JA_14
Groups: jump
0xf7fe71bd: ja 0xf7fe71a8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bd] = 'w'
mem[0xf7fe71be] = '\xe9'
cpu.EIP = 0xf7fe71bd
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe71bd, 8)== ord('w'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71be, 8)== ord('\xe9'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71a8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JA_15_symbolic(self):
''' Instruction JA_15
Groups: jump
0xf7fe71bd: ja 0xf7fe71a8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bd] = 'w'
mem[0xf7fe71be] = '\xe9'
cpu.EIP = 0xf7fe71bd
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe71bd, 8)== ord('w'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71be, 8)== ord('\xe9'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71a8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JA_16_symbolic(self):
''' Instruction JA_16
Groups: jump
0xf7fe4f87: ja 0xf7fe4e88
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f87] = '\x0f'
mem[0xf7fe4f88] = '\x87'
mem[0xf7fe4f89] = '\xfb'
mem[0xf7fe4f8a] = '\xfe'
mem[0xf7fe4f8b] = '\xff'
mem[0xf7fe4f8c] = '\xff'
cpu.EIP = 0xf7fe4f87
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f87, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f88, 8)== ord('\x87'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f89, 8)== ord('\xfb'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f8a, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f8b, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f8c, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4e88)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JA_17_symbolic(self):
''' Instruction JA_17
Groups: jump
0xf7fe71bd: ja 0xf7fe71a8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bd] = 'w'
mem[0xf7fe71be] = '\xe9'
cpu.EIP = 0xf7fe71bd
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe71bd, 8)== ord('w'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71be, 8)== ord('\xe9'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71a8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JA_18_symbolic(self):
''' Instruction JA_18
Groups: jump
0xf7fe71bd: ja 0xf7fe71a8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bd] = 'w'
mem[0xf7fe71be] = '\xe9'
cpu.EIP = 0xf7fe71bd
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe71bd, 8)== ord('w'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71be, 8)== ord('\xe9'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71a8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JA_19_symbolic(self):
''' Instruction JA_19
Groups: jump
0xf7fe71bd: ja 0xf7fe71a8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bd] = 'w'
mem[0xf7fe71be] = '\xe9'
cpu.EIP = 0xf7fe71bd
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe71bd, 8)== ord('w'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71be, 8)== ord('\xe9'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71a8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JA_2_symbolic(self):
''' Instruction JA_2
Groups: jump
0xf7fe71bd: ja 0xf7fe71a8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bd] = 'w'
mem[0xf7fe71be] = '\xe9'
cpu.EIP = 0xf7fe71bd
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe71bd, 8)== ord('w'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71be, 8)== ord('\xe9'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71a8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JA_20_symbolic(self):
''' Instruction JA_20
Groups: jump
0xf7fe732f: ja 0xf7fe74b0
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe732f] = '\x0f'
mem[0xf7fe7330] = '\x87'
mem[0xf7fe7331] = '{'
mem[0xf7fe7332] = '\x01'
mem[0xf7fe7333] = '\x00'
mem[0xf7fe7334] = '\x00'
cpu.EIP = 0xf7fe732f
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe732f, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7330, 8)== ord('\x87'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7331, 8)== ord('{'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7332, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7333, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7334, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7335)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JA_21_symbolic(self):
''' Instruction JA_21
Groups: jump
0xf7fe732f: ja 0xf7fe74b0
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe732f] = '\x0f'
mem[0xf7fe7330] = '\x87'
mem[0xf7fe7331] = '{'
mem[0xf7fe7332] = '\x01'
mem[0xf7fe7333] = '\x00'
mem[0xf7fe7334] = '\x00'
cpu.EIP = 0xf7fe732f
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe732f, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7330, 8)== ord('\x87'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7331, 8)== ord('{'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7332, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7333, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7334, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7335)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JA_3_symbolic(self):
''' Instruction JA_3
Groups: jump
0xf7fe71bd: ja 0xf7fe71a8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bd] = 'w'
mem[0xf7fe71be] = '\xe9'
cpu.EIP = 0xf7fe71bd
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe71bd, 8)== ord('w'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71be, 8)== ord('\xe9'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71a8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JA_4_symbolic(self):
''' Instruction JA_4
Groups: jump
0xf7fe6dd7: ja 0xf7fe6da8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe6dd8] = '\xcf'
mem[0xf7fe6dd7] = 'w'
cpu.EIP = 0xf7fe6dd7
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe6dd8, 8)== ord('\xcf'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe6dd7, 8)== ord('w'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe6dd9)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JA_5_symbolic(self):
''' Instruction JA_5
Groups: jump
0xf7fe71bd: ja 0xf7fe71a8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bd] = 'w'
mem[0xf7fe71be] = '\xe9'
cpu.EIP = 0xf7fe71bd
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe71bd, 8)== ord('w'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71be, 8)== ord('\xe9'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71a8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JA_6_symbolic(self):
''' Instruction JA_6
Groups: jump
0xf7fe71bd: ja 0xf7fe71a8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bd] = 'w'
mem[0xf7fe71be] = '\xe9'
cpu.EIP = 0xf7fe71bd
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe71bd, 8)== ord('w'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71be, 8)== ord('\xe9'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71a8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JA_7_symbolic(self):
''' Instruction JA_7
Groups: jump
0x8079dd2: ja 0x8079dd7
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079dd2] = 'w'
mem[0x8079dd3] = '\x03'
cpu.EIP = 0x8079dd2
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079dd2, 8)== ord('w'))
condition = Operators.AND(condition, cpu.read_int(0x8079dd3, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079dd4)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JA_8_symbolic(self):
''' Instruction JA_8
Groups: jump
0xf7fe71bd: ja 0xf7fe71a8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bd] = 'w'
mem[0xf7fe71be] = '\xe9'
cpu.EIP = 0xf7fe71bd
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe71bd, 8)== ord('w'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71be, 8)== ord('\xe9'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71a8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JA_9_symbolic(self):
''' Instruction JA_9
Groups: jump
0xf7fe71bd: ja 0xf7fe71a8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71bd] = 'w'
mem[0xf7fe71be] = '\xe9'
cpu.EIP = 0xf7fe71bd
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe71bd, 8)== ord('w'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71be, 8)== ord('\xe9'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71a8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JBE_1_symbolic(self):
''' Instruction JBE_1
Groups: jump
0xf7ff0a21: jbe 0xf7ff0cb3
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff0a21] = '\x0f'
mem[0xf7ff0a22] = '\x86'
mem[0xf7ff0a23] = '\x8c'
mem[0xf7ff0a24] = '\x02'
mem[0xf7ff0a25] = '\x00'
mem[0xf7ff0a26] = '\x00'
cpu.EIP = 0xf7ff0a21
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff0a21, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0a22, 8)== ord('\x86'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0a23, 8)== ord('\x8c'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0a24, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0a25, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0a26, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff0a27)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JBE_10_symbolic(self):
''' Instruction JBE_10
Groups: jump
0xf7fddcb8: jbe 0xf7fddca9
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fdd000, 0x1000, 'rwx')
mem[0xf7fddcb8] = 'v'
mem[0xf7fddcb9] = '\xef'
cpu.EIP = 0xf7fddcb8
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fddcb8, 8)== ord('v'))
condition = Operators.AND(condition, cpu.read_int(0xf7fddcb9, 8)== ord('\xef'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fddca9)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JBE_11_symbolic(self):
''' Instruction JBE_11
Groups: jump
0xf7fe07fc: jbe 0xf7fe07e9
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe0000, 0x1000, 'rwx')
mem[0xf7fe07fc] = 'v'
mem[0xf7fe07fd] = '\xeb'
cpu.EIP = 0xf7fe07fc
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe07fc, 8)== ord('v'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe07fd, 8)== ord('\xeb'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe07fe)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JBE_12_symbolic(self):
''' Instruction JBE_12
Groups: jump
0xf7fe26e0: jbe 0xf7fe26b8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe2000, 0x1000, 'rwx')
mem[0xf7fe26e0] = 'v'
mem[0xf7fe26e1] = '\xd6'
cpu.EIP = 0xf7fe26e0
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe26e0, 8)== ord('v'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe26e1, 8)== ord('\xd6'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe26b8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JBE_13_symbolic(self):
''' Instruction JBE_13
Groups: jump
0xf7fddcc1: jbe 0xf7fddca0
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fdd000, 0x1000, 'rwx')
mem[0xf7fddcc1] = 'v'
mem[0xf7fddcc2] = '\xdd'
cpu.EIP = 0xf7fddcc1
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fddcc1, 8)== ord('v'))
condition = Operators.AND(condition, cpu.read_int(0xf7fddcc2, 8)== ord('\xdd'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fddcc3)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JBE_14_symbolic(self):
''' Instruction JBE_14
Groups: jump
0xf7ff067b: jbe 0xf7ff06b1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff067b] = 'v'
mem[0xf7ff067c] = '4'
cpu.EIP = 0xf7ff067b
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff067b, 8)== ord('v'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff067c, 8)== ord('4'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff067d)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JBE_15_symbolic(self):
''' Instruction JBE_15
Groups: jump
0x8079c05: jbe 0x8079c0a
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079c05] = 'v'
mem[0x8079c06] = '\x03'
cpu.EIP = 0x8079c05
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079c05, 8)== ord('v'))
condition = Operators.AND(condition, cpu.read_int(0x8079c06, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079c0a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JBE_16_symbolic(self):
''' Instruction JBE_16
Groups: jump
0xf7ff067b: jbe 0xf7ff06b1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff067b] = 'v'
mem[0xf7ff067c] = '4'
cpu.EIP = 0xf7ff067b
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff067b, 8)== ord('v'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff067c, 8)== ord('4'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff067d)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JBE_17_symbolic(self):
''' Instruction JBE_17
Groups: jump
0xf7fe07fc: jbe 0xf7fe07e9
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe0000, 0x1000, 'rwx')
mem[0xf7fe07fc] = 'v'
mem[0xf7fe07fd] = '\xeb'
cpu.EIP = 0xf7fe07fc
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe07fc, 8)== ord('v'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe07fd, 8)== ord('\xeb'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe07e9)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JBE_18_symbolic(self):
''' Instruction JBE_18
Groups: jump
0x807b67a: jbe 0x807b67f
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b67a] = 'v'
mem[0x807b67b] = '\x03'
cpu.EIP = 0x807b67a
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b67a, 8)== ord('v'))
condition = Operators.AND(condition, cpu.read_int(0x807b67b, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b67f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JBE_19_symbolic(self):
''' Instruction JBE_19
Groups: jump
0x8079b90: jbe 0x8079b95
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079b90] = 'v'
mem[0x8079b91] = '\x03'
cpu.EIP = 0x8079b90
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079b90, 8)== ord('v'))
condition = Operators.AND(condition, cpu.read_int(0x8079b91, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079b95)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JBE_2_symbolic(self):
''' Instruction JBE_2
Groups: jump
0xf7ff067b: jbe 0xf7ff06b1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff067b] = 'v'
mem[0xf7ff067c] = '4'
cpu.EIP = 0xf7ff067b
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff067b, 8)== ord('v'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff067c, 8)== ord('4'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff067d)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JBE_20_symbolic(self):
''' Instruction JBE_20
Groups: jump
0xf7fe7427: jbe 0xf7fe7fe5
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7427] = '\x0f'
mem[0xf7fe7428] = '\x86'
mem[0xf7fe7429] = '\xb8'
mem[0xf7fe742a] = '\x0b'
mem[0xf7fe742b] = '\x00'
mem[0xf7fe742c] = '\x00'
cpu.EIP = 0xf7fe7427
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7427, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7428, 8)== ord('\x86'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7429, 8)== ord('\xb8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe742a, 8)== ord('\x0b'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe742b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe742c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe742d)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JBE_21_symbolic(self):
''' Instruction JBE_21
Groups: jump
0xf7fddf42: jbe 0xf7fddf30
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fdd000, 0x1000, 'rwx')
mem[0xf7fddf42] = 'v'
mem[0xf7fddf43] = '\xec'
cpu.EIP = 0xf7fddf42
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fddf42, 8)== ord('v'))
condition = Operators.AND(condition, cpu.read_int(0xf7fddf43, 8)== ord('\xec'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fddf44)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JBE_3_symbolic(self):
''' Instruction JBE_3
Groups: jump
0xf7fddcb8: jbe 0xf7fddca9
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fdd000, 0x1000, 'rwx')
mem[0xf7fddcb8] = 'v'
mem[0xf7fddcb9] = '\xef'
cpu.EIP = 0xf7fddcb8
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fddcb8, 8)== ord('v'))
condition = Operators.AND(condition, cpu.read_int(0xf7fddcb9, 8)== ord('\xef'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fddca9)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JBE_4_symbolic(self):
''' Instruction JBE_4
Groups: jump
0xf7fe080f: jbe 0xf7fe0a08
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe0000, 0x1000, 'rwx')
mem[0xf7fe080f] = '\x0f'
mem[0xf7fe0810] = '\x86'
mem[0xf7fe0811] = '\xf3'
mem[0xf7fe0812] = '\x01'
mem[0xf7fe0813] = '\x00'
mem[0xf7fe0814] = '\x00'
cpu.EIP = 0xf7fe080f
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe080f, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe0810, 8)== ord('\x86'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe0811, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe0812, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe0813, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe0814, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe0a08)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JBE_5_symbolic(self):
''' Instruction JBE_5
Groups: jump
0xf7fddb3e: jbe 0xf7fddb0c
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fdd000, 0x1000, 'rwx')
mem[0xf7fddb3e] = 'v'
mem[0xf7fddb3f] = '\xcc'
cpu.EIP = 0xf7fddb3e
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fddb3e, 8)== ord('v'))
condition = Operators.AND(condition, cpu.read_int(0xf7fddb3f, 8)== ord('\xcc'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fddb40)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JBE_6_symbolic(self):
''' Instruction JBE_6
Groups: jump
0xf7fe71dc: jbe 0xf7fe6dd9
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71e0] = '\xff'
mem[0xf7fe71e1] = '\xff'
mem[0xf7fe71dc] = '\x0f'
mem[0xf7fe71dd] = '\x86'
mem[0xf7fe71de] = '\xf7'
mem[0xf7fe71df] = '\xfb'
cpu.EIP = 0xf7fe71dc
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe71e0, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71e1, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71dc, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71dd, 8)== ord('\x86'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71de, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71df, 8)== ord('\xfb'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71e2)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JBE_7_symbolic(self):
''' Instruction JBE_7
Groups: jump
0xf7fe26e0: jbe 0xf7fe26b8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe2000, 0x1000, 'rwx')
mem[0xf7fe26e0] = 'v'
mem[0xf7fe26e1] = '\xd6'
cpu.EIP = 0xf7fe26e0
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe26e0, 8)== ord('v'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe26e1, 8)== ord('\xd6'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe26b8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JBE_8_symbolic(self):
''' Instruction JBE_8
Groups: jump
0xf7fe26d4: jbe 0xf7fe26c1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe2000, 0x1000, 'rwx')
mem[0xf7fe26d4] = 'v'
mem[0xf7fe26d5] = '\xeb'
cpu.EIP = 0xf7fe26d4
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe26d4, 8)== ord('v'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe26d5, 8)== ord('\xeb'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe26c1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JBE_9_symbolic(self):
''' Instruction JBE_9
Groups: jump
0xf7ff067b: jbe 0xf7ff06b1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff067b] = 'v'
mem[0xf7ff067c] = '4'
cpu.EIP = 0xf7ff067b
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff067b, 8)== ord('v'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff067c, 8)== ord('4'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff067d)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JB_1_symbolic(self):
''' Instruction JB_1
Groups: jump
0x807a3ec: jb 0x807a3f1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a3ec] = 'r'
mem[0x807a3ed] = '\x03'
cpu.EIP = 0x807a3ec
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a3ec, 8)== ord('r'))
condition = Operators.AND(condition, cpu.read_int(0x807a3ed, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807a3f1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JB_10_symbolic(self):
''' Instruction JB_10
Groups: jump
0x807a20e: jb 0x807a213
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a20e] = 'r'
mem[0x807a20f] = '\x03'
cpu.EIP = 0x807a20e
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a20e, 8)== ord('r'))
condition = Operators.AND(condition, cpu.read_int(0x807a20f, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807a213)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JB_11_symbolic(self):
''' Instruction JB_11
Groups: jump
0xf7fe6e0f: jb 0xf7fe6dfc
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe6e10] = '\xeb'
mem[0xf7fe6e0f] = 'r'
cpu.EIP = 0xf7fe6e0f
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe6e10, 8)== ord('\xeb'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe6e0f, 8)== ord('r'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe6dfc)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JB_12_symbolic(self):
''' Instruction JB_12
Groups: jump
0x807a30a: jb 0x807a30f
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a30a] = 'r'
mem[0x807a30b] = '\x03'
cpu.EIP = 0x807a30a
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a30a, 8)== ord('r'))
condition = Operators.AND(condition, cpu.read_int(0x807a30b, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807a30f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JB_13_symbolic(self):
''' Instruction JB_13
Groups: jump
0xf7fe6cef: jb 0xf7fe6cdc
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe6cf0] = '\xeb'
mem[0xf7fe6cef] = 'r'
cpu.EIP = 0xf7fe6cef
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe6cf0, 8)== ord('\xeb'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe6cef, 8)== ord('r'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe6cdc)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JB_14_symbolic(self):
''' Instruction JB_14
Groups: jump
0x807a9b5: jb 0x807a9ba
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a9b5] = 'r'
mem[0x807a9b6] = '\x03'
cpu.EIP = 0x807a9b5
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a9b5, 8)== ord('r'))
condition = Operators.AND(condition, cpu.read_int(0x807a9b6, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807a9b7)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JB_15_symbolic(self):
''' Instruction JB_15
Groups: jump
0xf7eaa0d7: jb 0xf7eaa0c0
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa0d8] = '\xe7'
mem[0xf7eaa0d7] = 'r'
cpu.EIP = 0xf7eaa0d7
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7eaa0d8, 8)== ord('\xe7'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa0d7, 8)== ord('r'))
condition = Operators.AND(condition, cpu.EIP == 0xf7eaa0c0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JB_16_symbolic(self):
''' Instruction JB_16
Groups: jump
0xf7eaa0d7: jb 0xf7eaa0c0
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa0d8] = '\xe7'
mem[0xf7eaa0d7] = 'r'
cpu.EIP = 0xf7eaa0d7
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7eaa0d8, 8)== ord('\xe7'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa0d7, 8)== ord('r'))
condition = Operators.AND(condition, cpu.EIP == 0xf7eaa0c0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JB_17_symbolic(self):
''' Instruction JB_17
Groups: jump
0x807a91c: jb 0x807a921
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a91c] = 'r'
mem[0x807a91d] = '\x03'
cpu.EIP = 0x807a91c
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a91c, 8)== ord('r'))
condition = Operators.AND(condition, cpu.read_int(0x807a91d, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807a921)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JB_18_symbolic(self):
''' Instruction JB_18
Groups: jump
0x807a31d: jb 0x807a322
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a31d] = 'r'
mem[0x807a31e] = '\x03'
cpu.EIP = 0x807a31d
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a31d, 8)== ord('r'))
condition = Operators.AND(condition, cpu.read_int(0x807a31e, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807a31f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JB_19_symbolic(self):
''' Instruction JB_19
Groups: jump
0x807a2b0: jb 0x807a2b5
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a2b0] = 'r'
mem[0x807a2b1] = '\x03'
cpu.EIP = 0x807a2b0
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a2b0, 8)== ord('r'))
condition = Operators.AND(condition, cpu.read_int(0x807a2b1, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807a2b5)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JB_2_symbolic(self):
''' Instruction JB_2
Groups: jump
0xf7eaa0d7: jb 0xf7eaa0c0
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa0d8] = '\xe7'
mem[0xf7eaa0d7] = 'r'
cpu.EIP = 0xf7eaa0d7
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7eaa0d8, 8)== ord('\xe7'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa0d7, 8)== ord('r'))
condition = Operators.AND(condition, cpu.EIP == 0xf7eaa0c0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JB_20_symbolic(self):
''' Instruction JB_20
Groups: jump
0xf7fe6cef: jb 0xf7fe6cdc
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe6cf0] = '\xeb'
mem[0xf7fe6cef] = 'r'
cpu.EIP = 0xf7fe6cef
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe6cf0, 8)== ord('\xeb'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe6cef, 8)== ord('r'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe6cdc)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JB_21_symbolic(self):
''' Instruction JB_21
Groups: jump
0xf7fe6e0f: jb 0xf7fe6dfc
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe6e10] = '\xeb'
mem[0xf7fe6e0f] = 'r'
cpu.EIP = 0xf7fe6e0f
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe6e10, 8)== ord('\xeb'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe6e0f, 8)== ord('r'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe6dfc)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JB_3_symbolic(self):
''' Instruction JB_3
Groups: jump
0x807a220: jb 0x807a225
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a220] = 'r'
mem[0x807a221] = '\x03'
cpu.EIP = 0x807a220
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a220, 8)== ord('r'))
condition = Operators.AND(condition, cpu.read_int(0x807a221, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807a225)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JB_4_symbolic(self):
''' Instruction JB_4
Groups: jump
0x807a39b: jb 0x807a3a0
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a39b] = 'r'
mem[0x807a39c] = '\x03'
cpu.EIP = 0x807a39b
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a39b, 8)== ord('r'))
condition = Operators.AND(condition, cpu.read_int(0x807a39c, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807a39d)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JB_5_symbolic(self):
''' Instruction JB_5
Groups: jump
0xf7fe095a: jb 0xf7fe0966
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe0000, 0x1000, 'rwx')
mem[0xf7fe095a] = 'r'
mem[0xf7fe095b] = '\n'
cpu.EIP = 0xf7fe095a
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe095a, 8)== ord('r'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe095b, 8)== ord('\n'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe095c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JB_6_symbolic(self):
''' Instruction JB_6
Groups: jump
0xf7eaa0d7: jb 0xf7eaa0c0
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa0d8] = '\xe7'
mem[0xf7eaa0d7] = 'r'
cpu.EIP = 0xf7eaa0d7
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7eaa0d8, 8)== ord('\xe7'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa0d7, 8)== ord('r'))
condition = Operators.AND(condition, cpu.EIP == 0xf7eaa0c0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JB_7_symbolic(self):
''' Instruction JB_7
Groups: jump
0x807a3bf: jb 0x807a3c4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a3c0] = '\x03'
mem[0x807a3bf] = 'r'
cpu.EIP = 0x807a3bf
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a3c0, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x807a3bf, 8)== ord('r'))
condition = Operators.AND(condition, cpu.EIP == 0x807a3c1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JB_8_symbolic(self):
''' Instruction JB_8
Groups: jump
0xf7fe0acd: jb 0xf7fe0ab8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe0000, 0x1000, 'rwx')
mem[0xf7fe0acd] = 'r'
mem[0xf7fe0ace] = '\xe9'
cpu.EIP = 0xf7fe0acd
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe0acd, 8)== ord('r'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe0ace, 8)== ord('\xe9'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe0ab8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JB_9_symbolic(self):
''' Instruction JB_9
Groups: jump
0x807a2b9: jb 0x807a2be
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a2b9] = 'r'
mem[0x807a2ba] = '\x03'
cpu.EIP = 0x807a2b9
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a2b9, 8)== ord('r'))
condition = Operators.AND(condition, cpu.read_int(0x807a2ba, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807a2bb)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JCXZ_1_symbolic(self):
''' Instruction JCXZ_1
Groups: not64bitmode, jump
0x807b741: jcxz 0x807b747
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b741] = 'g'
mem[0x807b742] = '\xe3'
mem[0x807b743] = '\x03'
cpu.EIP = 0x807b741
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x50a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b741, 8)== ord('g'))
condition = Operators.AND(condition, cpu.read_int(0x807b742, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807b743, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b744)
condition = Operators.AND(condition, cpu.CX == 0x50a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JCXZ_10_symbolic(self):
''' Instruction JCXZ_10
Groups: not64bitmode, jump
0x807b7eb: jcxz 0x807b7f1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b7eb] = 'g'
mem[0x807b7ec] = '\xe3'
mem[0x807b7ed] = '\x03'
cpu.EIP = 0x807b7eb
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x50a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b7eb, 8)== ord('g'))
condition = Operators.AND(condition, cpu.read_int(0x807b7ec, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807b7ed, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b7ee)
condition = Operators.AND(condition, cpu.CX == 0x50a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JCXZ_11_symbolic(self):
''' Instruction JCXZ_11
Groups: not64bitmode, jump
0x807b7d7: jcxz 0x807b7dd
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b7d8] = '\xe3'
mem[0x807b7d9] = '\x03'
mem[0x807b7d7] = 'g'
cpu.EIP = 0x807b7d7
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x50a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b7d8, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807b7d9, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x807b7d7, 8)== ord('g'))
condition = Operators.AND(condition, cpu.EIP == 0x807b7da)
condition = Operators.AND(condition, cpu.CX == 0x50a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JCXZ_12_symbolic(self):
''' Instruction JCXZ_12
Groups: not64bitmode, jump
0x807b723: jcxz 0x807b729
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b723] = 'g'
mem[0x807b724] = '\xe3'
mem[0x807b725] = '\x03'
cpu.EIP = 0x807b723
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x50a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b723, 8)== ord('g'))
condition = Operators.AND(condition, cpu.read_int(0x807b724, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807b725, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b726)
condition = Operators.AND(condition, cpu.CX == 0x50a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JCXZ_13_symbolic(self):
''' Instruction JCXZ_13
Groups: not64bitmode, jump
0x807b787: jcxz 0x807b78d
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b788] = '\xe3'
mem[0x807b789] = '\x03'
mem[0x807b787] = 'g'
cpu.EIP = 0x807b787
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x50a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b788, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807b789, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x807b787, 8)== ord('g'))
condition = Operators.AND(condition, cpu.EIP == 0x807b78a)
condition = Operators.AND(condition, cpu.CX == 0x50a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JCXZ_14_symbolic(self):
''' Instruction JCXZ_14
Groups: not64bitmode, jump
0x807b737: jcxz 0x807b73d
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b738] = '\xe3'
mem[0x807b739] = '\x03'
mem[0x807b737] = 'g'
cpu.EIP = 0x807b737
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x50a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b738, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807b739, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x807b737, 8)== ord('g'))
condition = Operators.AND(condition, cpu.EIP == 0x807b73a)
condition = Operators.AND(condition, cpu.CX == 0x50a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JCXZ_15_symbolic(self):
''' Instruction JCXZ_15
Groups: not64bitmode, jump
0x807b6fb: jcxz 0x807b701
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b6fb] = 'g'
mem[0x807b6fc] = '\xe3'
mem[0x807b6fd] = '\x03'
cpu.EIP = 0x807b6fb
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x50a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b6fb, 8)== ord('g'))
condition = Operators.AND(condition, cpu.read_int(0x807b6fc, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807b6fd, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b6fe)
condition = Operators.AND(condition, cpu.CX == 0x50a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JCXZ_16_symbolic(self):
''' Instruction JCXZ_16
Groups: not64bitmode, jump
0x807b7f5: jcxz 0x807b7fb
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b7f5] = 'g'
mem[0x807b7f6] = '\xe3'
mem[0x807b7f7] = '\x03'
cpu.EIP = 0x807b7f5
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x50a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b7f5, 8)== ord('g'))
condition = Operators.AND(condition, cpu.read_int(0x807b7f6, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807b7f7, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b7f8)
condition = Operators.AND(condition, cpu.CX == 0x50a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JCXZ_17_symbolic(self):
''' Instruction JCXZ_17
Groups: not64bitmode, jump
0x807b7af: jcxz 0x807b7b5
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b7b0] = '\xe3'
mem[0x807b7b1] = '\x03'
mem[0x807b7af] = 'g'
cpu.EIP = 0x807b7af
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x50a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b7b0, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807b7b1, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x807b7af, 8)== ord('g'))
condition = Operators.AND(condition, cpu.EIP == 0x807b7b2)
condition = Operators.AND(condition, cpu.CX == 0x50a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JCXZ_18_symbolic(self):
''' Instruction JCXZ_18
Groups: not64bitmode, jump
0x807b755: jcxz 0x807b75b
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b755] = 'g'
mem[0x807b756] = '\xe3'
mem[0x807b757] = '\x03'
cpu.EIP = 0x807b755
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x50a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b755, 8)== ord('g'))
condition = Operators.AND(condition, cpu.read_int(0x807b756, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807b757, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b758)
condition = Operators.AND(condition, cpu.CX == 0x50a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JCXZ_19_symbolic(self):
''' Instruction JCXZ_19
Groups: not64bitmode, jump
0x807b7e1: jcxz 0x807b7e7
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b7e1] = 'g'
mem[0x807b7e2] = '\xe3'
mem[0x807b7e3] = '\x03'
cpu.EIP = 0x807b7e1
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x50a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b7e1, 8)== ord('g'))
condition = Operators.AND(condition, cpu.read_int(0x807b7e2, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807b7e3, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b7e4)
condition = Operators.AND(condition, cpu.CX == 0x50a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JCXZ_2_symbolic(self):
''' Instruction JCXZ_2
Groups: not64bitmode, jump
0x807b705: jcxz 0x807b70b
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b705] = 'g'
mem[0x807b706] = '\xe3'
mem[0x807b707] = '\x03'
cpu.EIP = 0x807b705
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x50a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b705, 8)== ord('g'))
condition = Operators.AND(condition, cpu.read_int(0x807b706, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807b707, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b708)
condition = Operators.AND(condition, cpu.CX == 0x50a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JCXZ_20_symbolic(self):
''' Instruction JCXZ_20
Groups: not64bitmode, jump
0x807b769: jcxz 0x807b76f
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b769] = 'g'
mem[0x807b76a] = '\xe3'
mem[0x807b76b] = '\x03'
cpu.EIP = 0x807b769
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x50a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b769, 8)== ord('g'))
condition = Operators.AND(condition, cpu.read_int(0x807b76a, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807b76b, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b76c)
condition = Operators.AND(condition, cpu.CX == 0x50a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JCXZ_21_symbolic(self):
''' Instruction JCXZ_21
Groups: not64bitmode, jump
0x807b70f: jcxz 0x807b715
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b710] = '\xe3'
mem[0x807b711] = '\x03'
mem[0x807b70f] = 'g'
cpu.EIP = 0x807b70f
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x50a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b710, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807b711, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x807b70f, 8)== ord('g'))
condition = Operators.AND(condition, cpu.EIP == 0x807b712)
condition = Operators.AND(condition, cpu.CX == 0x50a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JCXZ_3_symbolic(self):
''' Instruction JCXZ_3
Groups: not64bitmode, jump
0x807b6f1: jcxz 0x807b6f7
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b6f1] = 'g'
mem[0x807b6f2] = '\xe3'
mem[0x807b6f3] = '\x03'
cpu.EIP = 0x807b6f1
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x50a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b6f1, 8)== ord('g'))
condition = Operators.AND(condition, cpu.read_int(0x807b6f2, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807b6f3, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b6f4)
condition = Operators.AND(condition, cpu.CX == 0x50a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JCXZ_4_symbolic(self):
''' Instruction JCXZ_4
Groups: not64bitmode, jump
0x807b7c3: jcxz 0x807b7c9
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b7c3] = 'g'
mem[0x807b7c4] = '\xe3'
mem[0x807b7c5] = '\x03'
cpu.EIP = 0x807b7c3
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x50a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b7c3, 8)== ord('g'))
condition = Operators.AND(condition, cpu.read_int(0x807b7c4, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807b7c5, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b7c6)
condition = Operators.AND(condition, cpu.CX == 0x50a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JCXZ_5_symbolic(self):
''' Instruction JCXZ_5
Groups: not64bitmode, jump
0x807b809: jcxz 0x807b80f
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b809] = 'g'
mem[0x807b80a] = '\xe3'
mem[0x807b80b] = '\x03'
cpu.EIP = 0x807b809
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x50a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b809, 8)== ord('g'))
condition = Operators.AND(condition, cpu.read_int(0x807b80a, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807b80b, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b80c)
condition = Operators.AND(condition, cpu.CX == 0x50a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JCXZ_6_symbolic(self):
''' Instruction JCXZ_6
Groups: not64bitmode, jump
0x807b81d: jcxz 0x807b823
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b81d] = 'g'
mem[0x807b81e] = '\xe3'
mem[0x807b81f] = '\x03'
cpu.EIP = 0x807b81d
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x50a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b81d, 8)== ord('g'))
condition = Operators.AND(condition, cpu.read_int(0x807b81e, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807b81f, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b820)
condition = Operators.AND(condition, cpu.CX == 0x50a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JCXZ_7_symbolic(self):
''' Instruction JCXZ_7
Groups: not64bitmode, jump
0x807b813: jcxz 0x807b819
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b813] = 'g'
mem[0x807b814] = '\xe3'
mem[0x807b815] = '\x03'
cpu.EIP = 0x807b813
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x50a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b813, 8)== ord('g'))
condition = Operators.AND(condition, cpu.read_int(0x807b814, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807b815, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b816)
condition = Operators.AND(condition, cpu.CX == 0x50a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JCXZ_8_symbolic(self):
''' Instruction JCXZ_8
Groups: not64bitmode, jump
0x807b74b: jcxz 0x807b751
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b74b] = 'g'
mem[0x807b74c] = '\xe3'
mem[0x807b74d] = '\x03'
cpu.EIP = 0x807b74b
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x50a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b74b, 8)== ord('g'))
condition = Operators.AND(condition, cpu.read_int(0x807b74c, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807b74d, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b74e)
condition = Operators.AND(condition, cpu.CX == 0x50a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JCXZ_9_symbolic(self):
''' Instruction JCXZ_9
Groups: not64bitmode, jump
0x807b7ff: jcxz 0x807b805
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b800] = '\xe3'
mem[0x807b801] = '\x03'
mem[0x807b7ff] = 'g'
cpu.EIP = 0x807b7ff
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x50a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b800, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807b801, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x807b7ff, 8)== ord('g'))
condition = Operators.AND(condition, cpu.EIP == 0x807b802)
condition = Operators.AND(condition, cpu.CX == 0x50a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JECXZ_1_symbolic(self):
''' Instruction JECXZ_1
Groups: not64bitmode, jump
0x807aafa: jecxz 0x807aaff
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807aafa] = '\xe3'
mem[0x807aafb] = '\x03'
cpu.EIP = 0x807aafa
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf1050a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807aafa, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807aafb, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807aafc)
condition = Operators.AND(condition, cpu.ECX == 0xf1050a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JECXZ_10_symbolic(self):
''' Instruction JECXZ_10
Groups: not64bitmode, jump
0x807aa85: jecxz 0x807aa8a
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807aa85] = '\xe3'
mem[0x807aa86] = '\x03'
cpu.EIP = 0x807aa85
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf1050a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807aa85, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807aa86, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807aa87)
condition = Operators.AND(condition, cpu.ECX == 0xf1050a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JECXZ_11_symbolic(self):
''' Instruction JECXZ_11
Groups: not64bitmode, jump
0x807aabb: jecxz 0x807aac0
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807aabb] = '\xe3'
mem[0x807aabc] = '\x03'
cpu.EIP = 0x807aabb
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf1050a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807aabb, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807aabc, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807aabd)
condition = Operators.AND(condition, cpu.ECX == 0xf1050a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JECXZ_12_symbolic(self):
''' Instruction JECXZ_12
Groups: not64bitmode, jump
0x807aa61: jecxz 0x807aa66
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807aa61] = '\xe3'
mem[0x807aa62] = '\x03'
cpu.EIP = 0x807aa61
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf1050a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807aa61, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807aa62, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807aa63)
condition = Operators.AND(condition, cpu.ECX == 0xf1050a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JECXZ_13_symbolic(self):
''' Instruction JECXZ_13
Groups: not64bitmode, jump
0x807ab15: jecxz 0x807ab1a
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807ab15] = '\xe3'
mem[0x807ab16] = '\x03'
cpu.EIP = 0x807ab15
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf1050a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807ab15, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807ab16, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807ab17)
condition = Operators.AND(condition, cpu.ECX == 0xf1050a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JECXZ_14_symbolic(self):
''' Instruction JECXZ_14
Groups: not64bitmode, jump
0x807aa34: jecxz 0x807aa39
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807aa34] = '\xe3'
mem[0x807aa35] = '\x03'
cpu.EIP = 0x807aa34
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf1050a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807aa34, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807aa35, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807aa36)
condition = Operators.AND(condition, cpu.ECX == 0xf1050a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JECXZ_15_symbolic(self):
''' Instruction JECXZ_15
Groups: not64bitmode, jump
0x807ab0c: jecxz 0x807ab11
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807ab0c] = '\xe3'
mem[0x807ab0d] = '\x03'
cpu.EIP = 0x807ab0c
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf1050a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807ab0c, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807ab0d, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807ab0e)
condition = Operators.AND(condition, cpu.ECX == 0xf1050a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JECXZ_16_symbolic(self):
''' Instruction JECXZ_16
Groups: not64bitmode, jump
0xf7ff44ef: jecxz 0xf7ff451d
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff44f0] = ','
mem[0xf7ff44ef] = '\xe3'
cpu.EIP = 0xf7ff44ef
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x44)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff44f0, 8)== ord(','))
condition = Operators.AND(condition, cpu.read_int(0xf7ff44ef, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff44f1)
condition = Operators.AND(condition, cpu.ECX == 0x44)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JECXZ_17_symbolic(self):
''' Instruction JECXZ_17
Groups: not64bitmode, jump
0x807aa7c: jecxz 0x807aa81
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807aa7c] = '\xe3'
mem[0x807aa7d] = '\x03'
cpu.EIP = 0x807aa7c
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf1050a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807aa7c, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807aa7d, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807aa7e)
condition = Operators.AND(condition, cpu.ECX == 0xf1050a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JECXZ_18_symbolic(self):
''' Instruction JECXZ_18
Groups: not64bitmode, jump
0x807aadf: jecxz 0x807aae4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807aae0] = '\x03'
mem[0x807aadf] = '\xe3'
cpu.EIP = 0x807aadf
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf1050a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807aae0, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x807aadf, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.EIP == 0x807aae1)
condition = Operators.AND(condition, cpu.ECX == 0xf1050a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JECXZ_19_symbolic(self):
''' Instruction JECXZ_19
Groups: not64bitmode, jump
0x807aae8: jecxz 0x807aaed
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807aae8] = '\xe3'
mem[0x807aae9] = '\x03'
cpu.EIP = 0x807aae8
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf1050a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807aae8, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807aae9, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807aaea)
condition = Operators.AND(condition, cpu.ECX == 0xf1050a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JECXZ_2_symbolic(self):
''' Instruction JECXZ_2
Groups: not64bitmode, jump
0x807aa19: jecxz 0x807aa1e
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807aa19] = '\xe3'
mem[0x807aa1a] = '\x03'
cpu.EIP = 0x807aa19
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf1050a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807aa19, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807aa1a, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807aa1b)
condition = Operators.AND(condition, cpu.ECX == 0xf1050a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JECXZ_20_symbolic(self):
''' Instruction JECXZ_20
Groups: not64bitmode, jump
0x807ab1e: jecxz 0x807ab23
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807ab1e] = '\xe3'
mem[0x807ab1f] = '\x03'
cpu.EIP = 0x807ab1e
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf1050a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807ab1e, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807ab1f, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807ab20)
condition = Operators.AND(condition, cpu.ECX == 0xf1050a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JECXZ_21_symbolic(self):
''' Instruction JECXZ_21
Groups: not64bitmode, jump
0x807aaa9: jecxz 0x807aaae
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807aaa9] = '\xe3'
mem[0x807aaaa] = '\x03'
cpu.EIP = 0x807aaa9
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf1050a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807aaa9, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807aaaa, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807aaab)
condition = Operators.AND(condition, cpu.ECX == 0xf1050a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JECXZ_3_symbolic(self):
''' Instruction JECXZ_3
Groups: not64bitmode, jump
0x807aa22: jecxz 0x807aa27
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807aa22] = '\xe3'
mem[0x807aa23] = '\x03'
cpu.EIP = 0x807aa22
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf1050a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807aa22, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807aa23, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807aa24)
condition = Operators.AND(condition, cpu.ECX == 0xf1050a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JECXZ_4_symbolic(self):
''' Instruction JECXZ_4
Groups: not64bitmode, jump
0x807ab30: jecxz 0x807ab35
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807ab30] = '\xe3'
mem[0x807ab31] = '\x03'
cpu.EIP = 0x807ab30
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf1050a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807ab30, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807ab31, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807ab32)
condition = Operators.AND(condition, cpu.ECX == 0xf1050a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JECXZ_5_symbolic(self):
''' Instruction JECXZ_5
Groups: not64bitmode, jump
0x807aa46: jecxz 0x807aa4b
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807aa46] = '\xe3'
mem[0x807aa47] = '\x03'
cpu.EIP = 0x807aa46
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf1050a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807aa46, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807aa47, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807aa48)
condition = Operators.AND(condition, cpu.ECX == 0xf1050a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JECXZ_6_symbolic(self):
''' Instruction JECXZ_6
Groups: not64bitmode, jump
0x807aa58: jecxz 0x807aa5d
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807aa58] = '\xe3'
mem[0x807aa59] = '\x03'
cpu.EIP = 0x807aa58
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf1050a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807aa58, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807aa59, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807aa5a)
condition = Operators.AND(condition, cpu.ECX == 0xf1050a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JECXZ_7_symbolic(self):
''' Instruction JECXZ_7
Groups: not64bitmode, jump
0x807aab2: jecxz 0x807aab7
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807aab2] = '\xe3'
mem[0x807aab3] = '\x03'
cpu.EIP = 0x807aab2
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf1050a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807aab2, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807aab3, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807aab4)
condition = Operators.AND(condition, cpu.ECX == 0xf1050a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JECXZ_8_symbolic(self):
''' Instruction JECXZ_8
Groups: not64bitmode, jump
0x807aac4: jecxz 0x807aac9
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807aac4] = '\xe3'
mem[0x807aac5] = '\x03'
cpu.EIP = 0x807aac4
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf1050a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807aac4, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807aac5, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807aac6)
condition = Operators.AND(condition, cpu.ECX == 0xf1050a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JECXZ_9_symbolic(self):
''' Instruction JECXZ_9
Groups: not64bitmode, jump
0x807aa2b: jecxz 0x807aa30
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807aa2b] = '\xe3'
mem[0x807aa2c] = '\x03'
cpu.EIP = 0x807aa2b
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf1050a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807aa2b, 8)== ord('\xe3'))
condition = Operators.AND(condition, cpu.read_int(0x807aa2c, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807aa2d)
condition = Operators.AND(condition, cpu.ECX == 0xf1050a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JE_1_symbolic(self):
''' Instruction JE_1
Groups: jump
0xf7fe5498: je 0xf7fe4f45
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe5498] = '\x0f'
mem[0xf7fe5499] = '\x84'
mem[0xf7fe549a] = '\xa7'
mem[0xf7fe549b] = '\xfa'
mem[0xf7fe549c] = '\xff'
mem[0xf7fe549d] = '\xff'
cpu.EIP = 0xf7fe5498
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe5498, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe5499, 8)== ord('\x84'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe549a, 8)== ord('\xa7'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe549b, 8)== ord('\xfa'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe549c, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe549d, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe549e)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JE_10_symbolic(self):
''' Instruction JE_10
Groups: jump
0xf7fe26cb: je 0xf7fe2459
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe2000, 0x1000, 'rwx')
mem[0xf7fe26cb] = '\x0f'
mem[0xf7fe26cc] = '\x84'
mem[0xf7fe26cd] = '\x88'
mem[0xf7fe26ce] = '\xfd'
mem[0xf7fe26cf] = '\xff'
mem[0xf7fe26d0] = '\xff'
cpu.EIP = 0xf7fe26cb
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe26cb, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe26cc, 8)== ord('\x84'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe26cd, 8)== ord('\x88'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe26ce, 8)== ord('\xfd'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe26cf, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe26d0, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe26d1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JE_11_symbolic(self):
''' Instruction JE_11
Groups: jump
0xf7fe57c8: je 0xf7fe6291
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe57c8] = '\x0f'
mem[0xf7fe57c9] = '\x84'
mem[0xf7fe57ca] = '\xc3'
mem[0xf7fe57cb] = '\n'
mem[0xf7fe57cc] = '\x00'
mem[0xf7fe57cd] = '\x00'
cpu.EIP = 0xf7fe57c8
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe57c8, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57c9, 8)== ord('\x84'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57ca, 8)== ord('\xc3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57cb, 8)== ord('\n'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57cc, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57cd, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe57ce)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JE_12_symbolic(self):
''' Instruction JE_12
Groups: jump
0xf7fe4eed: je 0xf7fe4f80
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4eed] = '\x0f'
mem[0xf7fe4eee] = '\x84'
mem[0xf7fe4eef] = '\x8d'
mem[0xf7fe4ef0] = '\x00'
mem[0xf7fe4ef1] = '\x00'
mem[0xf7fe4ef2] = '\x00'
cpu.EIP = 0xf7fe4eed
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4eed, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4eee, 8)== ord('\x84'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4eef, 8)== ord('\x8d'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4ef0, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4ef1, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4ef2, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4ef3)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JE_13_symbolic(self):
''' Instruction JE_13
Groups: jump
0xf7fe4f52: je 0xf7fe4f98
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f52] = 't'
mem[0xf7fe4f53] = 'D'
cpu.EIP = 0xf7fe4f52
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f52, 8)== ord('t'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f53, 8)== ord('D'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4f54)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JE_14_symbolic(self):
''' Instruction JE_14
Groups: jump
0xf7fe4cfc: je 0xf7fe4dca
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4d00] = '\x00'
mem[0xf7fe4d01] = '\x00'
mem[0xf7fe4cfc] = '\x0f'
mem[0xf7fe4cfd] = '\x84'
mem[0xf7fe4cfe] = '\xc8'
mem[0xf7fe4cff] = '\x00'
cpu.EIP = 0xf7fe4cfc
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4d00, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4d01, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cfc, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cfd, 8)== ord('\x84'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cfe, 8)== ord('\xc8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cff, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4d02)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JE_15_symbolic(self):
''' Instruction JE_15
Groups: jump
0xf7fe4cfc: je 0xf7fe4dca
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4d00] = '\x00'
mem[0xf7fe4d01] = '\x00'
mem[0xf7fe4cfc] = '\x0f'
mem[0xf7fe4cfd] = '\x84'
mem[0xf7fe4cfe] = '\xc8'
mem[0xf7fe4cff] = '\x00'
cpu.EIP = 0xf7fe4cfc
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4d00, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4d01, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cfc, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cfd, 8)== ord('\x84'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cfe, 8)== ord('\xc8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cff, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4d02)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JE_16_symbolic(self):
''' Instruction JE_16
Groups: jump
0xf7fe4cf8: je 0xf7fe4d40
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cf8] = 't'
mem[0xf7fe4cf9] = 'F'
cpu.EIP = 0xf7fe4cf8
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cf8, 8)== ord('t'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cf9, 8)== ord('F'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4cfa)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JE_17_symbolic(self):
''' Instruction JE_17
Groups: jump
0xf7fe6ee1: je 0xf7fe79f1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe6ee1] = '\x0f'
mem[0xf7fe6ee2] = '\x84'
mem[0xf7fe6ee3] = '\n'
mem[0xf7fe6ee4] = '\x0b'
mem[0xf7fe6ee5] = '\x00'
mem[0xf7fe6ee6] = '\x00'
cpu.EIP = 0xf7fe6ee1
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe6ee1, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe6ee2, 8)== ord('\x84'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe6ee3, 8)== ord('\n'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe6ee4, 8)== ord('\x0b'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe6ee5, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe6ee6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe6ee7)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JE_18_symbolic(self):
''' Instruction JE_18
Groups: jump
0xf7ff3eb4: je 0xf7ff3ec1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3eb4] = 't'
mem[0xf7ff3eb5] = '\x0b'
cpu.EIP = 0xf7ff3eb4
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3eb4, 8)== ord('t'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3eb5, 8)== ord('\x0b'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3eb6)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JE_19_symbolic(self):
''' Instruction JE_19
Groups: jump
0xf7fe4ead: je 0xf7fe4f80
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4ead] = '\x0f'
mem[0xf7fe4eae] = '\x84'
mem[0xf7fe4eaf] = '\xcd'
mem[0xf7fe4eb0] = '\x00'
mem[0xf7fe4eb1] = '\x00'
mem[0xf7fe4eb2] = '\x00'
cpu.EIP = 0xf7fe4ead
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4ead, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4eae, 8)== ord('\x84'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4eaf, 8)== ord('\xcd'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4eb0, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4eb1, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4eb2, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4eb3)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JE_2_symbolic(self):
''' Instruction JE_2
Groups: jump
0xf7e2eeb5: je 0xf7e2efc8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e2e000, 0x1000, 'rwx')
mem[0xf7e2eeb5] = '\x0f'
mem[0xf7e2eeb6] = '\x84'
mem[0xf7e2eeb7] = '\r'
mem[0xf7e2eeb8] = '\x01'
mem[0xf7e2eeb9] = '\x00'
mem[0xf7e2eeba] = '\x00'
cpu.EIP = 0xf7e2eeb5
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e2eeb5, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7e2eeb6, 8)== ord('\x84'))
condition = Operators.AND(condition, cpu.read_int(0xf7e2eeb7, 8)== ord('\r'))
condition = Operators.AND(condition, cpu.read_int(0xf7e2eeb8, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xf7e2eeb9, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e2eeba, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7e2efc8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JE_20_symbolic(self):
''' Instruction JE_20
Groups: jump
0xf7fe4faa: je 0xf7fe50e8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4faa] = '\x0f'
mem[0xf7fe4fab] = '\x84'
mem[0xf7fe4fac] = '8'
mem[0xf7fe4fad] = '\x01'
mem[0xf7fe4fae] = '\x00'
mem[0xf7fe4faf] = '\x00'
cpu.EIP = 0xf7fe4faa
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4faa, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4fab, 8)== ord('\x84'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4fac, 8)== ord('8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4fad, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4fae, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4faf, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4fb0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JE_21_symbolic(self):
''' Instruction JE_21
Groups: jump
0xf7fe4faa: je 0xf7fe50e8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4faa] = '\x0f'
mem[0xf7fe4fab] = '\x84'
mem[0xf7fe4fac] = '8'
mem[0xf7fe4fad] = '\x01'
mem[0xf7fe4fae] = '\x00'
mem[0xf7fe4faf] = '\x00'
cpu.EIP = 0xf7fe4faa
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4faa, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4fab, 8)== ord('\x84'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4fac, 8)== ord('8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4fad, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4fae, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4faf, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe50e8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JE_3_symbolic(self):
''' Instruction JE_3
Groups: jump
0xf7fe4f0f: je 0xf7fe54fc
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f0f] = '\x0f'
mem[0xf7fe4f10] = '\x84'
mem[0xf7fe4f11] = '\xe7'
mem[0xf7fe4f12] = '\x05'
mem[0xf7fe4f13] = '\x00'
mem[0xf7fe4f14] = '\x00'
cpu.EIP = 0xf7fe4f0f
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f0f, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f10, 8)== ord('\x84'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f11, 8)== ord('\xe7'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f12, 8)== ord('\x05'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f13, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f14, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4f15)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JE_4_symbolic(self):
''' Instruction JE_4
Groups: jump
0xf7fe4ca2: je 0xf7fe4db7
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4ca2] = '\x0f'
mem[0xf7fe4ca3] = '\x84'
mem[0xf7fe4ca4] = '\x0f'
mem[0xf7fe4ca5] = '\x01'
mem[0xf7fe4ca6] = '\x00'
mem[0xf7fe4ca7] = '\x00'
cpu.EIP = 0xf7fe4ca2
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4ca2, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4ca3, 8)== ord('\x84'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4ca4, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4ca5, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4ca6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4ca7, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4ca8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JE_5_symbolic(self):
''' Instruction JE_5
Groups: jump
0xf7fe8c4b: je 0xf7fe8a46
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe8000, 0x1000, 'rwx')
mem[0xf7fe8c4b] = '\x0f'
mem[0xf7fe8c4c] = '\x84'
mem[0xf7fe8c4d] = '\xf5'
mem[0xf7fe8c4e] = '\xfd'
mem[0xf7fe8c4f] = '\xff'
mem[0xf7fe8c50] = '\xff'
cpu.EIP = 0xf7fe8c4b
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe8c4b, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe8c4c, 8)== ord('\x84'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe8c4d, 8)== ord('\xf5'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe8c4e, 8)== ord('\xfd'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe8c4f, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe8c50, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe8c51)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JE_6_symbolic(self):
''' Instruction JE_6
Groups: jump
0xf7eaa215: je 0xf7eaa222
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa215] = 't'
mem[0xf7eaa216] = '\x0b'
cpu.EIP = 0xf7eaa215
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7eaa215, 8)== ord('t'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa216, 8)== ord('\x0b'))
condition = Operators.AND(condition, cpu.EIP == 0xf7eaa217)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JE_7_symbolic(self):
''' Instruction JE_7
Groups: jump
0xf7fe72b2: je 0xf7fe72c1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72b2] = 't'
mem[0xf7fe72b3] = '\r'
cpu.EIP = 0xf7fe72b2
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe72b2, 8)== ord('t'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72b3, 8)== ord('\r'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe72b4)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JE_8_symbolic(self):
''' Instruction JE_8
Groups: jump
0xf7fe4cf8: je 0xf7fe4d40
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cf8] = 't'
mem[0xf7fe4cf9] = 'F'
cpu.EIP = 0xf7fe4cf8
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cf8, 8)== ord('t'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cf9, 8)== ord('F'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4cfa)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JE_9_symbolic(self):
''' Instruction JE_9
Groups: jump
0xf7fe4faa: je 0xf7fe50e8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4faa] = '\x0f'
mem[0xf7fe4fab] = '\x84'
mem[0xf7fe4fac] = '8'
mem[0xf7fe4fad] = '\x01'
mem[0xf7fe4fae] = '\x00'
mem[0xf7fe4faf] = '\x00'
cpu.EIP = 0xf7fe4faa
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4faa, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4fab, 8)== ord('\x84'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4fac, 8)== ord('8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4fad, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4fae, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4faf, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4fb0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JGE_1_symbolic(self):
''' Instruction JGE_1
Groups: jump
0x807a7c5: jge 0x807a7ca
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a7c5] = '}'
mem[0x807a7c6] = '\x03'
cpu.EIP = 0x807a7c5
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a7c5, 8)== ord('}'))
condition = Operators.AND(condition, cpu.read_int(0x807a7c6, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807a7ca)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JGE_10_symbolic(self):
''' Instruction JGE_10
Groups: jump
0x807bc24: jge 0x807bc29
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807bc24] = '}'
mem[0x807bc25] = '\x03'
cpu.EIP = 0x807bc24
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807bc24, 8)== ord('}'))
condition = Operators.AND(condition, cpu.read_int(0x807bc25, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807bc29)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JGE_11_symbolic(self):
''' Instruction JGE_11
Groups: jump
0x807a7d7: jge 0x807a7dc
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a7d8] = '\x03'
mem[0x807a7d7] = '}'
cpu.EIP = 0x807a7d7
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a7d8, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x807a7d7, 8)== ord('}'))
condition = Operators.AND(condition, cpu.EIP == 0x807a7dc)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JGE_12_symbolic(self):
''' Instruction JGE_12
Groups: jump
0xf7ff41cc: jge 0xf7ff43e0
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff41cc] = '\x0f'
mem[0xf7ff41cd] = '\x8d'
mem[0xf7ff41ce] = '\x0e'
mem[0xf7ff41cf] = '\x02'
mem[0xf7ff41d0] = '\x00'
mem[0xf7ff41d1] = '\x00'
cpu.EIP = 0xf7ff41cc
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff41cc, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff41cd, 8)== ord('\x8d'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff41ce, 8)== ord('\x0e'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff41cf, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff41d0, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff41d1, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff41d2)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JGE_13_symbolic(self):
''' Instruction JGE_13
Groups: jump
0x807bc99: jge 0x807bc9e
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807bc99] = '}'
mem[0x807bc9a] = '\x03'
cpu.EIP = 0x807bc99
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807bc99, 8)== ord('}'))
condition = Operators.AND(condition, cpu.read_int(0x807bc9a, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807bc9b)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JGE_14_symbolic(self):
''' Instruction JGE_14
Groups: jump
0x807bc75: jge 0x807bc7a
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807bc75] = '}'
mem[0x807bc76] = '\x03'
cpu.EIP = 0x807bc75
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807bc75, 8)== ord('}'))
condition = Operators.AND(condition, cpu.read_int(0x807bc76, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807bc77)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JGE_15_symbolic(self):
''' Instruction JGE_15
Groups: jump
0x807a828: jge 0x807a82d
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a828] = '}'
mem[0x807a829] = '\x03'
cpu.EIP = 0x807a828
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a828, 8)== ord('}'))
condition = Operators.AND(condition, cpu.read_int(0x807a829, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807a82d)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JGE_16_symbolic(self):
''' Instruction JGE_16
Groups: jump
0x807a8a6: jge 0x807a8ab
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a8a6] = '}'
mem[0x807a8a7] = '\x03'
cpu.EIP = 0x807a8a6
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a8a6, 8)== ord('}'))
condition = Operators.AND(condition, cpu.read_int(0x807a8a7, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807a8a8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JGE_17_symbolic(self):
''' Instruction JGE_17
Groups: jump
0x807a7f2: jge 0x807a7f7
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a7f2] = '}'
mem[0x807a7f3] = '\x03'
cpu.EIP = 0x807a7f2
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a7f2, 8)== ord('}'))
condition = Operators.AND(condition, cpu.read_int(0x807a7f3, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807a7f7)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JGE_18_symbolic(self):
''' Instruction JGE_18
Groups: jump
0x807a7ce: jge 0x807a7d3
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a7ce] = '}'
mem[0x807a7cf] = '\x03'
cpu.EIP = 0x807a7ce
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a7ce, 8)== ord('}'))
condition = Operators.AND(condition, cpu.read_int(0x807a7cf, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807a7d3)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JGE_19_symbolic(self):
''' Instruction JGE_19
Groups: jump
0x807bca2: jge 0x807bca7
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807bca2] = '}'
mem[0x807bca3] = '\x03'
cpu.EIP = 0x807bca2
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807bca2, 8)== ord('}'))
condition = Operators.AND(condition, cpu.read_int(0x807bca3, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807bca4)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JGE_2_symbolic(self):
''' Instruction JGE_2
Groups: jump
0xf7ff41cc: jge 0xf7ff43e0
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff41cc] = '\x0f'
mem[0xf7ff41cd] = '\x8d'
mem[0xf7ff41ce] = '\x0e'
mem[0xf7ff41cf] = '\x02'
mem[0xf7ff41d0] = '\x00'
mem[0xf7ff41d1] = '\x00'
cpu.EIP = 0xf7ff41cc
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff41cc, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff41cd, 8)== ord('\x8d'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff41ce, 8)== ord('\x0e'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff41cf, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff41d0, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff41d1, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff41d2)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JGE_20_symbolic(self):
''' Instruction JGE_20
Groups: jump
0x807bc87: jge 0x807bc8c
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807bc88] = '\x03'
mem[0x807bc87] = '}'
cpu.EIP = 0x807bc87
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807bc88, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x807bc87, 8)== ord('}'))
condition = Operators.AND(condition, cpu.EIP == 0x807bc89)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JGE_21_symbolic(self):
''' Instruction JGE_21
Groups: jump
0x807bbd3: jge 0x807bbd8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807bbd3] = '}'
mem[0x807bbd4] = '\x03'
cpu.EIP = 0x807bbd3
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807bbd3, 8)== ord('}'))
condition = Operators.AND(condition, cpu.read_int(0x807bbd4, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807bbd8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JGE_3_symbolic(self):
''' Instruction JGE_3
Groups: jump
0x807bc63: jge 0x807bc68
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807bc63] = '}'
mem[0x807bc64] = '\x03'
cpu.EIP = 0x807bc63
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807bc63, 8)== ord('}'))
condition = Operators.AND(condition, cpu.read_int(0x807bc64, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807bc65)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JGE_4_symbolic(self):
''' Instruction JGE_4
Groups: jump
0x807a870: jge 0x807a875
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a870] = '}'
mem[0x807a871] = '\x03'
cpu.EIP = 0x807a870
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a870, 8)== ord('}'))
condition = Operators.AND(condition, cpu.read_int(0x807a871, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807a872)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JGE_5_symbolic(self):
''' Instruction JGE_5
Groups: jump
0x807a843: jge 0x807a848
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a843] = '}'
mem[0x807a844] = '\x03'
cpu.EIP = 0x807a843
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a843, 8)== ord('}'))
condition = Operators.AND(condition, cpu.read_int(0x807a844, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807a848)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JGE_6_symbolic(self):
''' Instruction JGE_6
Groups: jump
0x807bc6c: jge 0x807bc71
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807bc6c] = '}'
mem[0x807bc6d] = '\x03'
cpu.EIP = 0x807bc6c
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807bc6c, 8)== ord('}'))
condition = Operators.AND(condition, cpu.read_int(0x807bc6d, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807bc6e)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JGE_7_symbolic(self):
''' Instruction JGE_7
Groups: jump
0x807a867: jge 0x807a86c
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a868] = '\x03'
mem[0x807a867] = '}'
cpu.EIP = 0x807a867
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a868, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x807a867, 8)== ord('}'))
condition = Operators.AND(condition, cpu.EIP == 0x807a869)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JGE_8_symbolic(self):
''' Instruction JGE_8
Groups: jump
0x807a7e9: jge 0x807a7ee
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a7e9] = '}'
mem[0x807a7ea] = '\x03'
cpu.EIP = 0x807a7e9
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a7e9, 8)== ord('}'))
condition = Operators.AND(condition, cpu.read_int(0x807a7ea, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807a7ee)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JGE_9_symbolic(self):
''' Instruction JGE_9
Groups: jump
0x807bc48: jge 0x807bc4d
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807bc48] = '}'
mem[0x807bc49] = '\x03'
cpu.EIP = 0x807bc48
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807bc48, 8)== ord('}'))
condition = Operators.AND(condition, cpu.read_int(0x807bc49, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807bc4a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JG_1_symbolic(self):
''' Instruction JG_1
Groups: jump
0x807a76a: jg 0x807a76f
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a76a] = '\x7f'
mem[0x807a76b] = '\x03'
cpu.EIP = 0x807a76a
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a76a, 8)== ord('\x7f'))
condition = Operators.AND(condition, cpu.read_int(0x807a76b, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807a76c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JG_10_symbolic(self):
''' Instruction JG_10
Groups: jump
0x807a746: jg 0x807a74b
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a746] = '\x7f'
mem[0x807a747] = '\x03'
cpu.EIP = 0x807a746
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a746, 8)== ord('\x7f'))
condition = Operators.AND(condition, cpu.read_int(0x807a747, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807a748)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JG_11_symbolic(self):
''' Instruction JG_11
Groups: jump
0x8079fc3: jg 0x8079fc8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079fc3] = '\x7f'
mem[0x8079fc4] = '\x03'
cpu.EIP = 0x8079fc3
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079fc3, 8)== ord('\x7f'))
condition = Operators.AND(condition, cpu.read_int(0x8079fc4, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079fc8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JG_12_symbolic(self):
''' Instruction JG_12
Groups: jump
0x8079fb1: jg 0x8079fb6
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079fb1] = '\x7f'
mem[0x8079fb2] = '\x03'
cpu.EIP = 0x8079fb1
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079fb1, 8)== ord('\x7f'))
condition = Operators.AND(condition, cpu.read_int(0x8079fb2, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079fb6)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JG_13_symbolic(self):
''' Instruction JG_13
Groups: jump
0x8079fd5: jg 0x8079fda
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079fd5] = '\x7f'
mem[0x8079fd6] = '\x03'
cpu.EIP = 0x8079fd5
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079fd5, 8)== ord('\x7f'))
condition = Operators.AND(condition, cpu.read_int(0x8079fd6, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079fda)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JG_14_symbolic(self):
''' Instruction JG_14
Groups: jump
0x807a05c: jg 0x807a061
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a05c] = '\x7f'
mem[0x807a05d] = '\x03'
cpu.EIP = 0x807a05c
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a05c, 8)== ord('\x7f'))
condition = Operators.AND(condition, cpu.read_int(0x807a05d, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807a05e)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JG_15_symbolic(self):
''' Instruction JG_15
Groups: jump
0x807a69b: jg 0x807a6a0
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a69b] = '\x7f'
mem[0x807a69c] = '\x03'
cpu.EIP = 0x807a69b
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a69b, 8)== ord('\x7f'))
condition = Operators.AND(condition, cpu.read_int(0x807a69c, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807a6a0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JG_16_symbolic(self):
''' Instruction JG_16
Groups: jump
0x807a761: jg 0x807a766
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a761] = '\x7f'
mem[0x807a762] = '\x03'
cpu.EIP = 0x807a761
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a761, 8)== ord('\x7f'))
condition = Operators.AND(condition, cpu.read_int(0x807a762, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807a763)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JG_17_symbolic(self):
''' Instruction JG_17
Groups: jump
0x807a785: jg 0x807a78a
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a785] = '\x7f'
mem[0x807a786] = '\x03'
cpu.EIP = 0x807a785
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a785, 8)== ord('\x7f'))
condition = Operators.AND(condition, cpu.read_int(0x807a786, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807a787)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JG_18_symbolic(self):
''' Instruction JG_18
Groups: jump
0x807a7a9: jg 0x807a7ae
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a7a9] = '\x7f'
mem[0x807a7aa] = '\x03'
cpu.EIP = 0x807a7a9
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a7a9, 8)== ord('\x7f'))
condition = Operators.AND(condition, cpu.read_int(0x807a7aa, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807a7ab)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JG_19_symbolic(self):
''' Instruction JG_19
Groups: jump
0x807a7b2: jg 0x807a7b7
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a7b2] = '\x7f'
mem[0x807a7b3] = '\x03'
cpu.EIP = 0x807a7b2
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a7b2, 8)== ord('\x7f'))
condition = Operators.AND(condition, cpu.read_int(0x807a7b3, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807a7b4)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JG_2_symbolic(self):
''' Instruction JG_2
Groups: jump
0x807a707: jg 0x807a70c
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a708] = '\x03'
mem[0x807a707] = '\x7f'
cpu.EIP = 0x807a707
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a708, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x807a707, 8)== ord('\x7f'))
condition = Operators.AND(condition, cpu.EIP == 0x807a709)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JG_20_symbolic(self):
''' Instruction JG_20
Groups: jump
0x807a773: jg 0x807a778
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a773] = '\x7f'
mem[0x807a774] = '\x03'
cpu.EIP = 0x807a773
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a773, 8)== ord('\x7f'))
condition = Operators.AND(condition, cpu.read_int(0x807a774, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807a775)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JG_21_symbolic(self):
''' Instruction JG_21
Groups: jump
0xf7fde27e: jg 0xf7fde9f9
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fde000, 0x1000, 'rwx')
mem[0xf7fde280] = 'u'
mem[0xf7fde281] = '\x07'
mem[0xf7fde282] = '\x00'
mem[0xf7fde283] = '\x00'
mem[0xf7fde27e] = '\x0f'
mem[0xf7fde27f] = '\x8f'
cpu.EIP = 0xf7fde27e
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fde280, 8)== ord('u'))
condition = Operators.AND(condition, cpu.read_int(0xf7fde281, 8)== ord('\x07'))
condition = Operators.AND(condition, cpu.read_int(0xf7fde282, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fde283, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fde27e, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fde27f, 8)== ord('\x8f'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fde9f9)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JG_3_symbolic(self):
''' Instruction JG_3
Groups: jump
0x807a78e: jg 0x807a793
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a78e] = '\x7f'
mem[0x807a78f] = '\x03'
cpu.EIP = 0x807a78e
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a78e, 8)== ord('\x7f'))
condition = Operators.AND(condition, cpu.read_int(0x807a78f, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807a790)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JG_4_symbolic(self):
''' Instruction JG_4
Groups: jump
0x8079f9f: jg 0x8079fa4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079fa0] = '\x03'
mem[0x8079f9f] = '\x7f'
cpu.EIP = 0x8079f9f
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079fa0, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x8079f9f, 8)== ord('\x7f'))
condition = Operators.AND(condition, cpu.EIP == 0x8079fa4)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JG_5_symbolic(self):
''' Instruction JG_5
Groups: jump
0x807a6c8: jg 0x807a6cd
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a6c8] = '\x7f'
mem[0x807a6c9] = '\x03'
cpu.EIP = 0x807a6c8
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a6c8, 8)== ord('\x7f'))
condition = Operators.AND(condition, cpu.read_int(0x807a6c9, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807a6cd)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JG_6_symbolic(self):
''' Instruction JG_6
Groups: jump
0x807a6a4: jg 0x807a6a9
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a6a4] = '\x7f'
mem[0x807a6a5] = '\x03'
cpu.EIP = 0x807a6a4
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a6a4, 8)== ord('\x7f'))
condition = Operators.AND(condition, cpu.read_int(0x807a6a5, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807a6a9)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JG_7_symbolic(self):
''' Instruction JG_7
Groups: jump
0xf7e2e773: jg 0xf7e2e83e
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e2e000, 0x1000, 'rwx')
mem[0xf7e2e773] = '\x0f'
mem[0xf7e2e774] = '\x8f'
mem[0xf7e2e775] = '\xc5'
mem[0xf7e2e776] = '\x00'
mem[0xf7e2e777] = '\x00'
mem[0xf7e2e778] = '\x00'
cpu.EIP = 0xf7e2e773
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e2e773, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7e2e774, 8)== ord('\x8f'))
condition = Operators.AND(condition, cpu.read_int(0xf7e2e775, 8)== ord('\xc5'))
condition = Operators.AND(condition, cpu.read_int(0xf7e2e776, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e2e777, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e2e778, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7e2e83e)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JG_8_symbolic(self):
''' Instruction JG_8
Groups: jump
0x8079fa8: jg 0x8079fad
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079fa8] = '\x7f'
mem[0x8079fa9] = '\x03'
cpu.EIP = 0x8079fa8
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079fa8, 8)== ord('\x7f'))
condition = Operators.AND(condition, cpu.read_int(0x8079fa9, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079fad)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JG_9_symbolic(self):
''' Instruction JG_9
Groups: jump
0x807a6da: jg 0x807a6df
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a6da] = '\x7f'
mem[0x807a6db] = '\x03'
cpu.EIP = 0x807a6da
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a6da, 8)== ord('\x7f'))
condition = Operators.AND(condition, cpu.read_int(0x807a6db, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807a6df)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JLE_1_symbolic(self):
''' Instruction JLE_1
Groups: jump
0x807b3b1: jle 0x807b3b6
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b3b1] = '~'
mem[0x807b3b2] = '\x03'
cpu.EIP = 0x807b3b1
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b3b1, 8)== ord('~'))
condition = Operators.AND(condition, cpu.read_int(0x807b3b2, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b3b6)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JLE_10_symbolic(self):
''' Instruction JLE_10
Groups: jump
0xf7fe577d: jle 0xf7fe5720
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe577d] = '~'
mem[0xf7fe577e] = '\xa1'
cpu.EIP = 0xf7fe577d
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe577d, 8)== ord('~'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe577e, 8)== ord('\xa1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe577f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JLE_11_symbolic(self):
''' Instruction JLE_11
Groups: jump
0x807b936: jle 0x807b93b
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b936] = '~'
mem[0x807b937] = '\x03'
cpu.EIP = 0x807b936
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b936, 8)== ord('~'))
condition = Operators.AND(condition, cpu.read_int(0x807b937, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b93b)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JLE_12_symbolic(self):
''' Instruction JLE_12
Groups: jump
0xf7ff0830: jle 0xf7ff07ef
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff0830] = '~'
mem[0xf7ff0831] = '\xbd'
cpu.EIP = 0xf7ff0830
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff0830, 8)== ord('~'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0831, 8)== ord('\xbd'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff07ef)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JLE_13_symbolic(self):
''' Instruction JLE_13
Groups: jump
0x807b909: jle 0x807b90e
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b909] = '~'
mem[0x807b90a] = '\x03'
cpu.EIP = 0x807b909
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b909, 8)== ord('~'))
condition = Operators.AND(condition, cpu.read_int(0x807b90a, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b90e)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JLE_14_symbolic(self):
''' Instruction JLE_14
Groups: jump
0xf7fe577d: jle 0xf7fe5720
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe577d] = '~'
mem[0xf7fe577e] = '\xa1'
cpu.EIP = 0xf7fe577d
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe577d, 8)== ord('~'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe577e, 8)== ord('\xa1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe577f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JLE_15_symbolic(self):
''' Instruction JLE_15
Groups: jump
0x807b879: jle 0x807b87e
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b879] = '~'
mem[0x807b87a] = '\x03'
cpu.EIP = 0x807b879
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b879, 8)== ord('~'))
condition = Operators.AND(condition, cpu.read_int(0x807b87a, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b87e)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JLE_16_symbolic(self):
''' Instruction JLE_16
Groups: jump
0x807b8dc: jle 0x807b8e1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b8dc] = '~'
mem[0x807b8dd] = '\x03'
cpu.EIP = 0x807b8dc
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b8dc, 8)== ord('~'))
condition = Operators.AND(condition, cpu.read_int(0x807b8dd, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b8e1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JLE_17_symbolic(self):
''' Instruction JLE_17
Groups: jump
0x807b867: jle 0x807b86c
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b868] = '\x03'
mem[0x807b867] = '~'
cpu.EIP = 0x807b867
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b868, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x807b867, 8)== ord('~'))
condition = Operators.AND(condition, cpu.EIP == 0x807b869)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JLE_18_symbolic(self):
''' Instruction JLE_18
Groups: jump
0xf7fe577d: jle 0xf7fe5720
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe577d] = '~'
mem[0xf7fe577e] = '\xa1'
cpu.EIP = 0xf7fe577d
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe577d, 8)== ord('~'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe577e, 8)== ord('\xa1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe577f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JLE_19_symbolic(self):
''' Instruction JLE_19
Groups: jump
0x807b369: jle 0x807b36e
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b369] = '~'
mem[0x807b36a] = '\x03'
cpu.EIP = 0x807b369
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b369, 8)== ord('~'))
condition = Operators.AND(condition, cpu.read_int(0x807b36a, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b36b)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JLE_2_symbolic(self):
''' Instruction JLE_2
Groups: jump
0xf7fe577d: jle 0xf7fe5720
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe577d] = '~'
mem[0xf7fe577e] = '\xa1'
cpu.EIP = 0xf7fe577d
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe577d, 8)== ord('~'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe577e, 8)== ord('\xa1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe577f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JLE_20_symbolic(self):
''' Instruction JLE_20
Groups: jump
0x807b3f9: jle 0x807b3fe
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b3f9] = '~'
mem[0x807b3fa] = '\x03'
cpu.EIP = 0x807b3f9
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b3f9, 8)== ord('~'))
condition = Operators.AND(condition, cpu.read_int(0x807b3fa, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b3fe)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JLE_21_symbolic(self):
''' Instruction JLE_21
Groups: jump
0xf7fe577d: jle 0xf7fe5720
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe577d] = '~'
mem[0xf7fe577e] = '\xa1'
cpu.EIP = 0xf7fe577d
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe577d, 8)== ord('~'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe577e, 8)== ord('\xa1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe577f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JLE_3_symbolic(self):
''' Instruction JLE_3
Groups: jump
0xf7fe577d: jle 0xf7fe5720
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe577d] = '~'
mem[0xf7fe577e] = '\xa1'
cpu.EIP = 0xf7fe577d
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe577d, 8)== ord('~'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe577e, 8)== ord('\xa1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe577f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JLE_4_symbolic(self):
''' Instruction JLE_4
Groups: jump
0xf7fe577d: jle 0xf7fe5720
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe577d] = '~'
mem[0xf7fe577e] = '\xa1'
cpu.EIP = 0xf7fe577d
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe577d, 8)== ord('~'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe577e, 8)== ord('\xa1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe577f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JLE_5_symbolic(self):
''' Instruction JLE_5
Groups: jump
0x807b8e5: jle 0x807b8ea
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b8e5] = '~'
mem[0x807b8e6] = '\x03'
cpu.EIP = 0x807b8e5
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b8e5, 8)== ord('~'))
condition = Operators.AND(condition, cpu.read_int(0x807b8e6, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b8ea)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JLE_6_symbolic(self):
''' Instruction JLE_6
Groups: jump
0xf7fe577d: jle 0xf7fe5720
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe577d] = '~'
mem[0xf7fe577e] = '\xa1'
cpu.EIP = 0xf7fe577d
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe577d, 8)== ord('~'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe577e, 8)== ord('\xa1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe577f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JLE_7_symbolic(self):
''' Instruction JLE_7
Groups: jump
0xf7fe577d: jle 0xf7fe5720
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe577d] = '~'
mem[0xf7fe577e] = '\xa1'
cpu.EIP = 0xf7fe577d
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe577d, 8)== ord('~'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe577e, 8)== ord('\xa1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe577f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JLE_8_symbolic(self):
''' Instruction JLE_8
Groups: jump
0x807b3d5: jle 0x807b3da
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b3d5] = '~'
mem[0x807b3d6] = '\x03'
cpu.EIP = 0x807b3d5
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b3d5, 8)== ord('~'))
condition = Operators.AND(condition, cpu.read_int(0x807b3d6, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b3da)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JLE_9_symbolic(self):
''' Instruction JLE_9
Groups: jump
0xf7fe577d: jle 0xf7fe5720
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe577d] = '~'
mem[0xf7fe577e] = '\xa1'
cpu.EIP = 0xf7fe577d
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe577d, 8)== ord('~'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe577e, 8)== ord('\xa1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe577f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JL_1_symbolic(self):
''' Instruction JL_1
Groups: jump
0x8079aa5: jl 0x8079aaa
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079aa5] = '|'
mem[0x8079aa6] = '\x03'
cpu.EIP = 0x8079aa5
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079aa5, 8)== ord('|'))
condition = Operators.AND(condition, cpu.read_int(0x8079aa6, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079aaa)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JL_10_symbolic(self):
''' Instruction JL_10
Groups: jump
0x807aeca: jl 0x807aecf
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807aeca] = '|'
mem[0x807aecb] = '\x03'
cpu.EIP = 0x807aeca
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807aeca, 8)== ord('|'))
condition = Operators.AND(condition, cpu.read_int(0x807aecb, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807aecc)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JL_11_symbolic(self):
''' Instruction JL_11
Groups: jump
0x807af87: jl 0x807af8c
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807af88] = '\x03'
mem[0x807af87] = '|'
cpu.EIP = 0x807af87
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807af88, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x807af87, 8)== ord('|'))
condition = Operators.AND(condition, cpu.EIP == 0x807af8c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JL_12_symbolic(self):
''' Instruction JL_12
Groups: jump
0x8079a27: jl 0x8079a2c
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079a28] = '\x03'
mem[0x8079a27] = '|'
cpu.EIP = 0x8079a27
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079a28, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x8079a27, 8)== ord('|'))
condition = Operators.AND(condition, cpu.EIP == 0x8079a29)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JL_13_symbolic(self):
''' Instruction JL_13
Groups: jump
0x8079a81: jl 0x8079a86
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079a81] = '|'
mem[0x8079a82] = '\x03'
cpu.EIP = 0x8079a81
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079a81, 8)== ord('|'))
condition = Operators.AND(condition, cpu.read_int(0x8079a82, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079a86)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JL_14_symbolic(self):
''' Instruction JL_14
Groups: jump
0xf7ff41c4: jl 0xf7ff41b9
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff41c4] = '|'
mem[0xf7ff41c5] = '\xf3'
cpu.EIP = 0xf7ff41c4
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff41c4, 8)== ord('|'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff41c5, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff41c6)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JL_15_symbolic(self):
''' Instruction JL_15
Groups: jump
0x807af09: jl 0x807af0e
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807af09] = '|'
mem[0x807af0a] = '\x03'
cpu.EIP = 0x807af09
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807af09, 8)== ord('|'))
condition = Operators.AND(condition, cpu.read_int(0x807af0a, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807af0b)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JL_16_symbolic(self):
''' Instruction JL_16
Groups: jump
0x807aedc: jl 0x807aee1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807aedc] = '|'
mem[0x807aedd] = '\x03'
cpu.EIP = 0x807aedc
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807aedc, 8)== ord('|'))
condition = Operators.AND(condition, cpu.read_int(0x807aedd, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807aede)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JL_17_symbolic(self):
''' Instruction JL_17
Groups: jump
0x8079a5d: jl 0x8079a62
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079a5d] = '|'
mem[0x8079a5e] = '\x03'
cpu.EIP = 0x8079a5d
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079a5d, 8)== ord('|'))
condition = Operators.AND(condition, cpu.read_int(0x8079a5e, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079a62)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JL_18_symbolic(self):
''' Instruction JL_18
Groups: jump
0x807aee5: jl 0x807aeea
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807aee5] = '|'
mem[0x807aee6] = '\x03'
cpu.EIP = 0x807aee5
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807aee5, 8)== ord('|'))
condition = Operators.AND(condition, cpu.read_int(0x807aee6, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807aee7)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JL_19_symbolic(self):
''' Instruction JL_19
Groups: jump
0x8079adb: jl 0x8079ae0
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079adb] = '|'
mem[0x8079adc] = '\x03'
cpu.EIP = 0x8079adb
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079adb, 8)== ord('|'))
condition = Operators.AND(condition, cpu.read_int(0x8079adc, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079ae0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JL_2_symbolic(self):
''' Instruction JL_2
Groups: jump
0x807aef7: jl 0x807aefc
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807aef8] = '\x03'
mem[0x807aef7] = '|'
cpu.EIP = 0x807aef7
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807aef8, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x807aef7, 8)== ord('|'))
condition = Operators.AND(condition, cpu.EIP == 0x807aef9)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JL_20_symbolic(self):
''' Instruction JL_20
Groups: jump
0x807af63: jl 0x807af68
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807af63] = '|'
mem[0x807af64] = '\x03'
cpu.EIP = 0x807af63
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807af63, 8)== ord('|'))
condition = Operators.AND(condition, cpu.read_int(0x807af64, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807af68)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JL_21_symbolic(self):
''' Instruction JL_21
Groups: jump
0x8079a15: jl 0x8079a1a
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079a15] = '|'
mem[0x8079a16] = '\x03'
cpu.EIP = 0x8079a15
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079a15, 8)== ord('|'))
condition = Operators.AND(condition, cpu.read_int(0x8079a16, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079a17)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JL_3_symbolic(self):
''' Instruction JL_3
Groups: jump
0xf7ff41c4: jl 0xf7ff41b9
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff41c4] = '|'
mem[0xf7ff41c5] = '\xf3'
cpu.EIP = 0xf7ff41c4
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff41c4, 8)== ord('|'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff41c5, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff41c6)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JL_4_symbolic(self):
''' Instruction JL_4
Groups: jump
0x807afbd: jl 0x807afc2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807afbd] = '|'
mem[0x807afbe] = '\x03'
cpu.EIP = 0x807afbd
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807afbd, 8)== ord('|'))
condition = Operators.AND(condition, cpu.read_int(0x807afbe, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807afc2)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JL_5_symbolic(self):
''' Instruction JL_5
Groups: jump
0x8079ac0: jl 0x8079ac5
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079ac0] = '|'
mem[0x8079ac1] = '\x03'
cpu.EIP = 0x8079ac0
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079ac0, 8)== ord('|'))
condition = Operators.AND(condition, cpu.read_int(0x8079ac1, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079ac5)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JL_6_symbolic(self):
''' Instruction JL_6
Groups: jump
0x8079a9c: jl 0x8079aa1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079a9c] = '|'
mem[0x8079a9d] = '\x03'
cpu.EIP = 0x8079a9c
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079a9c, 8)== ord('|'))
condition = Operators.AND(condition, cpu.read_int(0x8079a9d, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079aa1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JL_7_symbolic(self):
''' Instruction JL_7
Groups: jump
0x807af75: jl 0x807af7a
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807af75] = '|'
mem[0x807af76] = '\x03'
cpu.EIP = 0x807af75
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807af75, 8)== ord('|'))
condition = Operators.AND(condition, cpu.read_int(0x807af76, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807af7a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JL_8_symbolic(self):
''' Instruction JL_8
Groups: jump
0x807af90: jl 0x807af95
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807af90] = '|'
mem[0x807af91] = '\x03'
cpu.EIP = 0x807af90
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807af90, 8)== ord('|'))
condition = Operators.AND(condition, cpu.read_int(0x807af91, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807af95)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JL_9_symbolic(self):
''' Instruction JL_9
Groups: jump
0x807aed3: jl 0x807aed8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807aed3] = '|'
mem[0x807aed4] = '\x03'
cpu.EIP = 0x807aed3
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807aed3, 8)== ord('|'))
condition = Operators.AND(condition, cpu.read_int(0x807aed4, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807aed5)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JMP_1_symbolic(self):
''' Instruction JMP_1
Groups: jump
0xf7fe7445: jmp 0xf7fe7350
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7448] = '\xff'
mem[0xf7fe7449] = '\xff'
mem[0xf7fe7445] = '\xe9'
mem[0xf7fe7446] = '\x06'
mem[0xf7fe7447] = '\xff'
cpu.EIP = 0xf7fe7445
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7448, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7449, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7445, 8)== ord('\xe9'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7446, 8)== ord('\x06'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7447, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7350)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JMP_10_symbolic(self):
''' Instruction JMP_10
Groups: jump
0xf7ff0fa7: jmp 0xf7ff0e58
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff0fa8] = '\xac'
mem[0xf7ff0fa9] = '\xfe'
mem[0xf7ff0faa] = '\xff'
mem[0xf7ff0fab] = '\xff'
mem[0xf7ff0fa7] = '\xe9'
cpu.EIP = 0xf7ff0fa7
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff0fa8, 8)== ord('\xac'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0fa9, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0faa, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0fab, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0fa7, 8)== ord('\xe9'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff0e58)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JMP_11_symbolic(self):
''' Instruction JMP_11
Groups: jump
0x807ad1b: jmp 0x807ad1e
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807ad1b] = '\xeb'
mem[0x807ad1c] = '\x01'
cpu.EIP = 0x807ad1b
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807ad1b, 8)== ord('\xeb'))
condition = Operators.AND(condition, cpu.read_int(0x807ad1c, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.EIP == 0x807ad1e)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JMP_12_symbolic(self):
''' Instruction JMP_12
Groups: jump
0x8079c2d: jmp 0x8079c30
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079c2d] = '\xeb'
mem[0x8079c2e] = '\x01'
cpu.EIP = 0x8079c2d
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079c2d, 8)== ord('\xeb'))
condition = Operators.AND(condition, cpu.read_int(0x8079c2e, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.EIP == 0x8079c30)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JMP_13_symbolic(self):
''' Instruction JMP_13
Groups: jump
0xf7fe571c: jmp 0xf7fe5731
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe571c] = '\xeb'
mem[0xf7fe571d] = '\x13'
cpu.EIP = 0xf7fe571c
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe571c, 8)== ord('\xeb'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe571d, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe5731)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JMP_14_symbolic(self):
''' Instruction JMP_14
Groups: not64bitmode, jump
0xf7ff0e4a: jmp edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff0e4a] = '\xff'
mem[0xf7ff0e4b] = '\xe2'
cpu.EIP = 0xf7ff0e4a
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7ff1018)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff0e4a, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0e4b, 8)== ord('\xe2'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff1018)
condition = Operators.AND(condition, cpu.EDX == 0xf7ff1018)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JMP_15_symbolic(self):
''' Instruction JMP_15
Groups: not64bitmode, jump
0xf7fdc820: jmp dword ptr [ebx + 0x14]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fdc000, 0x1000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
mem[0xf7fdc820] = '\xff'
mem[0xf7fdc821] = '\xa3'
mem[0xf7fdc822] = '\x14'
mem[0xf7fdc823] = '\x00'
mem[0xf7fdc824] = '\x00'
mem[0xf7fdc825] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffd016)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffd017)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffd014)
value = cs.new_bitvec(8)
cs.add(value == 0xa0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffd015)
value = cs.new_bitvec(8)
cs.add(value == 0x16)
mem[addr] = value
cpu.EIP = 0xf7fdc820
cpu.EBX = cs.new_bitvec(32)
cs.add(cpu.EBX == 0xf7ffd000)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fdc820, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdc821, 8)== ord('\xa3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdc822, 8)== ord('\x14'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdc823, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdc824, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdc825, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffd016, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffd017, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffd014, 8)== ord('\xa0'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffd015, 8)== ord('\x16'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff16a0)
condition = Operators.AND(condition, cpu.EBX == 0xf7ffd000)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JMP_16_symbolic(self):
''' Instruction JMP_16
Groups: jump
0x8079830: jmp 0x8079833
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079830] = '\xeb'
mem[0x8079831] = '\x01'
cpu.EIP = 0x8079830
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079830, 8)== ord('\xeb'))
condition = Operators.AND(condition, cpu.read_int(0x8079831, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.EIP == 0x8079833)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JMP_17_symbolic(self):
''' Instruction JMP_17
Groups: jump
0xf7fe74a5: jmp 0xf7fe7350
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe74a8] = '\xff'
mem[0xf7fe74a9] = '\xff'
mem[0xf7fe74a5] = '\xe9'
mem[0xf7fe74a6] = '\xa6'
mem[0xf7fe74a7] = '\xfe'
cpu.EIP = 0xf7fe74a5
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe74a8, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe74a9, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe74a5, 8)== ord('\xe9'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe74a6, 8)== ord('\xa6'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe74a7, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7350)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JMP_18_symbolic(self):
''' Instruction JMP_18
Groups: jump
0xf7fe555e: jmp 0xf7fe4fa0
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe5560] = '\xfa'
mem[0xf7fe5561] = '\xff'
mem[0xf7fe5562] = '\xff'
mem[0xf7fe555e] = '\xe9'
mem[0xf7fe555f] = '='
cpu.EIP = 0xf7fe555e
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe5560, 8)== ord('\xfa'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe5561, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe5562, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe555e, 8)== ord('\xe9'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe555f, 8)== ord('='))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4fa0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JMP_19_symbolic(self):
''' Instruction JMP_19
Groups: jump
0xf7fe7445: jmp 0xf7fe7350
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7448] = '\xff'
mem[0xf7fe7449] = '\xff'
mem[0xf7fe7445] = '\xe9'
mem[0xf7fe7446] = '\x06'
mem[0xf7fe7447] = '\xff'
cpu.EIP = 0xf7fe7445
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7448, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7449, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7445, 8)== ord('\xe9'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7446, 8)== ord('\x06'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7447, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7350)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JMP_2_symbolic(self):
''' Instruction JMP_2
Groups: jump
0x8079912: jmp 0x8079915
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079912] = '\xeb'
mem[0x8079913] = '\x01'
cpu.EIP = 0x8079912
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079912, 8)== ord('\xeb'))
condition = Operators.AND(condition, cpu.read_int(0x8079913, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.EIP == 0x8079915)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JMP_20_symbolic(self):
''' Instruction JMP_20
Groups: jump
0xf7fe571c: jmp 0xf7fe5731
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe571c] = '\xeb'
mem[0xf7fe571d] = '\x13'
cpu.EIP = 0xf7fe571c
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe571c, 8)== ord('\xeb'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe571d, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe5731)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JMP_21_symbolic(self):
''' Instruction JMP_21
Groups: jump
0x807af15: jmp 0x807af18
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807af15] = '\xeb'
mem[0x807af16] = '\x01'
cpu.EIP = 0x807af15
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807af15, 8)== ord('\xeb'))
condition = Operators.AND(condition, cpu.read_int(0x807af16, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.EIP == 0x807af18)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JMP_3_symbolic(self):
''' Instruction JMP_3
Groups: not64bitmode, jump
0xf7fe733e: jmp eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe733e] = '\xff'
mem[0xf7fe733f] = '\xe0'
cpu.EIP = 0xf7fe733e
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7fe7440)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe733e, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe733f, 8)== ord('\xe0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7440)
condition = Operators.AND(condition, cpu.EAX == 0xf7fe7440)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JMP_4_symbolic(self):
''' Instruction JMP_4
Groups: jump
0x8079dc3: jmp 0x8079dc6
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079dc3] = '\xeb'
mem[0x8079dc4] = '\x01'
cpu.EIP = 0x8079dc3
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079dc3, 8)== ord('\xeb'))
condition = Operators.AND(condition, cpu.read_int(0x8079dc4, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.EIP == 0x8079dc6)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JMP_5_symbolic(self):
''' Instruction JMP_5
Groups: jump
0x807a0b0: jmp 0x807a0b3
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a0b0] = '\xeb'
mem[0x807a0b1] = '\x01'
cpu.EIP = 0x807a0b0
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a0b0, 8)== ord('\xeb'))
condition = Operators.AND(condition, cpu.read_int(0x807a0b1, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.EIP == 0x807a0b3)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JMP_6_symbolic(self):
''' Instruction JMP_6
Groups: jump
0x807ab97: jmp 0x807ab9a
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807ab98] = '\x01'
mem[0x807ab97] = '\xeb'
cpu.EIP = 0x807ab97
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807ab98, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0x807ab97, 8)== ord('\xeb'))
condition = Operators.AND(condition, cpu.EIP == 0x807ab9a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JMP_7_symbolic(self):
''' Instruction JMP_7
Groups: not64bitmode, jump
0xf7fe733e: jmp eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe733e] = '\xff'
mem[0xf7fe733f] = '\xe0'
cpu.EIP = 0xf7fe733e
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7fe7440)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe733e, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe733f, 8)== ord('\xe0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7440)
condition = Operators.AND(condition, cpu.EAX == 0xf7fe7440)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JMP_8_symbolic(self):
''' Instruction JMP_8
Groups: not64bitmode, jump
0xf7fe733e: jmp eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe733e] = '\xff'
mem[0xf7fe733f] = '\xe0'
cpu.EIP = 0xf7fe733e
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7fe74a0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe733e, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe733f, 8)== ord('\xe0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe74a0)
condition = Operators.AND(condition, cpu.EAX == 0xf7fe74a0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JMP_9_symbolic(self):
''' Instruction JMP_9
Groups: jump
0xf7fe7445: jmp 0xf7fe7350
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7448] = '\xff'
mem[0xf7fe7449] = '\xff'
mem[0xf7fe7445] = '\xe9'
mem[0xf7fe7446] = '\x06'
mem[0xf7fe7447] = '\xff'
cpu.EIP = 0xf7fe7445
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7448, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7449, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7445, 8)== ord('\xe9'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7446, 8)== ord('\x06'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7447, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7350)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNE_1_symbolic(self):
''' Instruction JNE_1
Groups: jump
0xf7fe71b0: jne 0xf7fe7eb4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71b0] = '\x0f'
mem[0xf7fe71b1] = '\x85'
mem[0xf7fe71b2] = '\xfe'
mem[0xf7fe71b3] = '\x0c'
mem[0xf7fe71b4] = '\x00'
mem[0xf7fe71b5] = '\x00'
cpu.EIP = 0xf7fe71b0
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b1, 8)== ord('\x85'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b2, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b3, 8)== ord('\x0c'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b4, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b5, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71b6)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNE_10_symbolic(self):
''' Instruction JNE_10
Groups: jump
0xf7ff4222: jne 0xf7ff4457
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4222] = '\x0f'
mem[0xf7ff4223] = '\x85'
mem[0xf7ff4224] = '/'
mem[0xf7ff4225] = '\x02'
mem[0xf7ff4226] = '\x00'
mem[0xf7ff4227] = '\x00'
cpu.EIP = 0xf7ff4222
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff4222, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff4223, 8)== ord('\x85'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff4224, 8)== ord('/'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff4225, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff4226, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff4227, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4228)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNE_11_symbolic(self):
''' Instruction JNE_11
Groups: jump
0xf7fe54f6: jne 0xf7fe555a
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54f6] = 'u'
mem[0xf7fe54f7] = 'b'
cpu.EIP = 0xf7fe54f6
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe54f6, 8)== ord('u'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54f7, 8)== ord('b'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe555a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNE_12_symbolic(self):
''' Instruction JNE_12
Groups: jump
0xf7ff3e72: jne 0xf7ff3e68
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e72] = 'u'
mem[0xf7ff3e73] = '\xf4'
cpu.EIP = 0xf7ff3e72
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e72, 8)== ord('u'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e73, 8)== ord('\xf4'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e68)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNE_13_symbolic(self):
''' Instruction JNE_13
Groups: jump
0xf7fe71b0: jne 0xf7fe7eb4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71b0] = '\x0f'
mem[0xf7fe71b1] = '\x85'
mem[0xf7fe71b2] = '\xfe'
mem[0xf7fe71b3] = '\x0c'
mem[0xf7fe71b4] = '\x00'
mem[0xf7fe71b5] = '\x00'
cpu.EIP = 0xf7fe71b0
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b1, 8)== ord('\x85'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b2, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b3, 8)== ord('\x0c'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b4, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b5, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71b6)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNE_14_symbolic(self):
''' Instruction JNE_14
Groups: jump
0xf7fe71b0: jne 0xf7fe7eb4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71b0] = '\x0f'
mem[0xf7fe71b1] = '\x85'
mem[0xf7fe71b2] = '\xfe'
mem[0xf7fe71b3] = '\x0c'
mem[0xf7fe71b4] = '\x00'
mem[0xf7fe71b5] = '\x00'
cpu.EIP = 0xf7fe71b0
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b1, 8)== ord('\x85'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b2, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b3, 8)== ord('\x0c'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b4, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b5, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71b6)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNE_15_symbolic(self):
''' Instruction JNE_15
Groups: jump
0xf7ff3e6c: jne 0xf7ff3e77
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6c] = 'u'
mem[0xf7ff3e6d] = '\t'
cpu.EIP = 0xf7ff3e6c
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e6c, 8)== ord('u'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e6d, 8)== ord('\t'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e6e)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNE_16_symbolic(self):
''' Instruction JNE_16
Groups: jump
0xf7fe71b0: jne 0xf7fe7eb4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71b0] = '\x0f'
mem[0xf7fe71b1] = '\x85'
mem[0xf7fe71b2] = '\xfe'
mem[0xf7fe71b3] = '\x0c'
mem[0xf7fe71b4] = '\x00'
mem[0xf7fe71b5] = '\x00'
cpu.EIP = 0xf7fe71b0
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b1, 8)== ord('\x85'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b2, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b3, 8)== ord('\x0c'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b4, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b5, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71b6)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNE_17_symbolic(self):
''' Instruction JNE_17
Groups: jump
0xf7fe56b1: jne 0xf7fe56a0
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56b1] = 'u'
mem[0xf7fe56b2] = '\xed'
cpu.EIP = 0xf7fe56b1
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe56b1, 8)== ord('u'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56b2, 8)== ord('\xed'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56b3)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNE_18_symbolic(self):
''' Instruction JNE_18
Groups: jump
0xf7ff3e6c: jne 0xf7ff3e77
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6c] = 'u'
mem[0xf7ff3e6d] = '\t'
cpu.EIP = 0xf7ff3e6c
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e6c, 8)== ord('u'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e6d, 8)== ord('\t'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e6e)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNE_19_symbolic(self):
''' Instruction JNE_19
Groups: jump
0xf7ff0b7e: jne 0xf7ff0a90
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff0b80] = '\x0c'
mem[0xf7ff0b81] = '\xff'
mem[0xf7ff0b82] = '\xff'
mem[0xf7ff0b83] = '\xff'
mem[0xf7ff0b7e] = '\x0f'
mem[0xf7ff0b7f] = '\x85'
cpu.EIP = 0xf7ff0b7e
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff0b80, 8)== ord('\x0c'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0b81, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0b82, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0b83, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0b7e, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0b7f, 8)== ord('\x85'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff0b84)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNE_2_symbolic(self):
''' Instruction JNE_2
Groups: jump
0xf7ff3e72: jne 0xf7ff3e68
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e72] = 'u'
mem[0xf7ff3e73] = '\xf4'
cpu.EIP = 0xf7ff3e72
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e72, 8)== ord('u'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e73, 8)== ord('\xf4'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e68)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNE_20_symbolic(self):
''' Instruction JNE_20
Groups: jump
0xf7fe4f3f: jne 0xf7fe5483
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f40] = '\x85'
mem[0xf7fe4f41] = '>'
mem[0xf7fe4f42] = '\x05'
mem[0xf7fe4f43] = '\x00'
mem[0xf7fe4f44] = '\x00'
mem[0xf7fe4f3f] = '\x0f'
cpu.EIP = 0xf7fe4f3f
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f40, 8)== ord('\x85'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f41, 8)== ord('>'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f42, 8)== ord('\x05'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f43, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f44, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f3f, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4f45)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNE_21_symbolic(self):
''' Instruction JNE_21
Groups: jump
0xf7ff3e6c: jne 0xf7ff3e77
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6c] = 'u'
mem[0xf7ff3e6d] = '\t'
cpu.EIP = 0xf7ff3e6c
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e6c, 8)== ord('u'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e6d, 8)== ord('\t'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e6e)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNE_3_symbolic(self):
''' Instruction JNE_3
Groups: jump
0xf7fe8ab3: jne 0xf7fe9164
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe8000, 0x1000, 'rwx')
mem[0xf7fe8ab3] = '\x0f'
mem[0xf7fe8ab4] = '\x85'
mem[0xf7fe8ab5] = '\xab'
mem[0xf7fe8ab6] = '\x06'
mem[0xf7fe8ab7] = '\x00'
mem[0xf7fe8ab8] = '\x00'
cpu.EIP = 0xf7fe8ab3
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe8ab3, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe8ab4, 8)== ord('\x85'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe8ab5, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe8ab6, 8)== ord('\x06'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe8ab7, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe8ab8, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe9164)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNE_4_symbolic(self):
''' Instruction JNE_4
Groups: jump
0xf7ff3e6c: jne 0xf7ff3e77
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e6c] = 'u'
mem[0xf7ff3e6d] = '\t'
cpu.EIP = 0xf7ff3e6c
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e6c, 8)== ord('u'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e6d, 8)== ord('\t'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e6e)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNE_5_symbolic(self):
''' Instruction JNE_5
Groups: jump
0xf7fe1e7c: jne 0xf7fe2a9e
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe1000, 0x1000, 'rwx')
mem[0xf7fe1e80] = '\x00'
mem[0xf7fe1e81] = '\x00'
mem[0xf7fe1e7c] = '\x0f'
mem[0xf7fe1e7d] = '\x85'
mem[0xf7fe1e7e] = '\x1c'
mem[0xf7fe1e7f] = '\x0c'
cpu.EIP = 0xf7fe1e7c
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe1e80, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe1e81, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe1e7c, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe1e7d, 8)== ord('\x85'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe1e7e, 8)== ord('\x1c'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe1e7f, 8)== ord('\x0c'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe1e82)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNE_6_symbolic(self):
''' Instruction JNE_6
Groups: jump
0xf7fe7275: jne 0xf7fe7288
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7275] = 'u'
mem[0xf7fe7276] = '\x11'
cpu.EIP = 0xf7fe7275
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7275, 8)== ord('u'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7276, 8)== ord('\x11'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7277)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNE_7_symbolic(self):
''' Instruction JNE_7
Groups: jump
0xf7fec1e0: jne 0xf7fec168
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec1e0] = 'u'
mem[0xf7fec1e1] = '\x86'
cpu.EIP = 0xf7fec1e0
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fec1e0, 8)== ord('u'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec1e1, 8)== ord('\x86'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fec1e2)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNE_8_symbolic(self):
''' Instruction JNE_8
Groups: jump
0xf7fe71b0: jne 0xf7fe7eb4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71b0] = '\x0f'
mem[0xf7fe71b1] = '\x85'
mem[0xf7fe71b2] = '\xfe'
mem[0xf7fe71b3] = '\x0c'
mem[0xf7fe71b4] = '\x00'
mem[0xf7fe71b5] = '\x00'
cpu.EIP = 0xf7fe71b0
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b1, 8)== ord('\x85'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b2, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b3, 8)== ord('\x0c'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b4, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71b5, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71b6)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNE_9_symbolic(self):
''' Instruction JNE_9
Groups: jump
0xf7ff092d: jne 0xf7ff099c
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff092d] = 'u'
mem[0xf7ff092e] = 'm'
cpu.EIP = 0xf7ff092d
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff092d, 8)== ord('u'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff092e, 8)== ord('m'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff092f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNO_1_symbolic(self):
''' Instruction JNO_1
Groups: jump
0x807bb6f: jno 0x807bb74
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807bb70] = '\x03'
mem[0x807bb6f] = 'q'
cpu.EIP = 0x807bb6f
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807bb70, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x807bb6f, 8)== ord('q'))
condition = Operators.AND(condition, cpu.EIP == 0x807bb74)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNO_10_symbolic(self):
''' Instruction JNO_10
Groups: jump
0x807baa9: jno 0x807baae
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807baa9] = 'q'
mem[0x807baaa] = '\x03'
cpu.EIP = 0x807baa9
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807baa9, 8)== ord('q'))
condition = Operators.AND(condition, cpu.read_int(0x807baaa, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807baae)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNO_11_symbolic(self):
''' Instruction JNO_11
Groups: jump
0x807bb9c: jno 0x807bba1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807bb9c] = 'q'
mem[0x807bb9d] = '\x03'
cpu.EIP = 0x807bb9c
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807bb9c, 8)== ord('q'))
condition = Operators.AND(condition, cpu.read_int(0x807bb9d, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807bba1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNO_12_symbolic(self):
''' Instruction JNO_12
Groups: jump
0x807bb8a: jno 0x807bb8f
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807bb8a] = 'q'
mem[0x807bb8b] = '\x03'
cpu.EIP = 0x807bb8a
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807bb8a, 8)== ord('q'))
condition = Operators.AND(condition, cpu.read_int(0x807bb8b, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807bb8f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNO_13_symbolic(self):
''' Instruction JNO_13
Groups: jump
0x807bb5d: jno 0x807bb62
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807bb5d] = 'q'
mem[0x807bb5e] = '\x03'
cpu.EIP = 0x807bb5d
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807bb5d, 8)== ord('q'))
condition = Operators.AND(condition, cpu.read_int(0x807bb5e, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807bb62)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNO_14_symbolic(self):
''' Instruction JNO_14
Groups: jump
0x807baa0: jno 0x807baa5
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807baa0] = 'q'
mem[0x807baa1] = '\x03'
cpu.EIP = 0x807baa0
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807baa0, 8)== ord('q'))
condition = Operators.AND(condition, cpu.read_int(0x807baa1, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807baa5)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNO_15_symbolic(self):
''' Instruction JNO_15
Groups: jump
0x807bb78: jno 0x807bb7d
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807bb78] = 'q'
mem[0x807bb79] = '\x03'
cpu.EIP = 0x807bb78
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807bb78, 8)== ord('q'))
condition = Operators.AND(condition, cpu.read_int(0x807bb79, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807bb7d)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNO_16_symbolic(self):
''' Instruction JNO_16
Groups: jump
0x807bb15: jno 0x807bb1a
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807bb15] = 'q'
mem[0x807bb16] = '\x03'
cpu.EIP = 0x807bb15
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807bb15, 8)== ord('q'))
condition = Operators.AND(condition, cpu.read_int(0x807bb16, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807bb1a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNO_17_symbolic(self):
''' Instruction JNO_17
Groups: jump
0x807bb66: jno 0x807bb6b
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807bb66] = 'q'
mem[0x807bb67] = '\x03'
cpu.EIP = 0x807bb66
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807bb66, 8)== ord('q'))
condition = Operators.AND(condition, cpu.read_int(0x807bb67, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807bb6b)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNO_18_symbolic(self):
''' Instruction JNO_18
Groups: jump
0x807bb54: jno 0x807bb59
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807bb54] = 'q'
mem[0x807bb55] = '\x03'
cpu.EIP = 0x807bb54
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807bb54, 8)== ord('q'))
condition = Operators.AND(condition, cpu.read_int(0x807bb55, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807bb59)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNO_19_symbolic(self):
''' Instruction JNO_19
Groups: jump
0x807bb03: jno 0x807bb08
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807bb03] = 'q'
mem[0x807bb04] = '\x03'
cpu.EIP = 0x807bb03
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807bb03, 8)== ord('q'))
condition = Operators.AND(condition, cpu.read_int(0x807bb04, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807bb08)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNO_2_symbolic(self):
''' Instruction JNO_2
Groups: jump
0x807ba85: jno 0x807ba8a
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807ba85] = 'q'
mem[0x807ba86] = '\x03'
cpu.EIP = 0x807ba85
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807ba85, 8)== ord('q'))
condition = Operators.AND(condition, cpu.read_int(0x807ba86, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807ba8a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNO_20_symbolic(self):
''' Instruction JNO_20
Groups: jump
0x807bacd: jno 0x807bad2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807bacd] = 'q'
mem[0x807bace] = '\x03'
cpu.EIP = 0x807bacd
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807bacd, 8)== ord('q'))
condition = Operators.AND(condition, cpu.read_int(0x807bace, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807bad2)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNO_21_symbolic(self):
''' Instruction JNO_21
Groups: jump
0x807bb0c: jno 0x807bb11
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807bb0c] = 'q'
mem[0x807bb0d] = '\x03'
cpu.EIP = 0x807bb0c
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807bb0c, 8)== ord('q'))
condition = Operators.AND(condition, cpu.read_int(0x807bb0d, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807bb11)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNO_3_symbolic(self):
''' Instruction JNO_3
Groups: jump
0x807bb39: jno 0x807bb3e
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807bb39] = 'q'
mem[0x807bb3a] = '\x03'
cpu.EIP = 0x807bb39
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807bb39, 8)== ord('q'))
condition = Operators.AND(condition, cpu.read_int(0x807bb3a, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807bb3e)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNO_4_symbolic(self):
''' Instruction JNO_4
Groups: jump
0x807bb30: jno 0x807bb35
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807bb30] = 'q'
mem[0x807bb31] = '\x03'
cpu.EIP = 0x807bb30
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807bb30, 8)== ord('q'))
condition = Operators.AND(condition, cpu.read_int(0x807bb31, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807bb35)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNO_5_symbolic(self):
''' Instruction JNO_5
Groups: jump
0x807bb4b: jno 0x807bb50
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807bb4b] = 'q'
mem[0x807bb4c] = '\x03'
cpu.EIP = 0x807bb4b
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807bb4b, 8)== ord('q'))
condition = Operators.AND(condition, cpu.read_int(0x807bb4c, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807bb50)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNO_6_symbolic(self):
''' Instruction JNO_6
Groups: jump
0x807badf: jno 0x807bae4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807bae0] = '\x03'
mem[0x807badf] = 'q'
cpu.EIP = 0x807badf
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807bae0, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x807badf, 8)== ord('q'))
condition = Operators.AND(condition, cpu.EIP == 0x807bae4)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNO_7_symbolic(self):
''' Instruction JNO_7
Groups: jump
0x807babb: jno 0x807bac0
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807babb] = 'q'
mem[0x807babc] = '\x03'
cpu.EIP = 0x807babb
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807babb, 8)== ord('q'))
condition = Operators.AND(condition, cpu.read_int(0x807babc, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807bac0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNO_8_symbolic(self):
''' Instruction JNO_8
Groups: jump
0x807bb81: jno 0x807bb86
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807bb81] = 'q'
mem[0x807bb82] = '\x03'
cpu.EIP = 0x807bb81
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807bb81, 8)== ord('q'))
condition = Operators.AND(condition, cpu.read_int(0x807bb82, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807bb86)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNO_9_symbolic(self):
''' Instruction JNO_9
Groups: jump
0x807bb1e: jno 0x807bb23
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807bb1e] = 'q'
mem[0x807bb1f] = '\x03'
cpu.EIP = 0x807bb1e
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807bb1e, 8)== ord('q'))
condition = Operators.AND(condition, cpu.read_int(0x807bb1f, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807bb23)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNP_1_symbolic(self):
''' Instruction JNP_1
Groups: jump
0x807b006: jnp 0x807b00b
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b006] = '{'
mem[0x807b007] = '\x03'
cpu.EIP = 0x807b006
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b006, 8)== ord('{'))
condition = Operators.AND(condition, cpu.read_int(0x807b007, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b008)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNP_10_symbolic(self):
''' Instruction JNP_10
Groups: jump
0x807aea5: jnp 0x807aeaa
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807aea5] = '{'
mem[0x807aea6] = '\x03'
cpu.EIP = 0x807aea5
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807aea5, 8)== ord('{'))
condition = Operators.AND(condition, cpu.read_int(0x807aea6, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807aea7)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNP_11_symbolic(self):
''' Instruction JNP_11
Groups: jump
0x807b09f: jnp 0x807b0a4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b0a0] = '\x03'
mem[0x807b09f] = '{'
cpu.EIP = 0x807b09f
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b0a0, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x807b09f, 8)== ord('{'))
condition = Operators.AND(condition, cpu.EIP == 0x807b0a4)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNP_12_symbolic(self):
''' Instruction JNP_12
Groups: jump
0x807aff4: jnp 0x807aff9
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807aff4] = '{'
mem[0x807aff5] = '\x03'
cpu.EIP = 0x807aff4
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807aff4, 8)== ord('{'))
condition = Operators.AND(condition, cpu.read_int(0x807aff5, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807aff9)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNP_13_symbolic(self):
''' Instruction JNP_13
Groups: jump
0x807ae39: jnp 0x807ae3e
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807ae39] = '{'
mem[0x807ae3a] = '\x03'
cpu.EIP = 0x807ae39
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807ae39, 8)== ord('{'))
condition = Operators.AND(condition, cpu.read_int(0x807ae3a, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807ae3b)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNP_14_symbolic(self):
''' Instruction JNP_14
Groups: jump
0x807ae27: jnp 0x807ae2c
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807ae28] = '\x03'
mem[0x807ae27] = '{'
cpu.EIP = 0x807ae27
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807ae28, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x807ae27, 8)== ord('{'))
condition = Operators.AND(condition, cpu.EIP == 0x807ae2c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNP_15_symbolic(self):
''' Instruction JNP_15
Groups: jump
0x807b072: jnp 0x807b077
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b072] = '{'
mem[0x807b073] = '\x03'
cpu.EIP = 0x807b072
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b072, 8)== ord('{'))
condition = Operators.AND(condition, cpu.read_int(0x807b073, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b074)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNP_16_symbolic(self):
''' Instruction JNP_16
Groups: jump
0x807b057: jnp 0x807b05c
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b058] = '\x03'
mem[0x807b057] = '{'
cpu.EIP = 0x807b057
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b058, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x807b057, 8)== ord('{'))
condition = Operators.AND(condition, cpu.EIP == 0x807b05c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNP_17_symbolic(self):
''' Instruction JNP_17
Groups: jump
0x807ae15: jnp 0x807ae1a
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807ae15] = '{'
mem[0x807ae16] = '\x03'
cpu.EIP = 0x807ae15
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807ae15, 8)== ord('{'))
condition = Operators.AND(condition, cpu.read_int(0x807ae16, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807ae17)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNP_18_symbolic(self):
''' Instruction JNP_18
Groups: jump
0x807b021: jnp 0x807b026
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b021] = '{'
mem[0x807b022] = '\x03'
cpu.EIP = 0x807b021
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b021, 8)== ord('{'))
condition = Operators.AND(condition, cpu.read_int(0x807b022, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b023)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNP_19_symbolic(self):
''' Instruction JNP_19
Groups: jump
0x807ae9c: jnp 0x807aea1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807ae9c] = '{'
mem[0x807ae9d] = '\x03'
cpu.EIP = 0x807ae9c
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807ae9c, 8)== ord('{'))
condition = Operators.AND(condition, cpu.read_int(0x807ae9d, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807aea1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNP_2_symbolic(self):
''' Instruction JNP_2
Groups: jump
0x807b0de: jnp 0x807b0e3
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b0de] = '{'
mem[0x807b0df] = '\x03'
cpu.EIP = 0x807b0de
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b0de, 8)== ord('{'))
condition = Operators.AND(condition, cpu.read_int(0x807b0df, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b0e0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNP_20_symbolic(self):
''' Instruction JNP_20
Groups: jump
0x807ad97: jnp 0x807ad9c
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807ad98] = '\x03'
mem[0x807ad97] = '{'
cpu.EIP = 0x807ad97
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807ad98, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x807ad97, 8)== ord('{'))
condition = Operators.AND(condition, cpu.EIP == 0x807ad9c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNP_21_symbolic(self):
''' Instruction JNP_21
Groups: jump
0x807add6: jnp 0x807addb
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807add6] = '{'
mem[0x807add7] = '\x03'
cpu.EIP = 0x807add6
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807add6, 8)== ord('{'))
condition = Operators.AND(condition, cpu.read_int(0x807add7, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807add8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNP_3_symbolic(self):
''' Instruction JNP_3
Groups: jump
0x807b102: jnp 0x807b107
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b102] = '{'
mem[0x807b103] = '\x03'
cpu.EIP = 0x807b102
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b102, 8)== ord('{'))
condition = Operators.AND(condition, cpu.read_int(0x807b103, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b104)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNP_4_symbolic(self):
''' Instruction JNP_4
Groups: jump
0x807addf: jnp 0x807ade4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807ade0] = '\x03'
mem[0x807addf] = '{'
cpu.EIP = 0x807addf
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807ade0, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x807addf, 8)== ord('{'))
condition = Operators.AND(condition, cpu.EIP == 0x807ade4)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNP_5_symbolic(self):
''' Instruction JNP_5
Groups: jump
0x807b096: jnp 0x807b09b
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b096] = '{'
mem[0x807b097] = '\x03'
cpu.EIP = 0x807b096
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b096, 8)== ord('{'))
condition = Operators.AND(condition, cpu.read_int(0x807b097, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b098)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNP_6_symbolic(self):
''' Instruction JNP_6
Groups: jump
0x807ae81: jnp 0x807ae86
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807ae81] = '{'
mem[0x807ae82] = '\x03'
cpu.EIP = 0x807ae81
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807ae81, 8)== ord('{'))
condition = Operators.AND(condition, cpu.read_int(0x807ae82, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807ae83)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNP_7_symbolic(self):
''' Instruction JNP_7
Groups: jump
0x807b0cc: jnp 0x807b0d1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b0cc] = '{'
mem[0x807b0cd] = '\x03'
cpu.EIP = 0x807b0cc
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b0cc, 8)== ord('{'))
condition = Operators.AND(condition, cpu.read_int(0x807b0cd, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b0d1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNP_8_symbolic(self):
''' Instruction JNP_8
Groups: jump
0x807b08d: jnp 0x807b092
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b08d] = '{'
mem[0x807b08e] = '\x03'
cpu.EIP = 0x807b08d
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b08d, 8)== ord('{'))
condition = Operators.AND(condition, cpu.read_int(0x807b08e, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b08f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNP_9_symbolic(self):
''' Instruction JNP_9
Groups: jump
0x807ae93: jnp 0x807ae98
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807ae93] = '{'
mem[0x807ae94] = '\x03'
cpu.EIP = 0x807ae93
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807ae93, 8)== ord('{'))
condition = Operators.AND(condition, cpu.read_int(0x807ae94, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807ae98)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNS_1_symbolic(self):
''' Instruction JNS_1
Groups: jump
0x807aceb: jns 0x807acf0
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807aceb] = 'y'
mem[0x807acec] = '\x03'
cpu.EIP = 0x807aceb
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807aceb, 8)== ord('y'))
condition = Operators.AND(condition, cpu.read_int(0x807acec, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807acf0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNS_10_symbolic(self):
''' Instruction JNS_10
Groups: jump
0x807ad7b: jns 0x807ad80
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807ad7b] = 'y'
mem[0x807ad7c] = '\x03'
cpu.EIP = 0x807ad7b
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807ad7b, 8)== ord('y'))
condition = Operators.AND(condition, cpu.read_int(0x807ad7c, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807ad7d)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNS_11_symbolic(self):
''' Instruction JNS_11
Groups: jump
0x807ad4e: jns 0x807ad53
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807ad4e] = 'y'
mem[0x807ad4f] = '\x03'
cpu.EIP = 0x807ad4e
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807ad4e, 8)== ord('y'))
condition = Operators.AND(condition, cpu.read_int(0x807ad4f, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807ad50)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNS_12_symbolic(self):
''' Instruction JNS_12
Groups: jump
0x807acd0: jns 0x807acd5
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807acd0] = 'y'
mem[0x807acd1] = '\x03'
cpu.EIP = 0x807acd0
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807acd0, 8)== ord('y'))
condition = Operators.AND(condition, cpu.read_int(0x807acd1, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807acd5)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNS_13_symbolic(self):
''' Instruction JNS_13
Groups: jump
0xf7ff0826: jns 0xf7ff07e8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff0826] = 'y'
mem[0xf7ff0827] = '\xc0'
cpu.EIP = 0xf7ff0826
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff0826, 8)== ord('y'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0827, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff07e8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNS_14_symbolic(self):
''' Instruction JNS_14
Groups: jump
0x807ad33: jns 0x807ad38
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807ad33] = 'y'
mem[0x807ad34] = '\x03'
cpu.EIP = 0x807ad33
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807ad33, 8)== ord('y'))
condition = Operators.AND(condition, cpu.read_int(0x807ad34, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807ad35)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNS_15_symbolic(self):
''' Instruction JNS_15
Groups: jump
0x807ac88: jns 0x807ac8d
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807ac88] = 'y'
mem[0x807ac89] = '\x03'
cpu.EIP = 0x807ac88
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807ac88, 8)== ord('y'))
condition = Operators.AND(condition, cpu.read_int(0x807ac89, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807ac8d)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNS_16_symbolic(self):
''' Instruction JNS_16
Groups: jump
0x807ad3c: jns 0x807ad41
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807ad3c] = 'y'
mem[0x807ad3d] = '\x03'
cpu.EIP = 0x807ad3c
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807ad3c, 8)== ord('y'))
condition = Operators.AND(condition, cpu.read_int(0x807ad3d, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807ad3e)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNS_17_symbolic(self):
''' Instruction JNS_17
Groups: jump
0x807acfd: jns 0x807ad02
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807acfd] = 'y'
mem[0x807acfe] = '\x03'
cpu.EIP = 0x807acfd
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807acfd, 8)== ord('y'))
condition = Operators.AND(condition, cpu.read_int(0x807acfe, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807acff)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNS_18_symbolic(self):
''' Instruction JNS_18
Groups: jump
0xf7ff0826: jns 0xf7ff07e8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff0826] = 'y'
mem[0xf7ff0827] = '\xc0'
cpu.EIP = 0xf7ff0826
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff0826, 8)== ord('y'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0827, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff0828)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNS_19_symbolic(self):
''' Instruction JNS_19
Groups: jump
0x807ac9a: jns 0x807ac9f
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807ac9a] = 'y'
mem[0x807ac9b] = '\x03'
cpu.EIP = 0x807ac9a
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807ac9a, 8)== ord('y'))
condition = Operators.AND(condition, cpu.read_int(0x807ac9b, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807ac9f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNS_2_symbolic(self):
''' Instruction JNS_2
Groups: jump
0x807ac91: jns 0x807ac96
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807ac91] = 'y'
mem[0x807ac92] = '\x03'
cpu.EIP = 0x807ac91
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807ac91, 8)== ord('y'))
condition = Operators.AND(condition, cpu.read_int(0x807ac92, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807ac96)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNS_20_symbolic(self):
''' Instruction JNS_20
Groups: jump
0x807ad72: jns 0x807ad77
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807ad72] = 'y'
mem[0x807ad73] = '\x03'
cpu.EIP = 0x807ad72
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807ad72, 8)== ord('y'))
condition = Operators.AND(condition, cpu.read_int(0x807ad73, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807ad74)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNS_21_symbolic(self):
''' Instruction JNS_21
Groups: jump
0x807ad2a: jns 0x807ad2f
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807ad2a] = 'y'
mem[0x807ad2b] = '\x03'
cpu.EIP = 0x807ad2a
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807ad2a, 8)== ord('y'))
condition = Operators.AND(condition, cpu.read_int(0x807ad2b, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807ad2c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNS_3_symbolic(self):
''' Instruction JNS_3
Groups: jump
0x807ad0f: jns 0x807ad14
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807ad10] = '\x03'
mem[0x807ad0f] = 'y'
cpu.EIP = 0x807ad0f
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807ad10, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x807ad0f, 8)== ord('y'))
condition = Operators.AND(condition, cpu.EIP == 0x807ad11)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNS_4_symbolic(self):
''' Instruction JNS_4
Groups: jump
0x807aca3: jns 0x807aca8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807aca3] = 'y'
mem[0x807aca4] = '\x03'
cpu.EIP = 0x807aca3
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807aca3, 8)== ord('y'))
condition = Operators.AND(condition, cpu.read_int(0x807aca4, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807aca8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNS_5_symbolic(self):
''' Instruction JNS_5
Groups: jump
0x807ace2: jns 0x807ace7
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807ace2] = 'y'
mem[0x807ace3] = '\x03'
cpu.EIP = 0x807ace2
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807ace2, 8)== ord('y'))
condition = Operators.AND(condition, cpu.read_int(0x807ace3, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807ace7)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNS_6_symbolic(self):
''' Instruction JNS_6
Groups: jump
0x807ad84: jns 0x807ad89
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807ad84] = 'y'
mem[0x807ad85] = '\x03'
cpu.EIP = 0x807ad84
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807ad84, 8)== ord('y'))
condition = Operators.AND(condition, cpu.read_int(0x807ad85, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807ad86)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNS_7_symbolic(self):
''' Instruction JNS_7
Groups: jump
0xf7ff0826: jns 0xf7ff07e8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff0826] = 'y'
mem[0xf7ff0827] = '\xc0'
cpu.EIP = 0xf7ff0826
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff0826, 8)== ord('y'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0827, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff0828)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNS_8_symbolic(self):
''' Instruction JNS_8
Groups: jump
0x807ac6d: jns 0x807ac72
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807ac6d] = 'y'
mem[0x807ac6e] = '\x03'
cpu.EIP = 0x807ac6d
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807ac6d, 8)== ord('y'))
condition = Operators.AND(condition, cpu.read_int(0x807ac6e, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807ac72)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JNS_9_symbolic(self):
''' Instruction JNS_9
Groups: jump
0x807ad69: jns 0x807ad6e
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807ad69] = 'y'
mem[0x807ad6a] = '\x03'
cpu.EIP = 0x807ad69
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807ad69, 8)== ord('y'))
condition = Operators.AND(condition, cpu.read_int(0x807ad6a, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807ad6b)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JO_1_symbolic(self):
''' Instruction JO_1
Groups: jump
0x8079c60: jo 0x8079c65
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079c60] = 'p'
mem[0x8079c61] = '\x03'
cpu.EIP = 0x8079c60
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079c60, 8)== ord('p'))
condition = Operators.AND(condition, cpu.read_int(0x8079c61, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079c62)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JO_10_symbolic(self):
''' Instruction JO_10
Groups: jump
0x8079c7b: jo 0x8079c80
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079c7b] = 'p'
mem[0x8079c7c] = '\x03'
cpu.EIP = 0x8079c7b
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079c7b, 8)== ord('p'))
condition = Operators.AND(condition, cpu.read_int(0x8079c7c, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079c7d)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JO_11_symbolic(self):
''' Instruction JO_11
Groups: jump
0x8079cd5: jo 0x8079cda
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079cd5] = 'p'
mem[0x8079cd6] = '\x03'
cpu.EIP = 0x8079cd5
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079cd5, 8)== ord('p'))
condition = Operators.AND(condition, cpu.read_int(0x8079cd6, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079cd7)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JO_12_symbolic(self):
''' Instruction JO_12
Groups: jump
0x8079cba: jo 0x8079cbf
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079cba] = 'p'
mem[0x8079cbb] = '\x03'
cpu.EIP = 0x8079cba
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079cba, 8)== ord('p'))
condition = Operators.AND(condition, cpu.read_int(0x8079cbb, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079cbc)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JO_13_symbolic(self):
''' Instruction JO_13
Groups: jump
0x8079cc3: jo 0x8079cc8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079cc3] = 'p'
mem[0x8079cc4] = '\x03'
cpu.EIP = 0x8079cc3
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079cc3, 8)== ord('p'))
condition = Operators.AND(condition, cpu.read_int(0x8079cc4, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079cc5)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JO_14_symbolic(self):
''' Instruction JO_14
Groups: jump
0x8079ce7: jo 0x8079cec
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079ce8] = '\x03'
mem[0x8079ce7] = 'p'
cpu.EIP = 0x8079ce7
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079ce8, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x8079ce7, 8)== ord('p'))
condition = Operators.AND(condition, cpu.EIP == 0x8079ce9)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JO_15_symbolic(self):
''' Instruction JO_15
Groups: jump
0x8079c4e: jo 0x8079c53
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079c4e] = 'p'
mem[0x8079c4f] = '\x03'
cpu.EIP = 0x8079c4e
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079c4e, 8)== ord('p'))
condition = Operators.AND(condition, cpu.read_int(0x8079c4f, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079c50)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JO_16_symbolic(self):
''' Instruction JO_16
Groups: jump
0x8079c33: jo 0x8079c38
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079c33] = 'p'
mem[0x8079c34] = '\x03'
cpu.EIP = 0x8079c33
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079c33, 8)== ord('p'))
condition = Operators.AND(condition, cpu.read_int(0x8079c34, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079c35)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JO_17_symbolic(self):
''' Instruction JO_17
Groups: jump
0x8079c69: jo 0x8079c6e
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079c69] = 'p'
mem[0x8079c6a] = '\x03'
cpu.EIP = 0x8079c69
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079c69, 8)== ord('p'))
condition = Operators.AND(condition, cpu.read_int(0x8079c6a, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079c6b)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JO_18_symbolic(self):
''' Instruction JO_18
Groups: jump
0x8079d0b: jo 0x8079d10
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079d0b] = 'p'
mem[0x8079d0c] = '\x03'
cpu.EIP = 0x8079d0b
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079d0b, 8)== ord('p'))
condition = Operators.AND(condition, cpu.read_int(0x8079d0c, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079d0d)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JO_19_symbolic(self):
''' Instruction JO_19
Groups: jump
0x8079c96: jo 0x8079c9b
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079c96] = 'p'
mem[0x8079c97] = '\x03'
cpu.EIP = 0x8079c96
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079c96, 8)== ord('p'))
condition = Operators.AND(condition, cpu.read_int(0x8079c97, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079c98)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JO_2_symbolic(self):
''' Instruction JO_2
Groups: jump
0x8079c9f: jo 0x8079ca4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079ca0] = '\x03'
mem[0x8079c9f] = 'p'
cpu.EIP = 0x8079c9f
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079ca0, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x8079c9f, 8)== ord('p'))
condition = Operators.AND(condition, cpu.EIP == 0x8079ca1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JO_20_symbolic(self):
''' Instruction JO_20
Groups: jump
0x8079d02: jo 0x8079d07
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079d02] = 'p'
mem[0x8079d03] = '\x03'
cpu.EIP = 0x8079d02
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079d02, 8)== ord('p'))
condition = Operators.AND(condition, cpu.read_int(0x8079d03, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079d04)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JO_21_symbolic(self):
''' Instruction JO_21
Groups: jump
0x8079c72: jo 0x8079c77
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079c72] = 'p'
mem[0x8079c73] = '\x03'
cpu.EIP = 0x8079c72
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079c72, 8)== ord('p'))
condition = Operators.AND(condition, cpu.read_int(0x8079c73, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079c74)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JO_3_symbolic(self):
''' Instruction JO_3
Groups: jump
0x8079d1d: jo 0x8079d22
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079d1d] = 'p'
mem[0x8079d1e] = '\x03'
cpu.EIP = 0x8079d1d
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079d1d, 8)== ord('p'))
condition = Operators.AND(condition, cpu.read_int(0x8079d1e, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079d1f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JO_4_symbolic(self):
''' Instruction JO_4
Groups: jump
0x8079c45: jo 0x8079c4a
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079c45] = 'p'
mem[0x8079c46] = '\x03'
cpu.EIP = 0x8079c45
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079c45, 8)== ord('p'))
condition = Operators.AND(condition, cpu.read_int(0x8079c46, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079c47)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JO_5_symbolic(self):
''' Instruction JO_5
Groups: jump
0x8079cde: jo 0x8079ce3
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079cde] = 'p'
mem[0x8079cdf] = '\x03'
cpu.EIP = 0x8079cde
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079cde, 8)== ord('p'))
condition = Operators.AND(condition, cpu.read_int(0x8079cdf, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079ce0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JO_6_symbolic(self):
''' Instruction JO_6
Groups: jump
0x8079ca8: jo 0x8079cad
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079ca8] = 'p'
mem[0x8079ca9] = '\x03'
cpu.EIP = 0x8079ca8
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079ca8, 8)== ord('p'))
condition = Operators.AND(condition, cpu.read_int(0x8079ca9, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079caa)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JO_7_symbolic(self):
''' Instruction JO_7
Groups: jump
0x8079c3c: jo 0x8079c41
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079c3c] = 'p'
mem[0x8079c3d] = '\x03'
cpu.EIP = 0x8079c3c
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079c3c, 8)== ord('p'))
condition = Operators.AND(condition, cpu.read_int(0x8079c3d, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079c3e)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JO_8_symbolic(self):
''' Instruction JO_8
Groups: jump
0x8079c84: jo 0x8079c89
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079c84] = 'p'
mem[0x8079c85] = '\x03'
cpu.EIP = 0x8079c84
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079c84, 8)== ord('p'))
condition = Operators.AND(condition, cpu.read_int(0x8079c85, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079c86)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JO_9_symbolic(self):
''' Instruction JO_9
Groups: jump
0x8079d26: jo 0x8079d2b
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079d26] = 'p'
mem[0x8079d27] = '\x03'
cpu.EIP = 0x8079d26
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079d26, 8)== ord('p'))
condition = Operators.AND(condition, cpu.read_int(0x8079d27, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079d28)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JP_1_symbolic(self):
''' Instruction JP_1
Groups: jump
0x807b2ab: jp 0x807b2b0
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b2ab] = 'z'
mem[0x807b2ac] = '\x03'
cpu.EIP = 0x807b2ab
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b2ab, 8)== ord('z'))
condition = Operators.AND(condition, cpu.read_int(0x807b2ac, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b2ad)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JP_10_symbolic(self):
''' Instruction JP_10
Groups: jump
0xf7ff3cc2: jp 0xf7ff3ced
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3cc2] = 'z'
mem[0xf7ff3cc3] = ')'
cpu.EIP = 0xf7ff3cc2
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3cc2, 8)== ord('z'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3cc3, 8)== ord(')'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3cc4)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JP_11_symbolic(self):
''' Instruction JP_11
Groups: jump
0x8079887: jp 0x807988c
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079888] = '\x03'
mem[0x8079887] = 'z'
cpu.EIP = 0x8079887
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079888, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x8079887, 8)== ord('z'))
condition = Operators.AND(condition, cpu.EIP == 0x807988c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JP_12_symbolic(self):
''' Instruction JP_12
Groups: jump
0x80797d3: jp 0x80797d8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x80797d3] = 'z'
mem[0x80797d4] = '\x03'
cpu.EIP = 0x80797d3
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80797d3, 8)== ord('z'))
condition = Operators.AND(condition, cpu.read_int(0x80797d4, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x80797d8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JP_13_symbolic(self):
''' Instruction JP_13
Groups: jump
0x807b299: jp 0x807b29e
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b299] = 'z'
mem[0x807b29a] = '\x03'
cpu.EIP = 0x807b299
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b299, 8)== ord('z'))
condition = Operators.AND(condition, cpu.read_int(0x807b29a, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b29e)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JP_14_symbolic(self):
''' Instruction JP_14
Groups: jump
0xf7ff3cc2: jp 0xf7ff3ced
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3cc2] = 'z'
mem[0xf7ff3cc3] = ')'
cpu.EIP = 0xf7ff3cc2
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3cc2, 8)== ord('z'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3cc3, 8)== ord(')'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3cc4)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JP_15_symbolic(self):
''' Instruction JP_15
Groups: jump
0x80797ca: jp 0x80797cf
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x80797ca] = 'z'
mem[0x80797cb] = '\x03'
cpu.EIP = 0x80797ca
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80797ca, 8)== ord('z'))
condition = Operators.AND(condition, cpu.read_int(0x80797cb, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x80797cc)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JP_16_symbolic(self):
''' Instruction JP_16
Groups: jump
0x80797dc: jp 0x80797e1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x80797dc] = 'z'
mem[0x80797dd] = '\x03'
cpu.EIP = 0x80797dc
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80797dc, 8)== ord('z'))
condition = Operators.AND(condition, cpu.read_int(0x80797dd, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x80797e1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JP_17_symbolic(self):
''' Instruction JP_17
Groups: jump
0x807b275: jp 0x807b27a
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b275] = 'z'
mem[0x807b276] = '\x03'
cpu.EIP = 0x807b275
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b275, 8)== ord('z'))
condition = Operators.AND(condition, cpu.read_int(0x807b276, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b27a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JP_18_symbolic(self):
''' Instruction JP_18
Groups: jump
0x807b2cf: jp 0x807b2d4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b2d0] = '\x03'
mem[0x807b2cf] = 'z'
cpu.EIP = 0x807b2cf
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b2d0, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x807b2cf, 8)== ord('z'))
condition = Operators.AND(condition, cpu.EIP == 0x807b2d1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JP_19_symbolic(self):
''' Instruction JP_19
Groups: jump
0x8079809: jp 0x807980e
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079809] = 'z'
mem[0x807980a] = '\x03'
cpu.EIP = 0x8079809
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079809, 8)== ord('z'))
condition = Operators.AND(condition, cpu.read_int(0x807980a, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807980b)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JP_2_symbolic(self):
''' Instruction JP_2
Groups: jump
0x8079782: jp 0x8079787
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079782] = 'z'
mem[0x8079783] = '\x03'
cpu.EIP = 0x8079782
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079782, 8)== ord('z'))
condition = Operators.AND(condition, cpu.read_int(0x8079783, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079784)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JP_20_symbolic(self):
''' Instruction JP_20
Groups: jump
0x80797e5: jp 0x80797ea
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x80797e5] = 'z'
mem[0x80797e6] = '\x03'
cpu.EIP = 0x80797e5
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80797e5, 8)== ord('z'))
condition = Operators.AND(condition, cpu.read_int(0x80797e6, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x80797e7)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JP_21_symbolic(self):
''' Instruction JP_21
Groups: jump
0x80797a6: jp 0x80797ab
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x80797a6] = 'z'
mem[0x80797a7] = '\x03'
cpu.EIP = 0x80797a6
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80797a6, 8)== ord('z'))
condition = Operators.AND(condition, cpu.read_int(0x80797a7, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x80797a8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JP_3_symbolic(self):
''' Instruction JP_3
Groups: jump
0x807b332: jp 0x807b337
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b332] = 'z'
mem[0x807b333] = '\x03'
cpu.EIP = 0x807b332
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b332, 8)== ord('z'))
condition = Operators.AND(condition, cpu.read_int(0x807b333, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b337)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JP_4_symbolic(self):
''' Instruction JP_4
Groups: jump
0x807b2d8: jp 0x807b2dd
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b2d8] = 'z'
mem[0x807b2d9] = '\x03'
cpu.EIP = 0x807b2d8
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b2d8, 8)== ord('z'))
condition = Operators.AND(condition, cpu.read_int(0x807b2d9, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b2da)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JP_5_symbolic(self):
''' Instruction JP_5
Groups: jump
0x8079875: jp 0x807987a
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079875] = 'z'
mem[0x8079876] = '\x03'
cpu.EIP = 0x8079875
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079875, 8)== ord('z'))
condition = Operators.AND(condition, cpu.read_int(0x8079876, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079877)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JP_6_symbolic(self):
''' Instruction JP_6
Groups: jump
0x807b248: jp 0x807b24d
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b248] = 'z'
mem[0x807b249] = '\x03'
cpu.EIP = 0x807b248
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b248, 8)== ord('z'))
condition = Operators.AND(condition, cpu.read_int(0x807b249, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b24a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JP_7_symbolic(self):
''' Instruction JP_7
Groups: jump
0x807b2fc: jp 0x807b301
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b2fc] = 'z'
mem[0x807b2fd] = '\x03'
cpu.EIP = 0x807b2fc
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b2fc, 8)== ord('z'))
condition = Operators.AND(condition, cpu.read_int(0x807b2fd, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b2fe)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JP_8_symbolic(self):
''' Instruction JP_8
Groups: jump
0x807b25a: jp 0x807b25f
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b25a] = 'z'
mem[0x807b25b] = '\x03'
cpu.EIP = 0x807b25a
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b25a, 8)== ord('z'))
condition = Operators.AND(condition, cpu.read_int(0x807b25b, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b25f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JP_9_symbolic(self):
''' Instruction JP_9
Groups: jump
0x807b320: jp 0x807b325
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b320] = 'z'
mem[0x807b321] = '\x03'
cpu.EIP = 0x807b320
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b320, 8)== ord('z'))
condition = Operators.AND(condition, cpu.read_int(0x807b321, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807b322)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JS_1_symbolic(self):
''' Instruction JS_1
Groups: jump
0x8079945: js 0x807994a
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079945] = 'x'
mem[0x8079946] = '\x03'
cpu.EIP = 0x8079945
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079945, 8)== ord('x'))
condition = Operators.AND(condition, cpu.read_int(0x8079946, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807994a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JS_10_symbolic(self):
''' Instruction JS_10
Groups: jump
0x8079921: js 0x8079926
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079921] = 'x'
mem[0x8079922] = '\x03'
cpu.EIP = 0x8079921
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079921, 8)== ord('x'))
condition = Operators.AND(condition, cpu.read_int(0x8079922, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079923)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JS_11_symbolic(self):
''' Instruction JS_11
Groups: jump
0xf7febaad: js 0xf7febaf0
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7feb000, 0x1000, 'rwx')
mem[0xf7febaad] = 'x'
mem[0xf7febaae] = 'A'
cpu.EIP = 0xf7febaad
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7febaad, 8)== ord('x'))
condition = Operators.AND(condition, cpu.read_int(0xf7febaae, 8)== ord('A'))
condition = Operators.AND(condition, cpu.EIP == 0xf7febaaf)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JS_12_symbolic(self):
''' Instruction JS_12
Groups: jump
0x80798ac: js 0x80798b1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x80798ac] = 'x'
mem[0x80798ad] = '\x03'
cpu.EIP = 0x80798ac
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80798ac, 8)== ord('x'))
condition = Operators.AND(condition, cpu.read_int(0x80798ad, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x80798ae)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JS_13_symbolic(self):
''' Instruction JS_13
Groups: jump
0x80798c7: js 0x80798cc
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x80798c8] = '\x03'
mem[0x80798c7] = 'x'
cpu.EIP = 0x80798c7
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80798c8, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x80798c7, 8)== ord('x'))
condition = Operators.AND(condition, cpu.EIP == 0x80798c9)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JS_14_symbolic(self):
''' Instruction JS_14
Groups: jump
0xf7febac9: js 0xf7febad5
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7feb000, 0x1000, 'rwx')
mem[0xf7febac9] = 'x'
mem[0xf7febaca] = '\n'
cpu.EIP = 0xf7febac9
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7febac9, 8)== ord('x'))
condition = Operators.AND(condition, cpu.read_int(0xf7febaca, 8)== ord('\n'))
condition = Operators.AND(condition, cpu.EIP == 0xf7febacb)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JS_15_symbolic(self):
''' Instruction JS_15
Groups: jump
0xf7ff07ca: js 0xf7ff0838
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff07ca] = 'x'
mem[0xf7ff07cb] = 'l'
cpu.EIP = 0xf7ff07ca
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff07ca, 8)== ord('x'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff07cb, 8)== ord('l'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff07cc)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JS_16_symbolic(self):
''' Instruction JS_16
Groups: jump
0xf7fe3ff8: js 0xf7fe4a54
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe3000, 0x1000, 'rwx')
mem[0xf7fe3ff8] = '\x0f'
mem[0xf7fe3ff9] = '\x88'
mem[0xf7fe3ffa] = 'V'
mem[0xf7fe3ffb] = '\n'
mem[0xf7fe3ffc] = '\x00'
mem[0xf7fe3ffd] = '\x00'
cpu.EIP = 0xf7fe3ff8
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe3ff8, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe3ff9, 8)== ord('\x88'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe3ffa, 8)== ord('V'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe3ffb, 8)== ord('\n'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe3ffc, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe3ffd, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe3ffe)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JS_17_symbolic(self):
''' Instruction JS_17
Groups: jump
0x80799b1: js 0x80799b6
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x80799b1] = 'x'
mem[0x80799b2] = '\x03'
cpu.EIP = 0x80799b1
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80799b1, 8)== ord('x'))
condition = Operators.AND(condition, cpu.read_int(0x80799b2, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x80799b6)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JS_18_symbolic(self):
''' Instruction JS_18
Groups: jump
0xf7fde25f: js 0xf7fe0077
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fde000, 0x1000, 'rwx')
mem[0xf7fde260] = '\x88'
mem[0xf7fde261] = '\x12'
mem[0xf7fde262] = '\x1e'
mem[0xf7fde263] = '\x00'
mem[0xf7fde264] = '\x00'
mem[0xf7fde25f] = '\x0f'
cpu.EIP = 0xf7fde25f
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fde260, 8)== ord('\x88'))
condition = Operators.AND(condition, cpu.read_int(0xf7fde261, 8)== ord('\x12'))
condition = Operators.AND(condition, cpu.read_int(0xf7fde262, 8)== ord('\x1e'))
condition = Operators.AND(condition, cpu.read_int(0xf7fde263, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fde264, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fde25f, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fde265)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JS_19_symbolic(self):
''' Instruction JS_19
Groups: jump
0x8079906: js 0x807990b
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079906] = 'x'
mem[0x8079907] = '\x03'
cpu.EIP = 0x8079906
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079906, 8)== ord('x'))
condition = Operators.AND(condition, cpu.read_int(0x8079907, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079908)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JS_2_symbolic(self):
''' Instruction JS_2
Groups: jump
0xf7fe1dae: js 0xf7fe2be9
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe1000, 0x1000, 'rwx')
mem[0xf7fe1dae] = '\x0f'
mem[0xf7fe1daf] = '\x88'
mem[0xf7fe1db0] = '5'
mem[0xf7fe1db1] = '\x0e'
mem[0xf7fe1db2] = '\x00'
mem[0xf7fe1db3] = '\x00'
cpu.EIP = 0xf7fe1dae
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe1dae, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe1daf, 8)== ord('\x88'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe1db0, 8)== ord('5'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe1db1, 8)== ord('\x0e'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe1db2, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe1db3, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe1db4)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JS_20_symbolic(self):
''' Instruction JS_20
Groups: jump
0x80799ba: js 0x80799bf
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x80799ba] = 'x'
mem[0x80799bb] = '\x03'
cpu.EIP = 0x80799ba
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80799ba, 8)== ord('x'))
condition = Operators.AND(condition, cpu.read_int(0x80799bb, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x80799bf)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JS_21_symbolic(self):
''' Instruction JS_21
Groups: jump
0x807992a: js 0x807992f
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x807992a] = 'x'
mem[0x807992b] = '\x03'
cpu.EIP = 0x807992a
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807992a, 8)== ord('x'))
condition = Operators.AND(condition, cpu.read_int(0x807992b, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807992c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JS_3_symbolic(self):
''' Instruction JS_3
Groups: jump
0x8079972: js 0x8079977
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079972] = 'x'
mem[0x8079973] = '\x03'
cpu.EIP = 0x8079972
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079972, 8)== ord('x'))
condition = Operators.AND(condition, cpu.read_int(0x8079973, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079977)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JS_4_symbolic(self):
''' Instruction JS_4
Groups: jump
0x807990f: js 0x8079914
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079910] = '\x03'
mem[0x807990f] = 'x'
cpu.EIP = 0x807990f
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079910, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x807990f, 8)== ord('x'))
condition = Operators.AND(condition, cpu.EIP == 0x8079911)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JS_5_symbolic(self):
''' Instruction JS_5
Groups: jump
0x807993c: js 0x8079941
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x807993c] = 'x'
mem[0x807993d] = '\x03'
cpu.EIP = 0x807993c
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807993c, 8)== ord('x'))
condition = Operators.AND(condition, cpu.read_int(0x807993d, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079941)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JS_6_symbolic(self):
''' Instruction JS_6
Groups: jump
0x8079984: js 0x8079989
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079984] = 'x'
mem[0x8079985] = '\x03'
cpu.EIP = 0x8079984
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079984, 8)== ord('x'))
condition = Operators.AND(condition, cpu.read_int(0x8079985, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8079989)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JS_7_symbolic(self):
''' Instruction JS_7
Groups: jump
0xf7eaa01c: js 0xf7eaa0f5
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa020] = '\x00'
mem[0xf7eaa021] = '\x00'
mem[0xf7eaa01c] = '\x0f'
mem[0xf7eaa01d] = '\x88'
mem[0xf7eaa01e] = '\xd3'
mem[0xf7eaa01f] = '\x00'
cpu.EIP = 0xf7eaa01c
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7eaa020, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa021, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa01c, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa01d, 8)== ord('\x88'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa01e, 8)== ord('\xd3'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa01f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7eaa022)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JS_8_symbolic(self):
''' Instruction JS_8
Groups: jump
0x8079957: js 0x807995c
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079958] = '\x03'
mem[0x8079957] = 'x'
cpu.EIP = 0x8079957
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079958, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x8079957, 8)== ord('x'))
condition = Operators.AND(condition, cpu.EIP == 0x807995c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_JS_9_symbolic(self):
''' Instruction JS_9
Groups: jump
0x80798e2: js 0x80798e7
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x80798e2] = 'x'
mem[0x80798e3] = '\x03'
cpu.EIP = 0x80798e2
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80798e2, 8)== ord('x'))
condition = Operators.AND(condition, cpu.read_int(0x80798e3, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x80798e4)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_LAHF_1_symbolic(self):
''' Instruction LAHF_1
Groups:
0x804d64c: lahf
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x804d64c] = '\x9f'
cpu.EIP = 0x804d64c
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.AH = cs.new_bitvec(8)
cs.add(cpu.AH == 0xb6)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804d64c, 8)== ord('\x9f'))
condition = Operators.AND(condition, cpu.EIP == 0x804d64d)
condition = Operators.AND(condition, cpu.AH == 0x46)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_LEAVE_1_symbolic(self):
''' Instruction LEAVE_1
Groups: not64bitmode
0x805668e: leave
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08056000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x2000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffc602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffc603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffc604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffc605)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffc606)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffc607)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffc608)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffc609)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffc60a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x805668e] = '\xc9'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb5fc)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb5fd)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb5fe)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb5ff)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0x805668e
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffc606)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffc602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffc603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffc604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffc605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffc606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffc607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffc608, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffc609, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffc60a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805668e, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb5fc, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb5fd, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb5fe, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb5ff, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x805668f)
condition = Operators.AND(condition, cpu.EBP == 0x0)
condition = Operators.AND(condition, cpu.ESP == 0xffffb604)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_LEA_1_symbolic(self):
''' Instruction LEA_1
Groups: not64bitmode
0xf7e2ea34: lea edx, dword ptr [ebx + 0x40]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e2e000, 0x1000, 'rwx')
mem.mmap(0xf7fc0000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fc0040)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fc0041)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fc0042)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fc0043)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7e2ea34] = '\x8d'
mem[0xf7e2ea35] = '\x93'
mem[0xf7e2ea36] = '@'
mem[0xf7e2ea37] = '\x00'
mem[0xf7e2ea38] = '\x00'
mem[0xf7e2ea39] = '\x00'
cpu.EIP = 0xf7e2ea34
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.EBX = cs.new_bitvec(32)
cs.add(cpu.EBX == 0xf7fc0000)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fc0040, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fc0041, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fc0042, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fc0043, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e2ea34, 8)== ord('\x8d'))
condition = Operators.AND(condition, cpu.read_int(0xf7e2ea35, 8)== ord('\x93'))
condition = Operators.AND(condition, cpu.read_int(0xf7e2ea36, 8)== ord('@'))
condition = Operators.AND(condition, cpu.read_int(0xf7e2ea37, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e2ea38, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e2ea39, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7e2ea3a)
condition = Operators.AND(condition, cpu.EDX == 0xf7fc0040)
condition = Operators.AND(condition, cpu.EBX == 0xf7fc0000)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_LEA_10_symbolic(self):
''' Instruction LEA_10
Groups: not64bitmode
0xf7fe54ab: lea eax, dword ptr [esp + 0x48]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd33b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd338)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd339)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd33a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fe54ab] = '\x8d'
mem[0xf7fe54ac] = 'D'
mem[0xf7fe54ad] = '$'
mem[0xf7fe54ae] = 'H'
cpu.EIP = 0xf7fe54ab
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x741)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2f0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd33b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd338, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd339, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd33a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54ab, 8)== ord('\x8d'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54ac, 8)== ord('D'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54ad, 8)== ord('$'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54ae, 8)== ord('H'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe54af)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2f0)
condition = Operators.AND(condition, cpu.EAX == 0xffffd338)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_LEA_11_symbolic(self):
''' Instruction LEA_11
Groups: not64bitmode
0xf7fe54a8: lea esi, dword ptr [edx + eax*4]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e17000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54a8] = '\x8d'
mem[0xf7fe54a9] = '4'
mem[0xf7fe54aa] = '\x82'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e17598)
value = cs.new_bitvec(8)
cs.add(value == 0x32)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e17599)
value = cs.new_bitvec(8)
cs.add(value == 0x26)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e1759a)
value = cs.new_bitvec(8)
cs.add(value == 0x9e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e1759b)
value = cs.new_bitvec(8)
cs.add(value == 0x7c)
mem[addr] = value
cpu.EIP = 0xf7fe54a8
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7e1696c)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7fda858)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x30b)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe54a8, 8)== ord('\x8d'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54a9, 8)== ord('4'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54aa, 8)== ord('\x82'))
condition = Operators.AND(condition, cpu.read_int(0xf7e17598, 8)== ord('2'))
condition = Operators.AND(condition, cpu.read_int(0xf7e17599, 8)== ord('&'))
condition = Operators.AND(condition, cpu.read_int(0xf7e1759a, 8)== ord('\x9e'))
condition = Operators.AND(condition, cpu.read_int(0xf7e1759b, 8)== ord('|'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe54ab)
condition = Operators.AND(condition, cpu.EDX == 0xf7e1696c)
condition = Operators.AND(condition, cpu.ESI == 0xf7e17598)
condition = Operators.AND(condition, cpu.EAX == 0x30b)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_LEA_12_symbolic(self):
''' Instruction LEA_12
Groups: not64bitmode
0xf7fe4e78: lea eax, dword ptr [ebx - 0x55d4]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xf7ff7000, 0x1000, 'rwx')
mem[0xf7fe4e7c] = '\xff'
mem[0xf7fe4e7d] = '\xff'
mem[0xf7fe4e78] = '\x8d'
mem[0xf7fe4e79] = '\x83'
mem[0xf7fe4e7a] = ','
mem[0xf7fe4e7b] = '\xaa'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff7a2c)
value = cs.new_bitvec(8)
cs.add(value == 0x73)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff7a2d)
value = cs.new_bitvec(8)
cs.add(value == 0x79)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff7a2e)
value = cs.new_bitvec(8)
cs.add(value == 0x6d)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff7a2f)
value = cs.new_bitvec(8)
cs.add(value == 0x62)
mem[addr] = value
cpu.EIP = 0xf7fe4e78
cpu.EBX = cs.new_bitvec(32)
cs.add(cpu.EBX == 0xf7ffd000)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x4802c4e)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4e7c, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4e7d, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4e78, 8)== ord('\x8d'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4e79, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4e7a, 8)== ord(','))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4e7b, 8)== ord('\xaa'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff7a2c, 8)== ord('s'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff7a2d, 8)== ord('y'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff7a2e, 8)== ord('m'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff7a2f, 8)== ord('b'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4e7e)
condition = Operators.AND(condition, cpu.EBX == 0xf7ffd000)
condition = Operators.AND(condition, cpu.EAX == 0xf7ff7a2c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_LEA_13_symbolic(self):
''' Instruction LEA_13
Groups: not64bitmode
0xf7fe5705: lea ecx, dword ptr [ebp - 0x48]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe5705] = '\x8d'
mem[0xf7fe5706] = 'M'
mem[0xf7fe5707] = '\xb8'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f0)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f1)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f2)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f3)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0xf7fe5705
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd438)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf7fdaba8)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe5705, 8)== ord('\x8d'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe5706, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe5707, 8)== ord('\xb8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f0, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f1, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f2, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f3, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe5708)
condition = Operators.AND(condition, cpu.EBP == 0xffffd438)
condition = Operators.AND(condition, cpu.ECX == 0xffffd3f0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_LEA_14_symbolic(self):
''' Instruction LEA_14
Groups: not64bitmode
0xf7fe894c: lea edi, dword ptr [esp + 0x1f]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe8000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd440)
value = cs.new_bitvec(8)
cs.add(value == 0x38)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd441)
value = cs.new_bitvec(8)
cs.add(value == 0x18)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd442)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fe894c] = '\x8d'
mem[0xf7fe894d] = '|'
mem[0xf7fe894e] = '$'
mem[0xf7fe894f] = '\x1f'
cpu.EIP = 0xf7fe894c
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x0)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd420)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd440, 8)== ord('8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd441, 8)== ord('\x18'))
condition = Operators.AND(condition, cpu.read_int(0xffffd442, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe894c, 8)== ord('\x8d'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe894d, 8)== ord('|'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe894e, 8)== ord('$'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe894f, 8)== ord('\x1f'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe8950)
condition = Operators.AND(condition, cpu.EDI == 0xffffd43f)
condition = Operators.AND(condition, cpu.ESP == 0xffffd420)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_LEA_15_symbolic(self):
''' Instruction LEA_15
Groups: not64bitmode
0xf7fe54a8: lea esi, dword ptr [edx + eax*4]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e18000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54a8] = '\x8d'
mem[0xf7fe54a9] = '4'
mem[0xf7fe54aa] = '\x82'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e182ac)
value = cs.new_bitvec(8)
cs.add(value == 0x58)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e182ad)
value = cs.new_bitvec(8)
cs.add(value == 0x5)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e182ae)
value = cs.new_bitvec(8)
cs.add(value == 0x26)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e182af)
value = cs.new_bitvec(8)
cs.add(value == 0x87)
mem[addr] = value
cpu.EIP = 0xf7fe54a8
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7e1696c)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7fda858)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x650)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe54a8, 8)== ord('\x8d'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54a9, 8)== ord('4'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54aa, 8)== ord('\x82'))
condition = Operators.AND(condition, cpu.read_int(0xf7e182ac, 8)== ord('X'))
condition = Operators.AND(condition, cpu.read_int(0xf7e182ad, 8)== ord('\x05'))
condition = Operators.AND(condition, cpu.read_int(0xf7e182ae, 8)== ord('&'))
condition = Operators.AND(condition, cpu.read_int(0xf7e182af, 8)== ord('\x87'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe54ab)
condition = Operators.AND(condition, cpu.EDX == 0xf7e1696c)
condition = Operators.AND(condition, cpu.ESI == 0xf7e182ac)
condition = Operators.AND(condition, cpu.EAX == 0x650)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_LEA_16_symbolic(self):
''' Instruction LEA_16
Groups: not64bitmode
0xf7fe0b41: lea edx, dword ptr [edi + ebx]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe0000, 0x1000, 'rwx')
mem[0xf7fe0b41] = '\x8d'
mem[0xf7fe0b42] = '\x14'
mem[0xf7fe0b43] = '\x1f'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fe0b98)
value = cs.new_bitvec(8)
cs.add(value == 0x8b)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fe0b99)
value = cs.new_bitvec(8)
cs.add(value == 0x75)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fe0b9a)
value = cs.new_bitvec(8)
cs.add(value == 0xd0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fe0b9b)
value = cs.new_bitvec(8)
cs.add(value == 0x89)
mem[addr] = value
cpu.EIP = 0xf7fe0b41
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x2)
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xfffe3b98)
cpu.EBX = cs.new_bitvec(32)
cs.add(cpu.EBX == 0xf7ffd000)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe0b41, 8)== ord('\x8d'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe0b42, 8)== ord('\x14'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe0b43, 8)== ord('\x1f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe0b98, 8)== ord('\x8b'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe0b99, 8)== ord('u'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe0b9a, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe0b9b, 8)== ord('\x89'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe0b44)
condition = Operators.AND(condition, cpu.EDX == 0xf7fe0b98)
condition = Operators.AND(condition, cpu.EDI == 0xfffe3b98)
condition = Operators.AND(condition, cpu.EBX == 0xf7ffd000)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_LEA_17_symbolic(self):
''' Instruction LEA_17
Groups: not64bitmode
0xf7eaa0d0: lea ecx, dword ptr [edi + eax*8]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem.mmap(0xf7f71000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7f714c8)
value = cs.new_bitvec(8)
cs.add(value == 0x8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7f714c9)
value = cs.new_bitvec(8)
cs.add(value == 0x4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7f714ca)
value = cs.new_bitvec(8)
cs.add(value == 0x20)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7f714cb)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7eaa0d0] = '\x8d'
mem[0xf7eaa0d1] = '\x0c'
mem[0xf7eaa0d2] = '\xc7'
cpu.EIP = 0xf7eaa0d0
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7f714c0)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf7f714d0)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x1)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7f714c8, 8)== ord('\x08'))
condition = Operators.AND(condition, cpu.read_int(0xf7f714c9, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.read_int(0xf7f714ca, 8)== ord(' '))
condition = Operators.AND(condition, cpu.read_int(0xf7f714cb, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa0d0, 8)== ord('\x8d'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa0d1, 8)== ord('\x0c'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa0d2, 8)== ord('\xc7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7eaa0d3)
condition = Operators.AND(condition, cpu.EAX == 0x1)
condition = Operators.AND(condition, cpu.EDI == 0xf7f714c0)
condition = Operators.AND(condition, cpu.ECX == 0xf7f714c8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_LEA_18_symbolic(self):
''' Instruction LEA_18
Groups: not64bitmode
0xf7fe57e8: lea esp, dword ptr [ebp - 0xc]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe57e8] = '\x8d'
mem[0xf7fe57e9] = 'e'
mem[0xf7fe57ea] = '\xf4'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd42c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd42d)
value = cs.new_bitvec(8)
cs.add(value == 0xd0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd42e)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd42f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe57e8
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd438)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd380)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe57e8, 8)== ord('\x8d'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57e9, 8)== ord('e'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57ea, 8)== ord('\xf4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd42c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd42d, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xffffd42e, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd42f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe57eb)
condition = Operators.AND(condition, cpu.EBP == 0xffffd438)
condition = Operators.AND(condition, cpu.ESP == 0xffffd42c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_LEA_19_symbolic(self):
''' Instruction LEA_19
Groups: not64bitmode
0xf7fe8aea: lea eax, dword ptr [ebp - 0x34]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe8000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4c4)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4c5)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4c6)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4c7)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fe8aea] = '\x8d'
mem[0xf7fe8aeb] = 'E'
mem[0xf7fe8aec] = '\xcc'
cpu.EIP = 0xf7fe8aea
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd4f8)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd4c4, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4c5, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4c6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4c7, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe8aea, 8)== ord('\x8d'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe8aeb, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe8aec, 8)== ord('\xcc'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe8aed)
condition = Operators.AND(condition, cpu.EBP == 0xffffd4f8)
condition = Operators.AND(condition, cpu.EAX == 0xffffd4c4)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_LEA_2_symbolic(self):
''' Instruction LEA_2
Groups: not64bitmode
0xf7fe5705: lea ecx, dword ptr [ebp - 0x48]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe5705] = '\x8d'
mem[0xf7fe5706] = 'M'
mem[0xf7fe5707] = '\xb8'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f0)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f1)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f2)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f3)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0xf7fe5705
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd438)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf7fdaba8)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe5705, 8)== ord('\x8d'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe5706, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe5707, 8)== ord('\xb8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f0, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f1, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f2, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f3, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe5708)
condition = Operators.AND(condition, cpu.EBP == 0xffffd438)
condition = Operators.AND(condition, cpu.ECX == 0xffffd3f0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_LEA_20_symbolic(self):
''' Instruction LEA_20
Groups: not64bitmode
0xf7fe5705: lea ecx, dword ptr [ebp - 0x48]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe5705] = '\x8d'
mem[0xf7fe5706] = 'M'
mem[0xf7fe5707] = '\xb8'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f0)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f1)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f2)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f3)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0xf7fe5705
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd438)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf7fdaba8)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe5705, 8)== ord('\x8d'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe5706, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe5707, 8)== ord('\xb8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f0, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f1, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f2, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f3, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe5708)
condition = Operators.AND(condition, cpu.EBP == 0xffffd438)
condition = Operators.AND(condition, cpu.ECX == 0xffffd3f0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_LEA_21_symbolic(self):
''' Instruction LEA_21
Groups: not64bitmode
0xf7fe570b: lea ecx, dword ptr [ebp - 0x50]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe570b] = '\x8d'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3e8)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3e9)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3ea)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3eb)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
mem[0xf7fe570c] = 'M'
mem[0xf7fe570d] = '\xb0'
cpu.EIP = 0xf7fe570b
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd438)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xffffd3f0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd3eb, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3e8, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3e9, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3ea, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe570b, 8)== ord('\x8d'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe570c, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe570d, 8)== ord('\xb0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe570e)
condition = Operators.AND(condition, cpu.EBP == 0xffffd438)
condition = Operators.AND(condition, cpu.ECX == 0xffffd3e8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_LEA_3_symbolic(self):
''' Instruction LEA_3
Groups: not64bitmode
0xf7fe54a8: lea esi, dword ptr [edx + eax*4]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e18000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54a8] = '\x8d'
mem[0xf7fe54a9] = '4'
mem[0xf7fe54aa] = '\x82'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e18c0b)
value = cs.new_bitvec(8)
cs.add(value == 0xa2)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e18c08)
value = cs.new_bitvec(8)
cs.add(value == 0xc0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e18c09)
value = cs.new_bitvec(8)
cs.add(value == 0xf0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e18c0a)
value = cs.new_bitvec(8)
cs.add(value == 0x2f)
mem[addr] = value
cpu.EIP = 0xf7fe54a8
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7e1696c)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7fda858)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x8a7)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e18c08, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0xf7e18c09, 8)== ord('\xf0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54aa, 8)== ord('\x82'))
condition = Operators.AND(condition, cpu.read_int(0xf7e18c0b, 8)== ord('\xa2'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54a8, 8)== ord('\x8d'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54a9, 8)== ord('4'))
condition = Operators.AND(condition, cpu.read_int(0xf7e18c0a, 8)== ord('/'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe54ab)
condition = Operators.AND(condition, cpu.EDX == 0xf7e1696c)
condition = Operators.AND(condition, cpu.ESI == 0xf7e18c08)
condition = Operators.AND(condition, cpu.EAX == 0x8a7)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_LEA_4_symbolic(self):
''' Instruction LEA_4
Groups: not64bitmode
0xf7fe72c4: lea eax, dword ptr [ebp - 0x44]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe72c4] = '\x8d'
mem[0xf7fe72c5] = 'E'
mem[0xf7fe72c6] = '\xbc'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4b4)
value = cs.new_bitvec(8)
cs.add(value == 0x94)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4b5)
value = cs.new_bitvec(8)
cs.add(value == 0x9c)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4b6)
value = cs.new_bitvec(8)
cs.add(value == 0xe1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4b7)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe72c4
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd4f8)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe72c4, 8)== ord('\x8d'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72c5, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72c6, 8)== ord('\xbc'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4b4, 8)== ord('\x94'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4b5, 8)== ord('\x9c'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4b6, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4b7, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe72c7)
condition = Operators.AND(condition, cpu.EBP == 0xffffd4f8)
condition = Operators.AND(condition, cpu.EAX == 0xffffd4b4)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_LEA_5_symbolic(self):
''' Instruction LEA_5
Groups: not64bitmode
0xf7fe5705: lea ecx, dword ptr [ebp - 0x48]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe5705] = '\x8d'
mem[0xf7fe5706] = 'M'
mem[0xf7fe5707] = '\xb8'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f0)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f1)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f2)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f3)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0xf7fe5705
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd438)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf7fdaba8)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe5705, 8)== ord('\x8d'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe5706, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe5707, 8)== ord('\xb8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f0, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f1, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f2, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f3, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe5708)
condition = Operators.AND(condition, cpu.EBP == 0xffffd438)
condition = Operators.AND(condition, cpu.ECX == 0xffffd3f0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_LEA_6_symbolic(self):
''' Instruction LEA_6
Groups: not64bitmode
0xf7fdd6c8: lea eax, dword ptr [ebx + eax - 0x8880]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fdd000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff4780)
value = cs.new_bitvec(8)
cs.add(value == 0x2f)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff4781)
value = cs.new_bitvec(8)
cs.add(value == 0x76)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff4782)
value = cs.new_bitvec(8)
cs.add(value == 0x61)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff4783)
value = cs.new_bitvec(8)
cs.add(value == 0x72)
mem[addr] = value
mem[0xf7fdd6c8] = '\x8d'
mem[0xf7fdd6c9] = '\x84'
mem[0xf7fdd6ca] = '\x03'
mem[0xf7fdd6cb] = '\x80'
mem[0xf7fdd6cc] = 'w'
mem[0xf7fdd6cd] = '\xff'
mem[0xf7fdd6ce] = '\xff'
cpu.EIP = 0xf7fdd6c8
cpu.EBX = cs.new_bitvec(32)
cs.add(cpu.EBX == 0xf7ffd000)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff4780, 8)== ord('/'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff4781, 8)== ord('v'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff4782, 8)== ord('a'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff4783, 8)== ord('r'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdd6c8, 8)== ord('\x8d'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdd6c9, 8)== ord('\x84'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdd6ca, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdd6cb, 8)== ord('\x80'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdd6cc, 8)== ord('w'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdd6cd, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdd6ce, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fdd6cf)
condition = Operators.AND(condition, cpu.EBX == 0xf7ffd000)
condition = Operators.AND(condition, cpu.EAX == 0xf7ff4780)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_LEA_7_symbolic(self):
''' Instruction LEA_7
Groups: not64bitmode
0xf7fe4e78: lea eax, dword ptr [ebx - 0x55d4]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xf7ff7000, 0x1000, 'rwx')
mem[0xf7fe4e7c] = '\xff'
mem[0xf7fe4e7d] = '\xff'
mem[0xf7fe4e78] = '\x8d'
mem[0xf7fe4e79] = '\x83'
mem[0xf7fe4e7a] = ','
mem[0xf7fe4e7b] = '\xaa'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff7a2c)
value = cs.new_bitvec(8)
cs.add(value == 0x73)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff7a2d)
value = cs.new_bitvec(8)
cs.add(value == 0x79)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff7a2e)
value = cs.new_bitvec(8)
cs.add(value == 0x6d)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff7a2f)
value = cs.new_bitvec(8)
cs.add(value == 0x62)
mem[addr] = value
cpu.EIP = 0xf7fe4e78
cpu.EBX = cs.new_bitvec(32)
cs.add(cpu.EBX == 0xf7ffd000)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x830aab)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4e7c, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4e7d, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4e78, 8)== ord('\x8d'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4e79, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4e7a, 8)== ord(','))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4e7b, 8)== ord('\xaa'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff7a2c, 8)== ord('s'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff7a2d, 8)== ord('y'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff7a2e, 8)== ord('m'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff7a2f, 8)== ord('b'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4e7e)
condition = Operators.AND(condition, cpu.EBX == 0xf7ffd000)
condition = Operators.AND(condition, cpu.EAX == 0xf7ff7a2c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_LEA_8_symbolic(self):
''' Instruction LEA_8
Groups: not64bitmode
0xf7ff0e47: lea edx, dword ptr [ecx + ebx]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff0e47] = '\x8d'
mem[0xf7ff0e48] = '\x14'
mem[0xf7ff0e49] = '\x19'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff0e58)
value = cs.new_bitvec(8)
cs.add(value == 0x83)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff0e59)
value = cs.new_bitvec(8)
cs.add(value == 0xc0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff0e5a)
value = cs.new_bitvec(8)
cs.add(value == 0x8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff0e5b)
value = cs.new_bitvec(8)
cs.add(value == 0x8b)
mem[addr] = value
cpu.EIP = 0xf7ff0e47
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x1c)
cpu.EBX = cs.new_bitvec(32)
cs.add(cpu.EBX == 0xf7ffd000)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xffff3e58)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff0e47, 8)== ord('\x8d'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0e48, 8)== ord('\x14'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0e49, 8)== ord('\x19'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0e58, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0e59, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0e5a, 8)== ord('\x08'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0e5b, 8)== ord('\x8b'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff0e4a)
condition = Operators.AND(condition, cpu.EDX == 0xf7ff0e58)
condition = Operators.AND(condition, cpu.EBX == 0xf7ffd000)
condition = Operators.AND(condition, cpu.ECX == 0xffff3e58)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_LEA_9_symbolic(self):
''' Instruction LEA_9
Groups: not64bitmode
0xf7fe57e8: lea esp, dword ptr [ebp - 0xc]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe57e8] = '\x8d'
mem[0xf7fe57e9] = 'e'
mem[0xf7fe57ea] = '\xf4'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd42c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd42d)
value = cs.new_bitvec(8)
cs.add(value == 0xd0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd42e)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd42f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe57e8
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd438)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd380)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe57e8, 8)== ord('\x8d'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57e9, 8)== ord('e'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57ea, 8)== ord('\xf4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd42c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd42d, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xffffd42e, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd42f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe57eb)
condition = Operators.AND(condition, cpu.EBP == 0xffffd438)
condition = Operators.AND(condition, cpu.ESP == 0xffffd42c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_LODSB_1_symbolic(self):
''' Instruction LODSB_1
Groups:
0x8070436: lodsb al, byte ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0x0807e000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0x807e042)
value = cs.new_bitvec(8)
cs.add(value == 0x1e)
mem[addr] = value
mem[0x8070436] = '\xac'
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0x8070436
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x0)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0x807e042)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807e042, 8)== ord('\x1e'))
condition = Operators.AND(condition, cpu.read_int(0x8070436, 8)== ord('\xac'))
condition = Operators.AND(condition, cpu.EIP == 0x8070437)
condition = Operators.AND(condition, cpu.AL == 0x1e)
condition = Operators.AND(condition, cpu.ESI == 0x807e043)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_LODSD_1_symbolic(self):
''' Instruction LODSD_1
Groups:
0x8070439: lodsd eax, dword ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0x0807e000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0x807e048)
value = cs.new_bitvec(8)
cs.add(value == 0xe5)
mem[addr] = value
mem[0x8070439] = '\xad'
addr = cs.new_bitvec(32)
cs.add(addr == 0x807e045)
value = cs.new_bitvec(8)
cs.add(value == 0x51)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x807e046)
value = cs.new_bitvec(8)
cs.add(value == 0x1e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x807e047)
value = cs.new_bitvec(8)
cs.add(value == 0xe5)
mem[addr] = value
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0x8070439
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0x807e045)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xe5e5)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807e048, 8)== ord('\xe5'))
condition = Operators.AND(condition, cpu.read_int(0x8070439, 8)== ord('\xad'))
condition = Operators.AND(condition, cpu.read_int(0x807e045, 8)== ord('Q'))
condition = Operators.AND(condition, cpu.read_int(0x807e046, 8)== ord('\x1e'))
condition = Operators.AND(condition, cpu.read_int(0x807e047, 8)== ord('\xe5'))
condition = Operators.AND(condition, cpu.EIP == 0x807043a)
condition = Operators.AND(condition, cpu.ESI == 0x807e049)
condition = Operators.AND(condition, cpu.EAX == 0xe5e51e51)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_LODSW_1_symbolic(self):
''' Instruction LODSW_1
Groups:
0x8070437: lodsw ax, word ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0x0807e000, 0x1000, 'rwx')
mem[0x8070438] = '\xad'
addr = cs.new_bitvec(32)
cs.add(addr == 0x807e043)
value = cs.new_bitvec(8)
cs.add(value == 0xe5)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x807e044)
value = cs.new_bitvec(8)
cs.add(value == 0xe5)
mem[addr] = value
mem[0x8070437] = 'f'
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0x8070437
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0x807e043)
cpu.AX = cs.new_bitvec(16)
cs.add(cpu.AX == 0x1e)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8070438, 8)== ord('\xad'))
condition = Operators.AND(condition, cpu.read_int(0x807e043, 8)== ord('\xe5'))
condition = Operators.AND(condition, cpu.read_int(0x807e044, 8)== ord('\xe5'))
condition = Operators.AND(condition, cpu.read_int(0x8070437, 8)== ord('f'))
condition = Operators.AND(condition, cpu.EIP == 0x8070439)
condition = Operators.AND(condition, cpu.ESI == 0x807e045)
condition = Operators.AND(condition, cpu.AX == 0xe5e5)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_LSL_1_symbolic(self):
''' Instruction LSL_1
Groups:
0x8059a3e: lsl ecx, dword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x8059a40] = 'M'
mem[0x8059a41] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x1e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x3e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x30)
mem[addr] = value
mem[0x8059a3e] = '\x0f'
mem[0x8059a3f] = '\x03'
cpu.EIP = 0x8059a3e
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8059a40, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x8059a41, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x1e'))
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('>'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('0'))
condition = Operators.AND(condition, cpu.read_int(0x8059a3e, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8059a3f, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8059a42)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_LSL_2_symbolic(self):
''' Instruction LSL_2
Groups:
0x8059a36: lsl cx, word ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x3e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x30)
mem[addr] = value
mem[0x8059a36] = 'f'
mem[0x8059a37] = '\x0f'
mem[0x8059a38] = '\x03'
mem[0x8059a39] = 'M'
mem[0x8059a3a] = '\x00'
cpu.EIP = 0x8059a36
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('>'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('0'))
condition = Operators.AND(condition, cpu.read_int(0x8059a36, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8059a37, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8059a38, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x8059a39, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x8059a3a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8059a3b)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CX == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_LSL_3_symbolic(self):
''' Instruction LSL_3
Groups:
0x8059a3b: lsl ecx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x8059a3b] = '\x0f'
mem[0x8059a3c] = '\x03'
mem[0x8059a3d] = '\xca'
cpu.EIP = 0x8059a3b
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xc8f8)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8059a3b, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8059a3c, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x8059a3d, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0x8059a3e)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.EDX == 0xc8f8)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_LSL_4_symbolic(self):
''' Instruction LSL_4
Groups:
0x8059a32: lsl cx, dx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x8059a32] = 'f'
mem[0x8059a33] = '\x0f'
mem[0x8059a34] = '\x03'
mem[0x8059a35] = '\xca'
cpu.EIP = 0x8059a32
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x0)
cpu.DX = cs.new_bitvec(16)
cs.add(cpu.DX == 0xc8f8)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8059a32, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8059a33, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8059a34, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x8059a35, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0x8059a36)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CX == 0x0)
condition = Operators.AND(condition, cpu.DX == 0xc8f8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVAPS_1_symbolic(self):
''' Instruction MOVAPS_1
Groups: sse1
0x8048413: movaps xmm0, xmmword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0xeb)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0xb6)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x6e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0xeb)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0xeb)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0xb6)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0x6e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0xeb)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb608)
value = cs.new_bitvec(8)
cs.add(value == 0xeb)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb609)
value = cs.new_bitvec(8)
cs.add(value == 0xb6)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60a)
value = cs.new_bitvec(8)
cs.add(value == 0x6e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60b)
value = cs.new_bitvec(8)
cs.add(value == 0xeb)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60c)
value = cs.new_bitvec(8)
cs.add(value == 0xeb)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60d)
value = cs.new_bitvec(8)
cs.add(value == 0xb6)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60e)
value = cs.new_bitvec(8)
cs.add(value == 0x6e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60f)
value = cs.new_bitvec(8)
cs.add(value == 0xeb)
mem[addr] = value
mem[0x8048413] = '\x0f'
mem[0x8048414] = '('
mem[0x8048415] = 'E'
mem[0x8048416] = '\x00'
cpu.EIP = 0x8048413
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\xeb'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\xb6'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('n'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\xeb'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\xeb'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\xb6'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('n'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\xeb'))
condition = Operators.AND(condition, cpu.read_int(0xffffb608, 8)== ord('\xeb'))
condition = Operators.AND(condition, cpu.read_int(0xffffb609, 8)== ord('\xb6'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60a, 8)== ord('n'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60b, 8)== ord('\xeb'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60c, 8)== ord('\xeb'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60d, 8)== ord('\xb6'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60e, 8)== ord('n'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60f, 8)== ord('\xeb'))
condition = Operators.AND(condition, cpu.read_int(0x8048413, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8048414, 8)== ord('('))
condition = Operators.AND(condition, cpu.read_int(0x8048415, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x8048416, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8048417)
condition = Operators.AND(condition, cpu.XMM0 == 0xeb6eb6ebeb6eb6ebeb6eb6ebeb6eb6eb)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVAPS_2_symbolic(self):
''' Instruction MOVAPS_2
Groups: sse1
0x8048417: movaps xmmword ptr [ebp], xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0xeb)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0xb6)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x6e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0xeb)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0xeb)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0xb6)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0x6e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0xeb)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb608)
value = cs.new_bitvec(8)
cs.add(value == 0xeb)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb609)
value = cs.new_bitvec(8)
cs.add(value == 0xb6)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60a)
value = cs.new_bitvec(8)
cs.add(value == 0x6e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60b)
value = cs.new_bitvec(8)
cs.add(value == 0xeb)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60c)
value = cs.new_bitvec(8)
cs.add(value == 0xeb)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60d)
value = cs.new_bitvec(8)
cs.add(value == 0xb6)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60e)
value = cs.new_bitvec(8)
cs.add(value == 0x6e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60f)
value = cs.new_bitvec(8)
cs.add(value == 0xeb)
mem[addr] = value
mem[0x8048417] = '\x0f'
mem[0x8048418] = ')'
mem[0x8048419] = 'M'
mem[0x804841a] = '\x00'
cpu.EIP = 0x8048417
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb608, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb609, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8048417, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8048418, 8)== ord(')'))
condition = Operators.AND(condition, cpu.read_int(0x8048419, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x804841a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x804841b)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVAPS_3_symbolic(self):
''' Instruction MOVAPS_3
Groups: sse1
0x8048410: movaps xmm0, xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem[0x8048410] = '\x0f'
mem[0x8048411] = '('
mem[0x8048412] = '\xc1'
cpu.EIP = 0x8048410
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8048410, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8048411, 8)== ord('('))
condition = Operators.AND(condition, cpu.read_int(0x8048412, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x8048413)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVDQA_1_symbolic(self):
''' Instruction MOVDQA_1
Groups: sse2
0x8079433: movdqa xmm0, xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079433] = 'f'
mem[0x8079434] = '\x0f'
mem[0x8079435] = 'o'
mem[0x8079436] = '\xc1'
cpu.EIP = 0x8079433
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x8000f100fc0000000000000100000101)
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079433, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8079434, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8079435, 8)== ord('o'))
condition = Operators.AND(condition, cpu.read_int(0x8079436, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x8079437)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVDQA_2_symbolic(self):
''' Instruction MOVDQA_2
Groups: sse2
0x807943c: movdqa xmmword ptr [ebp], xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x8079440] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0xfc)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0xf1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x80)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb608)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb609)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x80)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x807943c] = 'f'
mem[0x807943d] = '\x0f'
mem[0x807943e] = '\x7f'
mem[0x807943f] = 'M'
cpu.EIP = 0x807943c
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079440, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb608, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb609, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x807943c, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x807943d, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x807943e, 8)== ord('\x7f'))
condition = Operators.AND(condition, cpu.read_int(0x807943f, 8)== ord('M'))
condition = Operators.AND(condition, cpu.EIP == 0x8079441)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVDQA_3_symbolic(self):
''' Instruction MOVDQA_3
Groups: sse2
0x8079437: movdqa xmm0, xmmword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x80)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0xfc)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0xf1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x80)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb608)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb609)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8079437] = 'f'
mem[0x8079438] = '\x0f'
mem[0x8079439] = 'o'
mem[0x807943a] = 'E'
mem[0x807943b] = '\x00'
cpu.EIP = 0x8079437
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x80'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\xfc'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\xf1'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x80'))
condition = Operators.AND(condition, cpu.read_int(0xffffb608, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb609, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8079437, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8079438, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8079439, 8)== ord('o'))
condition = Operators.AND(condition, cpu.read_int(0x807943a, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x807943b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x807943c)
condition = Operators.AND(condition, cpu.XMM0 == 0x80f1fc00ffff80fe)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVDQU_1_symbolic(self):
''' Instruction MOVDQU_1
Groups: sse2
0x805bb8c: movdqu xmm0, xmmword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb608)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb609)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x805bb8c] = '\xf3'
mem[0x805bb8d] = '\x0f'
mem[0x805bb8e] = 'o'
mem[0x805bb8f] = 'E'
mem[0x805bb90] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0x805bb8c
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb608, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb609, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805bb8c, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0x805bb8d, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x805bb8e, 8)== ord('o'))
condition = Operators.AND(condition, cpu.read_int(0x805bb8f, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x805bb90, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x805bb91)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVDQU_2_symbolic(self):
''' Instruction MOVDQU_2
Groups: sse2
0x805bb91: movdqu xmmword ptr [ebp], xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb608)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb609)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x805bb91] = '\xf3'
mem[0x805bb92] = '\x0f'
mem[0x805bb93] = '\x7f'
mem[0x805bb94] = 'M'
mem[0x805bb95] = '\x00'
cpu.EIP = 0x805bb91
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb608, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb609, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805bb91, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0x805bb92, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x805bb93, 8)== ord('\x7f'))
condition = Operators.AND(condition, cpu.read_int(0x805bb94, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x805bb95, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x805bb96)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVDQU_3_symbolic(self):
''' Instruction MOVDQU_3
Groups: sse2
0x805bb88: movdqu xmm0, xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x805bb88] = '\xf3'
mem[0x805bb89] = '\x0f'
mem[0x805bb8a] = 'o'
mem[0x805bb8b] = '\xc1'
cpu.EIP = 0x805bb88
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805bb88, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0x805bb89, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x805bb8a, 8)== ord('o'))
condition = Operators.AND(condition, cpu.read_int(0x805bb8b, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x805bb8c)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVD_1_symbolic(self):
''' Instruction MOVD_1
Groups: sse2
0x804841b: movd ecx, xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem[0x804841b] = 'f'
mem[0x804841c] = '\x0f'
mem[0x804841d] = '~'
mem[0x804841e] = '\xc9'
cpu.EIP = 0x804841b
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xecfecf0f)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804841b, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x804841c, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804841d, 8)== ord('~'))
condition = Operators.AND(condition, cpu.read_int(0x804841e, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.EIP == 0x804841f)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVD_2_symbolic(self):
''' Instruction MOVD_2
Groups: sse2
0x804841f: movd xmm0, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem[0x8048420] = '\x0f'
mem[0x8048421] = 'n'
mem[0x8048422] = '\xc2'
mem[0x804841f] = 'f'
cpu.EIP = 0x804841f
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0xeb6eb6ebeb6eb6ebeb6eb6ebeb6eb6eb)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xe6fe6ff0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8048420, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8048421, 8)== ord('n'))
condition = Operators.AND(condition, cpu.read_int(0x8048422, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.read_int(0x804841f, 8)== ord('f'))
condition = Operators.AND(condition, cpu.EIP == 0x8048423)
condition = Operators.AND(condition, cpu.XMM0 == 0xe6fe6ff0)
condition = Operators.AND(condition, cpu.EDX == 0xe6fe6ff0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVD_3_symbolic(self):
''' Instruction MOVD_3
Groups: sse2
0x8048423: movd xmm0, dword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8048423] = 'f'
mem[0x8048424] = '\x0f'
mem[0x8048425] = 'n'
mem[0x8048426] = 'E'
mem[0x8048427] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0x8048423
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0xe6fe6ff0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8048423, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8048424, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8048425, 8)== ord('n'))
condition = Operators.AND(condition, cpu.read_int(0x8048426, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x8048427, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8048428)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVD_4_symbolic(self):
''' Instruction MOVD_4
Groups: sse2
0x8048428: movd dword ptr [ebp], xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8048428] = 'f'
mem[0x8048429] = '\x0f'
mem[0x804842a] = '~'
mem[0x804842b] = 'M'
mem[0x804842c] = '\x00'
cpu.EIP = 0x8048428
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8048428, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8048429, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804842a, 8)== ord('~'))
condition = Operators.AND(condition, cpu.read_int(0x804842b, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x804842c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x804842d)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVHPD_1_symbolic(self):
''' Instruction MOVHPD_1
Groups: sse2
0x804d613: movhpd xmm0, qword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x804d613] = 'f'
mem[0x804d614] = '\x0f'
mem[0x804d615] = '\x16'
mem[0x804d616] = 'E'
mem[0x804d617] = '\x00'
cpu.EIP = 0x804d613
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804d613, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x804d614, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d615, 8)== ord('\x16'))
condition = Operators.AND(condition, cpu.read_int(0x804d616, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x804d617, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x804d618)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVHPD_2_symbolic(self):
''' Instruction MOVHPD_2
Groups: sse2
0x804d618: movhpd qword ptr [ebp], xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x804d618] = 'f'
mem[0x804d619] = '\x0f'
mem[0x804d61a] = '\x17'
mem[0x804d61b] = 'M'
mem[0x804d61c] = '\x00'
cpu.EIP = 0x804d618
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804d618, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x804d619, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d61a, 8)== ord('\x17'))
condition = Operators.AND(condition, cpu.read_int(0x804d61b, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x804d61c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x804d61d)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVLPD_1_symbolic(self):
''' Instruction MOVLPD_1
Groups: sse2
0x804d553: movlpd qword ptr [ebp], xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x804d553] = 'f'
mem[0x804d554] = '\x0f'
mem[0x804d555] = '\x13'
mem[0x804d556] = 'M'
mem[0x804d557] = '\x00'
cpu.EIP = 0x804d553
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804d553, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x804d554, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d555, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x804d556, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x804d557, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x804d558)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVLPD_2_symbolic(self):
''' Instruction MOVLPD_2
Groups: sse2
0x804d54e: movlpd xmm0, qword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x804d54e] = 'f'
mem[0x804d54f] = '\x0f'
mem[0x804d550] = '\x12'
mem[0x804d551] = 'E'
mem[0x804d552] = '\x00'
cpu.EIP = 0x804d54e
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804d54e, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x804d54f, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d550, 8)== ord('\x12'))
condition = Operators.AND(condition, cpu.read_int(0x804d551, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x804d552, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x804d553)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVQ_1_symbolic(self):
''' Instruction MOVQ_1
Groups: sse2
0x804d55c: movq xmm0, xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x804d55c] = '\xf3'
mem[0x804d55d] = '\x0f'
mem[0x804d55e] = '~'
mem[0x804d55f] = '\xc1'
cpu.EIP = 0x804d55c
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804d55c, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0x804d55d, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d55e, 8)== ord('~'))
condition = Operators.AND(condition, cpu.read_int(0x804d55f, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x804d560)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVQ_2_symbolic(self):
''' Instruction MOVQ_2
Groups: sse2
0x804d560: movq xmm0, qword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x804d560] = '\xf3'
mem[0x804d561] = '\x0f'
mem[0x804d562] = '~'
mem[0x804d563] = 'E'
mem[0x804d564] = '\x00'
cpu.EIP = 0x804d560
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804d560, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0x804d561, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d562, 8)== ord('~'))
condition = Operators.AND(condition, cpu.read_int(0x804d563, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x804d564, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x804d565)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVQ_3_symbolic(self):
''' Instruction MOVQ_3
Groups: sse2
0x804d565: movq qword ptr [ebp], xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x804d565] = 'f'
mem[0x804d566] = '\x0f'
mem[0x804d567] = '\xd6'
mem[0x804d568] = 'M'
mem[0x804d569] = '\x00'
cpu.EIP = 0x804d565
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804d565, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x804d566, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d567, 8)== ord('\xd6'))
condition = Operators.AND(condition, cpu.read_int(0x804d568, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x804d569, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x804d56a)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSB_1_symbolic(self):
''' Instruction MOVSB_1
Groups:
0xf7ff463a: rep movsb byte ptr es:[edi], byte ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff463b] = '\xa4'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdab04)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdab05)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdab06)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdab07)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaaf8)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaaf9)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7ff463a] = '\xf3'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaafb)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaafa)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0xf7ff463a
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7fdab04)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7fdaaf8)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fdaafb, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdab04, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdab05, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdab06, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdab07, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaaf8, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaaf9, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff463a, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff463b, 8)== ord('\xa4'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaafa, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff463c)
condition = Operators.AND(condition, cpu.EDI == 0xf7fdab04)
condition = Operators.AND(condition, cpu.ESI == 0xf7fdaaf8)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSB_10_symbolic(self):
''' Instruction MOVSB_10
Groups:
0xf7ff4545: movsb byte ptr es:[edi], byte ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x2000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff5e9a)
value = cs.new_bitvec(8)
cs.add(value == 0x74)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf3b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7ff4545] = '\xa4'
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0xf7ff4545
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7ffdf3b)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7ff5e9a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff5e9a, 8)== ord('t'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf3b, 8)== ord('t'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff4545, 8)== ord('\xa4'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4546)
condition = Operators.AND(condition, cpu.EDI == 0xf7ffdf3c)
condition = Operators.AND(condition, cpu.ESI == 0xf7ff5e9b)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSB_11_symbolic(self):
''' Instruction MOVSB_11
Groups:
0xf7ff464a: movsb byte ptr es:[edi], byte ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x2000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdc24)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7ff464a] = '\xa4'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff5844)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0xf7ff464a
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7ffdc24)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7ff5844)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff5844, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff464a, 8)== ord('\xa4'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdc24, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff464b)
condition = Operators.AND(condition, cpu.EDI == 0xf7ffdc25)
condition = Operators.AND(condition, cpu.ESI == 0xf7ff5845)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSB_2_symbolic(self):
''' Instruction MOVSB_2
Groups:
0xf7ff4545: movsb byte ptr es:[edi], byte ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x2000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff5e9a)
value = cs.new_bitvec(8)
cs.add(value == 0x74)
mem[addr] = value
mem[0xf7ff4545] = '\xa4'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf57)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0xf7ff4545
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7ffdf57)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7ff5e9a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff5e9a, 8)== ord('t'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff4545, 8)== ord('\xa4'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf57, 8)== ord('t'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4546)
condition = Operators.AND(condition, cpu.EDI == 0xf7ffdf58)
condition = Operators.AND(condition, cpu.ESI == 0xf7ff5e9b)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSB_3_symbolic(self):
''' Instruction MOVSB_3
Groups:
0xf7ff463a: rep movsb byte ptr es:[edi], byte ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdab16)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7ff463b] = '\xa4'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdab24)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdab25)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdab26)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdab27)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdab14)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7ff463a] = '\xf3'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdab17)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdab15)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0xf7ff463a
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7fdab14)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7fdab24)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fdab16, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff463b, 8)== ord('\xa4'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdab24, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdab25, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdab26, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdab27, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdab14, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff463a, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdab17, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdab15, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff463c)
condition = Operators.AND(condition, cpu.EDI == 0xf7fdab14)
condition = Operators.AND(condition, cpu.ESI == 0xf7fdab24)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSB_4_symbolic(self):
''' Instruction MOVSB_4
Groups:
0x804d558: movsb byte ptr es:[edi], byte ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0x0807e000, 0x2000, 'rwx')
mem[0x804d558] = '\xa4'
addr = cs.new_bitvec(32)
cs.add(addr == 0x807f030)
value = cs.new_bitvec(8)
cs.add(value == 0x30)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x807e030)
value = cs.new_bitvec(8)
cs.add(value == 0x30)
mem[addr] = value
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0x804d558
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x807f030)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0x807e030)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804d558, 8)== ord('\xa4'))
condition = Operators.AND(condition, cpu.read_int(0x807f030, 8)== ord('0'))
condition = Operators.AND(condition, cpu.read_int(0x807e030, 8)== ord('0'))
condition = Operators.AND(condition, cpu.EIP == 0x804d559)
condition = Operators.AND(condition, cpu.EDI == 0x807f031)
condition = Operators.AND(condition, cpu.ESI == 0x807e031)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSB_5_symbolic(self):
''' Instruction MOVSB_5
Groups:
0xf7ff4545: movsb byte ptr es:[edi], byte ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x2000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf28)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff5e9a)
value = cs.new_bitvec(8)
cs.add(value == 0x74)
mem[addr] = value
mem[0xf7ff4545] = '\xa4'
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0xf7ff4545
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7ffdf28)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7ff5e9a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf28, 8)== ord('t'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff5e9a, 8)== ord('t'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff4545, 8)== ord('\xa4'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4546)
condition = Operators.AND(condition, cpu.EDI == 0xf7ffdf29)
condition = Operators.AND(condition, cpu.ESI == 0xf7ff5e9b)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSB_6_symbolic(self):
''' Instruction MOVSB_6
Groups:
0xf7ff463a: rep movsb byte ptr es:[edi], byte ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fdb000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdb178)
value = cs.new_bitvec(8)
cs.add(value == 0x4c)
mem[addr] = value
mem[0xf7ff463b] = '\xa4'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdeab)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdb179)
value = cs.new_bitvec(8)
cs.add(value == 0x49)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdea8)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdea9)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdeaa)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdb17b)
value = cs.new_bitvec(8)
cs.add(value == 0x55)
mem[addr] = value
mem[0xf7ff463a] = '\xf3'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdb17a)
value = cs.new_bitvec(8)
cs.add(value == 0x4e)
mem[addr] = value
cpu.EIP = 0xf7ff463a
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7ffdea8)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7fdb178)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fdb178, 8)== ord('L'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdeab, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdb17b, 8)== ord('U'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdb179, 8)== ord('I'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdea8, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdea9, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdeaa, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff463b, 8)== ord('\xa4'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff463a, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdb17a, 8)== ord('N'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff463c)
condition = Operators.AND(condition, cpu.EDI == 0xf7ffdea8)
condition = Operators.AND(condition, cpu.ESI == 0xf7fdb178)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSB_7_symbolic(self):
''' Instruction MOVSB_7
Groups:
0xf7ff463a: rep movsb byte ptr es:[edi], byte ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7ff463b] = '\xa4'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaaff)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd388)
value = cs.new_bitvec(8)
cs.add(value == 0xef)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd389)
value = cs.new_bitvec(8)
cs.add(value == 0xab)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd38a)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd38b)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaafc)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7ff463a] = '\xf3'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaafe)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaafd)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0xf7ff463a
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7fdaafc)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xffffd388)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff463b, 8)== ord('\xa4'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaaff, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd388, 8)== ord('\xef'))
condition = Operators.AND(condition, cpu.read_int(0xffffd389, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.read_int(0xffffd38a, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd38b, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaafc, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff463a, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaafe, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaafd, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff463c)
condition = Operators.AND(condition, cpu.EDI == 0xf7fdaafc)
condition = Operators.AND(condition, cpu.ESI == 0xffffd388)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSB_8_symbolic(self):
''' Instruction MOVSB_8
Groups:
0xf7ff464a: movsb byte ptr es:[edi], byte ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x2000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffde94)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7ff464a] = '\xa4'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff5844)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0xf7ff464a
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7ffde94)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7ff5844)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff5844, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff464a, 8)== ord('\xa4'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffde94, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff464b)
condition = Operators.AND(condition, cpu.EDI == 0xf7ffde95)
condition = Operators.AND(condition, cpu.ESI == 0xf7ff5845)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSB_9_symbolic(self):
''' Instruction MOVSB_9
Groups:
0xf7ff4545: movsb byte ptr es:[edi], byte ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x2000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf49)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff5e9a)
value = cs.new_bitvec(8)
cs.add(value == 0x74)
mem[addr] = value
mem[0xf7ff4545] = '\xa4'
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0xf7ff4545
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7ffdf49)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7ff5e9a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf49, 8)== ord('t'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff5e9a, 8)== ord('t'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff4545, 8)== ord('\xa4'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4546)
condition = Operators.AND(condition, cpu.EDI == 0xf7ffdf4a)
condition = Operators.AND(condition, cpu.ESI == 0xf7ff5e9b)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSD_1_symbolic(self):
''' Instruction MOVSD_1
Groups:
0xf7ff4636: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fdb000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdb176)
value = cs.new_bitvec(8)
cs.add(value == 0x31)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdea4)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdea5)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdea6)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdea7)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdb174)
value = cs.new_bitvec(8)
cs.add(value == 0x6f)
mem[addr] = value
mem[0xf7ff4637] = '\xa5'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdb177)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7ff4636] = '\xf3'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdb175)
value = cs.new_bitvec(8)
cs.add(value == 0x2e)
mem[addr] = value
cpu.EIP = 0xf7ff4636
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7ffdea4)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7fdb174)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x1)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fdb177, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdea4, 8)== ord('o'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdea5, 8)== ord('.'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdea6, 8)== ord('1'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdea7, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdb174, 8)== ord('o'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdb176, 8)== ord('1'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff4637, 8)== ord('\xa5'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff4636, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdb175, 8)== ord('.'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4638)
condition = Operators.AND(condition, cpu.EDI == 0xf7ffdea8)
condition = Operators.AND(condition, cpu.ESI == 0xf7fdb178)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSD_10_symbolic(self):
''' Instruction MOVSD_10
Groups:
0x805ba6d: movsd dword ptr es:[edi], dword ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0x0807e000, 0x2000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0x807f040)
value = cs.new_bitvec(8)
cs.add(value == 0xed)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x807f041)
value = cs.new_bitvec(8)
cs.add(value == 0xd1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x807e03e)
value = cs.new_bitvec(8)
cs.add(value == 0x1e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x807e041)
value = cs.new_bitvec(8)
cs.add(value == 0x51)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x807e040)
value = cs.new_bitvec(8)
cs.add(value == 0xe5)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x807f03f)
value = cs.new_bitvec(8)
cs.add(value == 0xed)
mem[addr] = value
mem[0x805ba6d] = '\xa5'
addr = cs.new_bitvec(32)
cs.add(addr == 0x807f03e)
value = cs.new_bitvec(8)
cs.add(value == 0x1e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x807e03f)
value = cs.new_bitvec(8)
cs.add(value == 0xe5)
mem[addr] = value
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0x805ba6d
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x807f03e)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0x807e03e)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807f040, 8)== ord('\xe5'))
condition = Operators.AND(condition, cpu.read_int(0x807f041, 8)== ord('Q'))
condition = Operators.AND(condition, cpu.read_int(0x807f03e, 8)== ord('\x1e'))
condition = Operators.AND(condition, cpu.read_int(0x807e041, 8)== ord('Q'))
condition = Operators.AND(condition, cpu.read_int(0x807e040, 8)== ord('\xe5'))
condition = Operators.AND(condition, cpu.read_int(0x807e03f, 8)== ord('\xe5'))
condition = Operators.AND(condition, cpu.read_int(0x805ba6d, 8)== ord('\xa5'))
condition = Operators.AND(condition, cpu.read_int(0x807e03e, 8)== ord('\x1e'))
condition = Operators.AND(condition, cpu.read_int(0x807f03f, 8)== ord('\xe5'))
condition = Operators.AND(condition, cpu.EIP == 0x805ba6e)
condition = Operators.AND(condition, cpu.EDI == 0x807f042)
condition = Operators.AND(condition, cpu.ESI == 0x807e042)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSD_11_symbolic(self):
''' Instruction MOVSD_11
Groups:
0xf7ff454c: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd7dc)
value = cs.new_bitvec(8)
cs.add(value == 0x36)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd7db)
value = cs.new_bitvec(8)
cs.add(value == 0x69)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd7de)
value = cs.new_bitvec(8)
cs.add(value == 0x36)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf2c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd7dd)
value = cs.new_bitvec(8)
cs.add(value == 0x38)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf2f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7ff454c] = '\xf3'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf2d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf2e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7ff454d] = '\xa5'
cpu.EIP = 0xf7ff454c
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7ffdf2c)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xffffd7db)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x1)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf2f, 8)== ord('6'))
condition = Operators.AND(condition, cpu.read_int(0xffffd7dc, 8)== ord('6'))
condition = Operators.AND(condition, cpu.read_int(0xffffd7de, 8)== ord('6'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff454c, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xffffd7dd, 8)== ord('8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd7db, 8)== ord('i'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf2c, 8)== ord('i'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf2d, 8)== ord('6'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf2e, 8)== ord('8'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff454d, 8)== ord('\xa5'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff454e)
condition = Operators.AND(condition, cpu.EDI == 0xf7ffdf30)
condition = Operators.AND(condition, cpu.ESI == 0xffffd7df)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSD_12_symbolic(self):
''' Instruction MOVSD_12
Groups:
0xf7ff4636: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaaf0)
value = cs.new_bitvec(8)
cs.add(value == 0x58)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaaf1)
value = cs.new_bitvec(8)
cs.add(value == 0xa8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaaf2)
value = cs.new_bitvec(8)
cs.add(value == 0xfd)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaaf3)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
mem[0xf7ff4636] = '\xf3'
mem[0xf7ff4637] = '\xa5'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaafc)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaafd)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaafe)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaaff)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0xf7ff4636
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7fdaafc)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7fdaaf0)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x2)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fdaaf0, 8)== ord('X'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaaf1, 8)== ord('\xa8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaaf2, 8)== ord('\xfd'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaaf3, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff4636, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff4637, 8)== ord('\xa5'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaafc, 8)== ord('X'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaafd, 8)== ord('\xa8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaafe, 8)== ord('\xfd'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaaff, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4636)
condition = Operators.AND(condition, cpu.EDI == 0xf7fdab00)
condition = Operators.AND(condition, cpu.ESI == 0xf7fdaaf4)
condition = Operators.AND(condition, cpu.ECX == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSD_13_symbolic(self):
''' Instruction MOVSD_13
Groups:
0xf7ff454c: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fda852)
value = cs.new_bitvec(8)
cs.add(value == 0x6f)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fda853)
value = cs.new_bitvec(8)
cs.add(value == 0x2e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fda854)
value = cs.new_bitvec(8)
cs.add(value == 0x36)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fda855)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaaec)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaaea)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaaeb)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7ff454c] = '\xf3'
mem[0xf7ff454d] = '\xa5'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaaed)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0xf7ff454c
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7fdaaea)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7fda852)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x1)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fda852, 8)== ord('o'))
condition = Operators.AND(condition, cpu.read_int(0xf7fda853, 8)== ord('.'))
condition = Operators.AND(condition, cpu.read_int(0xf7fda854, 8)== ord('6'))
condition = Operators.AND(condition, cpu.read_int(0xf7fda855, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff454c, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaaea, 8)== ord('o'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaaeb, 8)== ord('.'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaaec, 8)== ord('6'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff454d, 8)== ord('\xa5'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaaed, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff454e)
condition = Operators.AND(condition, cpu.EDI == 0xf7fdaaee)
condition = Operators.AND(condition, cpu.ESI == 0xf7fda856)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSD_14_symbolic(self):
''' Instruction MOVSD_14
Groups:
0xf7ff454c: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xf7ffc000, 0x2000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf50)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffce44)
value = cs.new_bitvec(8)
cs.add(value == 0x73)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffce45)
value = cs.new_bitvec(8)
cs.add(value == 0x73)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffce46)
value = cs.new_bitvec(8)
cs.add(value == 0x65)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffce47)
value = cs.new_bitvec(8)
cs.add(value == 0x32)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf4f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7ff454c] = '\xf3'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf4d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf4e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7ff454d] = '\xa5'
cpu.EIP = 0xf7ff454c
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7ffdf4d)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7ffce44)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x1)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf50, 8)== ord('2'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffce44, 8)== ord('s'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffce45, 8)== ord('s'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffce46, 8)== ord('e'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffce47, 8)== ord('2'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf4f, 8)== ord('e'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff454c, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf4d, 8)== ord('s'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf4e, 8)== ord('s'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff454d, 8)== ord('\xa5'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff454e)
condition = Operators.AND(condition, cpu.EDI == 0xf7ffdf51)
condition = Operators.AND(condition, cpu.ESI == 0xf7ffce48)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSD_15_symbolic(self):
''' Instruction MOVSD_15
Groups:
0xf7ff454c: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fda840)
value = cs.new_bitvec(8)
cs.add(value == 0x36)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fda841)
value = cs.new_bitvec(8)
cs.add(value == 0x2d)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaad6)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaad7)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaad8)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaad9)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7ff454c] = '\xf3'
mem[0xf7ff454d] = '\xa5'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fda83e)
value = cs.new_bitvec(8)
cs.add(value == 0x33)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fda83f)
value = cs.new_bitvec(8)
cs.add(value == 0x38)
mem[addr] = value
cpu.EIP = 0xf7ff454c
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7fdaad6)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7fda83e)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x6)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fda840, 8)== ord('6'))
condition = Operators.AND(condition, cpu.read_int(0xf7fda841, 8)== ord('-'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaad6, 8)== ord('3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaad7, 8)== ord('8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaad8, 8)== ord('6'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaad9, 8)== ord('-'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff454c, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff454d, 8)== ord('\xa5'))
condition = Operators.AND(condition, cpu.read_int(0xf7fda83e, 8)== ord('3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fda83f, 8)== ord('8'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff454c)
condition = Operators.AND(condition, cpu.EDI == 0xf7fdaada)
condition = Operators.AND(condition, cpu.ESI == 0xf7fda842)
condition = Operators.AND(condition, cpu.ECX == 0x5)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSD_16_symbolic(self):
''' Instruction MOVSD_16
Groups:
0xf7ff454c: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fda842)
value = cs.new_bitvec(8)
cs.add(value == 0x6c)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fda843)
value = cs.new_bitvec(8)
cs.add(value == 0x69)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fda844)
value = cs.new_bitvec(8)
cs.add(value == 0x6e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fda845)
value = cs.new_bitvec(8)
cs.add(value == 0x75)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaadc)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaada)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaadb)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7ff454c] = '\xf3'
mem[0xf7ff454d] = '\xa5'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaadd)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0xf7ff454c
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7fdaada)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7fda842)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x5)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fda842, 8)== ord('l'))
condition = Operators.AND(condition, cpu.read_int(0xf7fda843, 8)== ord('i'))
condition = Operators.AND(condition, cpu.read_int(0xf7fda844, 8)== ord('n'))
condition = Operators.AND(condition, cpu.read_int(0xf7fda845, 8)== ord('u'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaadc, 8)== ord('n'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaada, 8)== ord('l'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaadb, 8)== ord('i'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff454c, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff454d, 8)== ord('\xa5'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaadd, 8)== ord('u'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff454c)
condition = Operators.AND(condition, cpu.EDI == 0xf7fdaade)
condition = Operators.AND(condition, cpu.ESI == 0xf7fda846)
condition = Operators.AND(condition, cpu.ECX == 0x4)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSD_17_symbolic(self):
''' Instruction MOVSD_17
Groups: sse2
0x805ba6e: movsd qword ptr [ebp], xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x805ba6e] = '\xf2'
mem[0x805ba6f] = '\x0f'
mem[0x805ba70] = '\x11'
mem[0x805ba71] = 'M'
mem[0x805ba72] = '\x00'
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0x805ba6e
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805ba6e, 8)== ord('\xf2'))
condition = Operators.AND(condition, cpu.read_int(0x805ba6f, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x805ba70, 8)== ord('\x11'))
condition = Operators.AND(condition, cpu.read_int(0x805ba71, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x805ba72, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x805ba73)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSD_18_symbolic(self):
''' Instruction MOVSD_18
Groups:
0xf7ff4636: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdab00)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdab01)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdab02)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdab03)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaaf4)
value = cs.new_bitvec(8)
cs.add(value == 0x5c)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaaf5)
value = cs.new_bitvec(8)
cs.add(value == 0xd5)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaaf6)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaaf7)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
mem[0xf7ff4637] = '\xa5'
mem[0xf7ff4636] = '\xf3'
cpu.EIP = 0xf7ff4636
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7fdab00)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7fdaaf4)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x1)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fdab00, 8)== ord('\\'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdab01, 8)== ord('\xd5'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdab02, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdab03, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaaf4, 8)== ord('\\'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaaf5, 8)== ord('\xd5'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff4636, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff4637, 8)== ord('\xa5'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaaf7, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaaf6, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4638)
condition = Operators.AND(condition, cpu.EDI == 0xf7fdab04)
condition = Operators.AND(condition, cpu.ESI == 0xf7fdaaf8)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSD_19_symbolic(self):
''' Instruction MOVSD_19
Groups:
0xf7ff4636: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaaf9)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaafb)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd384)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd385)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd386)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd387)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaaf8)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7ff4637] = '\xa5'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaafa)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7ff4636] = '\xf3'
cpu.EIP = 0xf7ff4636
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7fdaaf8)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xffffd384)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x1)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fdaaf9, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaafb, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd384, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd385, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd386, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd387, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaaf8, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff4637, 8)== ord('\xa5'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaafa, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff4636, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4638)
condition = Operators.AND(condition, cpu.EDI == 0xf7fdaafc)
condition = Operators.AND(condition, cpu.ESI == 0xffffd388)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSD_2_symbolic(self):
''' Instruction MOVSD_2
Groups:
0xf7ff454c: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xf7ffc000, 0x2000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf44)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf45)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf46)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf47)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7ff454c] = '\xf3'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffcdef)
value = cs.new_bitvec(8)
cs.add(value == 0x76)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffcdec)
value = cs.new_bitvec(8)
cs.add(value == 0x63)
mem[addr] = value
mem[0xf7ff454d] = '\xa5'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffcdee)
value = cs.new_bitvec(8)
cs.add(value == 0x6f)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffcded)
value = cs.new_bitvec(8)
cs.add(value == 0x6d)
mem[addr] = value
cpu.EIP = 0xf7ff454c
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7ffdf44)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7ffcdec)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x1)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf44, 8)== ord('c'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf45, 8)== ord('m'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf46, 8)== ord('o'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf47, 8)== ord('v'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffcdec, 8)== ord('c'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffcdef, 8)== ord('v'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff454c, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff454d, 8)== ord('\xa5'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffcdee, 8)== ord('o'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffcded, 8)== ord('m'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff454e)
condition = Operators.AND(condition, cpu.EDI == 0xf7ffdf48)
condition = Operators.AND(condition, cpu.ESI == 0xf7ffcdf0)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSD_20_symbolic(self):
''' Instruction MOVSD_20
Groups:
0xf7ff454c: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xf7ffc000, 0x2000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf52)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf53)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf54)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf55)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7ff454c] = '\xf3'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffcdef)
value = cs.new_bitvec(8)
cs.add(value == 0x76)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffcdec)
value = cs.new_bitvec(8)
cs.add(value == 0x63)
mem[addr] = value
mem[0xf7ff454d] = '\xa5'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffcdee)
value = cs.new_bitvec(8)
cs.add(value == 0x6f)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffcded)
value = cs.new_bitvec(8)
cs.add(value == 0x6d)
mem[addr] = value
cpu.EIP = 0xf7ff454c
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7ffdf52)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7ffcdec)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x1)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf52, 8)== ord('c'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf53, 8)== ord('m'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf54, 8)== ord('o'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf55, 8)== ord('v'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffcdec, 8)== ord('c'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffcdef, 8)== ord('v'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff454c, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff454d, 8)== ord('\xa5'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffcdee, 8)== ord('o'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffcded, 8)== ord('m'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff454e)
condition = Operators.AND(condition, cpu.EDI == 0xf7ffdf56)
condition = Operators.AND(condition, cpu.ESI == 0xf7ffcdf0)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSD_21_symbolic(self):
''' Instruction MOVSD_21
Groups:
0xf7ff454c: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x2000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff5ea0)
value = cs.new_bitvec(8)
cs.add(value == 0x2d)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff5e9f)
value = cs.new_bitvec(8)
cs.add(value == 0x6c)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf5d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf5c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf5a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf5b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7ff454c] = '\xf3'
mem[0xf7ff454d] = '\xa5'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff5e9e)
value = cs.new_bitvec(8)
cs.add(value == 0x64)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff5e9d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0xf7ff454c
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7ffdf5a)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7ff5e9d)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff5ea0, 8)== ord('-'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff5e9f, 8)== ord('l'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff5e9d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf5c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf5a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf5b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff454c, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff454d, 8)== ord('\xa5'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff5e9e, 8)== ord('d'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf5d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff454e)
condition = Operators.AND(condition, cpu.EDI == 0xf7ffdf5a)
condition = Operators.AND(condition, cpu.ESI == 0xf7ff5e9d)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSD_3_symbolic(self):
''' Instruction MOVSD_3
Groups:
0xf7ff4636: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdab18)
value = cs.new_bitvec(8)
cs.add(value == 0x38)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdab1b)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
mem[0xf7ff4636] = '\xf3'
mem[0xf7ff4637] = '\xa5'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdab08)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdab09)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdab0a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdab0b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdab19)
value = cs.new_bitvec(8)
cs.add(value == 0xd9)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdab1a)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
cpu.EIP = 0xf7ff4636
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7fdab08)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7fdab18)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x3)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fdab18, 8)== ord('8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdab1b, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff4636, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff4637, 8)== ord('\xa5'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdab08, 8)== ord('8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdab09, 8)== ord('\xd9'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdab0a, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdab0b, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdab19, 8)== ord('\xd9'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdab1a, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4636)
condition = Operators.AND(condition, cpu.EDI == 0xf7fdab0c)
condition = Operators.AND(condition, cpu.ESI == 0xf7fdab1c)
condition = Operators.AND(condition, cpu.ECX == 0x2)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSD_4_symbolic(self):
''' Instruction MOVSD_4
Groups:
0xf7ff4651: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fd7000, 0x1000, 'rwx')
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4651] = '\xf3'
mem[0xf7ff4652] = '\xa5'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fd7048)
value = cs.new_bitvec(8)
cs.add(value == 0x2d)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fda846)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fda847)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fda848)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fda849)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fd704a)
value = cs.new_bitvec(8)
cs.add(value == 0x6e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fd7047)
value = cs.new_bitvec(8)
cs.add(value == 0x78)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fd7049)
value = cs.new_bitvec(8)
cs.add(value == 0x67)
mem[addr] = value
cpu.EIP = 0xf7ff4651
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7fda846)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7fd7047)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x4)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff4651, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff4652, 8)== ord('\xa5'))
condition = Operators.AND(condition, cpu.read_int(0xf7fd7048, 8)== ord('-'))
condition = Operators.AND(condition, cpu.read_int(0xf7fda846, 8)== ord('x'))
condition = Operators.AND(condition, cpu.read_int(0xf7fda847, 8)== ord('-'))
condition = Operators.AND(condition, cpu.read_int(0xf7fda848, 8)== ord('g'))
condition = Operators.AND(condition, cpu.read_int(0xf7fda849, 8)== ord('n'))
condition = Operators.AND(condition, cpu.read_int(0xf7fd704a, 8)== ord('n'))
condition = Operators.AND(condition, cpu.read_int(0xf7fd7047, 8)== ord('x'))
condition = Operators.AND(condition, cpu.read_int(0xf7fd7049, 8)== ord('g'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4651)
condition = Operators.AND(condition, cpu.EDI == 0xf7fda84a)
condition = Operators.AND(condition, cpu.ESI == 0xf7fd704b)
condition = Operators.AND(condition, cpu.ECX == 0x3)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSD_5_symbolic(self):
''' Instruction MOVSD_5
Groups:
0xf7ff454c: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaae2)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaae3)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaae4)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaae5)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7ff454c] = '\xf3'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fda84a)
value = cs.new_bitvec(8)
cs.add(value == 0x75)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fda84b)
value = cs.new_bitvec(8)
cs.add(value == 0x2f)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fda84c)
value = cs.new_bitvec(8)
cs.add(value == 0x6c)
mem[addr] = value
mem[0xf7ff454d] = '\xa5'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fda84d)
value = cs.new_bitvec(8)
cs.add(value == 0x69)
mem[addr] = value
cpu.EIP = 0xf7ff454c
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7fdaae2)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7fda84a)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x3)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fdaae2, 8)== ord('u'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaae3, 8)== ord('/'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaae4, 8)== ord('l'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaae5, 8)== ord('i'))
condition = Operators.AND(condition, cpu.read_int(0xf7fda84c, 8)== ord('l'))
condition = Operators.AND(condition, cpu.read_int(0xf7fda84a, 8)== ord('u'))
condition = Operators.AND(condition, cpu.read_int(0xf7fda84b, 8)== ord('/'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff454c, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff454d, 8)== ord('\xa5'))
condition = Operators.AND(condition, cpu.read_int(0xf7fda84d, 8)== ord('i'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff454c)
condition = Operators.AND(condition, cpu.EDI == 0xf7fdaae6)
condition = Operators.AND(condition, cpu.ESI == 0xf7fda84e)
condition = Operators.AND(condition, cpu.ECX == 0x2)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSD_6_symbolic(self):
''' Instruction MOVSD_6
Groups:
0xf7ff454c: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xf7ffc000, 0x2000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf31)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf32)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf33)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffce44)
value = cs.new_bitvec(8)
cs.add(value == 0x73)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffce45)
value = cs.new_bitvec(8)
cs.add(value == 0x73)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffce46)
value = cs.new_bitvec(8)
cs.add(value == 0x65)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffce47)
value = cs.new_bitvec(8)
cs.add(value == 0x32)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf34)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7ff454c] = '\xf3'
mem[0xf7ff454d] = '\xa5'
cpu.EIP = 0xf7ff454c
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7ffdf31)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7ffce44)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x1)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf31, 8)== ord('s'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf32, 8)== ord('s'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf33, 8)== ord('e'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffce44, 8)== ord('s'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffce45, 8)== ord('s'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffce46, 8)== ord('e'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffce47, 8)== ord('2'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf34, 8)== ord('2'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff454c, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff454d, 8)== ord('\xa5'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff454e)
condition = Operators.AND(condition, cpu.EDI == 0xf7ffdf35)
condition = Operators.AND(condition, cpu.ESI == 0xf7ffce48)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSD_7_symbolic(self):
''' Instruction MOVSD_7
Groups:
0x804d55b: movsd dword ptr es:[edi], dword ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0x0807e000, 0x2000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0x807f033)
value = cs.new_bitvec(8)
cs.add(value == 0x8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x807e033)
value = cs.new_bitvec(8)
cs.add(value == 0x8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x807f034)
value = cs.new_bitvec(8)
cs.add(value == 0xed)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x807f035)
value = cs.new_bitvec(8)
cs.add(value == 0xd1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x807e036)
value = cs.new_bitvec(8)
cs.add(value == 0x1e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x807e034)
value = cs.new_bitvec(8)
cs.add(value == 0xe5)
mem[addr] = value
mem[0x804d55b] = '\xa5'
addr = cs.new_bitvec(32)
cs.add(addr == 0x807f036)
value = cs.new_bitvec(8)
cs.add(value == 0x1e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x807e035)
value = cs.new_bitvec(8)
cs.add(value == 0x51)
mem[addr] = value
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0x804d55b
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x807f033)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0x807e033)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807e033, 8)== ord('\x08'))
condition = Operators.AND(condition, cpu.read_int(0x807f033, 8)== ord('\x08'))
condition = Operators.AND(condition, cpu.read_int(0x807f034, 8)== ord('\xe5'))
condition = Operators.AND(condition, cpu.read_int(0x807f035, 8)== ord('Q'))
condition = Operators.AND(condition, cpu.read_int(0x807f036, 8)== ord('\x1e'))
condition = Operators.AND(condition, cpu.read_int(0x807e034, 8)== ord('\xe5'))
condition = Operators.AND(condition, cpu.read_int(0x804d55b, 8)== ord('\xa5'))
condition = Operators.AND(condition, cpu.read_int(0x807e036, 8)== ord('\x1e'))
condition = Operators.AND(condition, cpu.read_int(0x807e035, 8)== ord('Q'))
condition = Operators.AND(condition, cpu.EIP == 0x804d55c)
condition = Operators.AND(condition, cpu.EDI == 0x807f037)
condition = Operators.AND(condition, cpu.ESI == 0x807e037)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSD_8_symbolic(self):
''' Instruction MOVSD_8
Groups:
0xf7ff454c: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaad2)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaad3)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaad4)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaad5)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fda83c)
value = cs.new_bitvec(8)
cs.add(value == 0x2f)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fda83a)
value = cs.new_bitvec(8)
cs.add(value == 0x69)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fda83b)
value = cs.new_bitvec(8)
cs.add(value == 0x62)
mem[addr] = value
mem[0xf7ff454c] = '\xf3'
mem[0xf7ff454d] = '\xa5'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fda83d)
value = cs.new_bitvec(8)
cs.add(value == 0x69)
mem[addr] = value
cpu.EIP = 0xf7ff454c
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7fdaad2)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7fda83a)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x7)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fdaad2, 8)== ord('i'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaad3, 8)== ord('b'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaad4, 8)== ord('/'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaad5, 8)== ord('i'))
condition = Operators.AND(condition, cpu.read_int(0xf7fda83c, 8)== ord('/'))
condition = Operators.AND(condition, cpu.read_int(0xf7fda83a, 8)== ord('i'))
condition = Operators.AND(condition, cpu.read_int(0xf7fda83b, 8)== ord('b'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff454c, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff454d, 8)== ord('\xa5'))
condition = Operators.AND(condition, cpu.read_int(0xf7fda83d, 8)== ord('i'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff454c)
condition = Operators.AND(condition, cpu.EDI == 0xf7fdaad6)
condition = Operators.AND(condition, cpu.ESI == 0xf7fda83e)
condition = Operators.AND(condition, cpu.ECX == 0x6)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSD_9_symbolic(self):
''' Instruction MOVSD_9
Groups:
0xf7ff454c: rep movsd dword ptr es:[edi], dword ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x2000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff5ea0)
value = cs.new_bitvec(8)
cs.add(value == 0x2d)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff5e9f)
value = cs.new_bitvec(8)
cs.add(value == 0x6c)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff5e9e)
value = cs.new_bitvec(8)
cs.add(value == 0x64)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff5e9d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf2c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf2b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7ff454c] = '\xf3'
mem[0xf7ff454d] = '\xa5'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf2e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf2d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0xf7ff454c
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7ffdf2b)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7ff5e9d)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff5ea0, 8)== ord('-'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff5e9f, 8)== ord('l'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff5e9e, 8)== ord('d'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff5e9d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff454c, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf2b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf2c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff454d, 8)== ord('\xa5'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf2e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf2d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff454e)
condition = Operators.AND(condition, cpu.EDI == 0xf7ffdf2b)
condition = Operators.AND(condition, cpu.ESI == 0xf7ff5e9d)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSS_1_symbolic(self):
''' Instruction MOVSS_1
Groups: sse1
0x805badf: movss xmm0, xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x805bae0] = '\x0f'
mem[0x805bae1] = '\x10'
mem[0x805bae2] = '\xc1'
mem[0x805badf] = '\xf3'
cpu.EIP = 0x805badf
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x1)
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805bae0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x805bae1, 8)== ord('\x10'))
condition = Operators.AND(condition, cpu.read_int(0x805bae2, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x805badf, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.EIP == 0x805bae3)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSS_2_symbolic(self):
''' Instruction MOVSS_2
Groups: sse1
0x805bae3: movss xmm0, dword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x805bae3] = '\xf3'
mem[0x805bae4] = '\x0f'
mem[0x805bae5] = '\x10'
mem[0x805bae6] = 'E'
mem[0x805bae7] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0x805bae3
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805bae3, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0x805bae4, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x805bae5, 8)== ord('\x10'))
condition = Operators.AND(condition, cpu.read_int(0x805bae6, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x805bae7, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x805bae8)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSS_3_symbolic(self):
''' Instruction MOVSS_3
Groups: sse1
0x805bae8: movss dword ptr [ebp], xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x805bae8] = '\xf3'
mem[0x805bae9] = '\x0f'
mem[0x805baea] = '\x11'
mem[0x805baeb] = 'M'
mem[0x805baec] = '\x00'
cpu.EIP = 0x805bae8
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805bae8, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0x805bae9, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x805baea, 8)== ord('\x11'))
condition = Operators.AND(condition, cpu.read_int(0x805baeb, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x805baec, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x805baed)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSW_1_symbolic(self):
''' Instruction MOVSW_1
Groups:
0xf7ff454a: movsw word ptr es:[edi], word ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x2000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
mem[0xf7ff454a] = 'f'
mem[0xf7ff454b] = '\xa5'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf58)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf59)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff5e9b)
value = cs.new_bitvec(8)
cs.add(value == 0x6c)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff5e9c)
value = cs.new_bitvec(8)
cs.add(value == 0x73)
mem[addr] = value
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0xf7ff454a
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7ffdf58)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7ff5e9b)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff454a, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff454b, 8)== ord('\xa5'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf58, 8)== ord('l'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf59, 8)== ord('s'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff5e9b, 8)== ord('l'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff5e9c, 8)== ord('s'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff454c)
condition = Operators.AND(condition, cpu.EDI == 0xf7ffdf5a)
condition = Operators.AND(condition, cpu.ESI == 0xf7ff5e9d)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSW_2_symbolic(self):
''' Instruction MOVSW_2
Groups:
0xf7ff454a: movsw word ptr es:[edi], word ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x2000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
mem[0xf7ff454b] = '\xa5'
mem[0xf7ff454a] = 'f'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf4b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff5e9b)
value = cs.new_bitvec(8)
cs.add(value == 0x6c)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff5e9c)
value = cs.new_bitvec(8)
cs.add(value == 0x73)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf4a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0xf7ff454a
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7ffdf4a)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7ff5e9b)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf4b, 8)== ord('s'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff454a, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff454b, 8)== ord('\xa5'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff5e9b, 8)== ord('l'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff5e9c, 8)== ord('s'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf4a, 8)== ord('l'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff454c)
condition = Operators.AND(condition, cpu.EDI == 0xf7ffdf4c)
condition = Operators.AND(condition, cpu.ESI == 0xf7ff5e9d)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSW_3_symbolic(self):
''' Instruction MOVSW_3
Groups:
0xf7ff454a: movsw word ptr es:[edi], word ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff454a] = 'f'
mem[0xf7ff454b] = '\xa5'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaad0)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaad1)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fda838)
value = cs.new_bitvec(8)
cs.add(value == 0x2f)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fda839)
value = cs.new_bitvec(8)
cs.add(value == 0x6c)
mem[addr] = value
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0xf7ff454a
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7fdaad0)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7fda838)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff454a, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff454b, 8)== ord('\xa5'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaad0, 8)== ord('/'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaad1, 8)== ord('l'))
condition = Operators.AND(condition, cpu.read_int(0xf7fda838, 8)== ord('/'))
condition = Operators.AND(condition, cpu.read_int(0xf7fda839, 8)== ord('l'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff454c)
condition = Operators.AND(condition, cpu.EDI == 0xf7fdaad2)
condition = Operators.AND(condition, cpu.ESI == 0xf7fda83a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSW_4_symbolic(self):
''' Instruction MOVSW_4
Groups:
0x804d559: movsw word ptr es:[edi], word ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0x0807e000, 0x2000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0x807e031)
value = cs.new_bitvec(8)
cs.add(value == 0xe0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x807e032)
value = cs.new_bitvec(8)
cs.add(value == 0x7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x807f031)
value = cs.new_bitvec(8)
cs.add(value == 0xf0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x807f032)
value = cs.new_bitvec(8)
cs.add(value == 0x7)
mem[addr] = value
mem[0x804d559] = 'f'
mem[0x804d55a] = '\xa5'
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0x804d559
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x807f031)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0x807e031)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807e031, 8)== ord('\xe0'))
condition = Operators.AND(condition, cpu.read_int(0x807e032, 8)== ord('\x07'))
condition = Operators.AND(condition, cpu.read_int(0x807f031, 8)== ord('\xe0'))
condition = Operators.AND(condition, cpu.read_int(0x807f032, 8)== ord('\x07'))
condition = Operators.AND(condition, cpu.read_int(0x804d559, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x804d55a, 8)== ord('\xa5'))
condition = Operators.AND(condition, cpu.EIP == 0x804d55b)
condition = Operators.AND(condition, cpu.EDI == 0x807f033)
condition = Operators.AND(condition, cpu.ESI == 0x807e033)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSW_5_symbolic(self):
''' Instruction MOVSW_5
Groups:
0xf7ff454a: movsw word ptr es:[edi], word ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x2000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf29)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7ff454a] = 'f'
mem[0xf7ff454b] = '\xa5'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff5e9b)
value = cs.new_bitvec(8)
cs.add(value == 0x6c)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff5e9c)
value = cs.new_bitvec(8)
cs.add(value == 0x73)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf2a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0xf7ff454a
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7ffdf29)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7ff5e9b)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf29, 8)== ord('l'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff454a, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff454b, 8)== ord('\xa5'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff5e9b, 8)== ord('l'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff5e9c, 8)== ord('s'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf2a, 8)== ord('s'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff454c)
condition = Operators.AND(condition, cpu.EDI == 0xf7ffdf2b)
condition = Operators.AND(condition, cpu.ESI == 0xf7ff5e9d)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSW_6_symbolic(self):
''' Instruction MOVSW_6
Groups:
0xf7ff454a: movsw word ptr es:[edi], word ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x2000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf3c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7ff454a] = 'f'
mem[0xf7ff454b] = '\xa5'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff5e9b)
value = cs.new_bitvec(8)
cs.add(value == 0x6c)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ff5e9c)
value = cs.new_bitvec(8)
cs.add(value == 0x73)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf3d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0xf7ff454a
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7ffdf3c)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7ff5e9b)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff5e9c, 8)== ord('s'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff454a, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff454b, 8)== ord('\xa5'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff5e9b, 8)== ord('l'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf3c, 8)== ord('l'))
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf3d, 8)== ord('s'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff454c)
condition = Operators.AND(condition, cpu.EDI == 0xf7ffdf3e)
condition = Operators.AND(condition, cpu.ESI == 0xf7ff5e9d)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSW_7_symbolic(self):
''' Instruction MOVSW_7
Groups:
0xf7ff464f: movsw word ptr es:[edi], word ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fd7000, 0x1000, 'rwx')
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff464f] = 'f'
mem[0xf7ff4650] = '\xa5'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fda839)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fda838)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fd7039)
value = cs.new_bitvec(8)
cs.add(value == 0x2f)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fd703a)
value = cs.new_bitvec(8)
cs.add(value == 0x6c)
mem[addr] = value
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0xf7ff464f
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7fda838)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7fd7039)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff464f, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff4650, 8)== ord('\xa5'))
condition = Operators.AND(condition, cpu.read_int(0xf7fd7039, 8)== ord('/'))
condition = Operators.AND(condition, cpu.read_int(0xf7fda838, 8)== ord('/'))
condition = Operators.AND(condition, cpu.read_int(0xf7fda839, 8)== ord('l'))
condition = Operators.AND(condition, cpu.read_int(0xf7fd703a, 8)== ord('l'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4651)
condition = Operators.AND(condition, cpu.EDI == 0xf7fda83a)
condition = Operators.AND(condition, cpu.ESI == 0xf7fd703b)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSW_8_symbolic(self):
''' Instruction MOVSW_8
Groups:
0xf7ff464f: movsw word ptr es:[edi], word ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaac4)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdaac5)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x80481e9)
value = cs.new_bitvec(8)
cs.add(value == 0x6c)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x80481ea)
value = cs.new_bitvec(8)
cs.add(value == 0x69)
mem[addr] = value
mem[0xf7ff464f] = 'f'
mem[0xf7ff4650] = '\xa5'
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0xf7ff464f
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7fdaac4)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0x80481e9)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fdaac4, 8)== ord('l'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdaac5, 8)== ord('i'))
condition = Operators.AND(condition, cpu.read_int(0x80481e9, 8)== ord('l'))
condition = Operators.AND(condition, cpu.read_int(0x80481ea, 8)== ord('i'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff464f, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff4650, 8)== ord('\xa5'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4651)
condition = Operators.AND(condition, cpu.EDI == 0xf7fdaac6)
condition = Operators.AND(condition, cpu.ESI == 0x80481eb)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSX_1_symbolic(self):
''' Instruction MOVSX_1
Groups:
0xf7ff06c5: movsx ecx, dl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff06c5] = '\x0f'
mem[0xf7ff06c6] = '\xbe'
mem[0xf7ff06c7] = '\xca'
cpu.EIP = 0xf7ff06c5
cpu.DL = cs.new_bitvec(8)
cs.add(cpu.DL == 0x64)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x63)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff06c5, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff06c6, 8)== ord('\xbe'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff06c7, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff06c8)
condition = Operators.AND(condition, cpu.DL == 0x64)
condition = Operators.AND(condition, cpu.ECX == 0x64)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSX_10_symbolic(self):
''' Instruction MOVSX_10
Groups:
0x805ba7e: movsx cx, dl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x805ba80] = '\xbe'
mem[0x805ba81] = '\xca'
mem[0x805ba7e] = 'f'
mem[0x805ba7f] = '\x0f'
cpu.EIP = 0x805ba7e
cpu.DL = cs.new_bitvec(8)
cs.add(cpu.DL == 0xec)
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x1)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805ba80, 8)== ord('\xbe'))
condition = Operators.AND(condition, cpu.read_int(0x805ba81, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.read_int(0x805ba7e, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x805ba7f, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0x805ba82)
condition = Operators.AND(condition, cpu.DL == 0xec)
condition = Operators.AND(condition, cpu.CX == 0xffec)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSX_11_symbolic(self):
''' Instruction MOVSX_11
Groups:
0xf7ff069c: movsx eax, byte ptr [edx]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fd6000, 0x1000, 'rwx')
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fd6ff2)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7ff069c] = '\x0f'
mem[0xf7ff069d] = '\xbe'
mem[0xf7ff069e] = '\x02'
cpu.EIP = 0xf7ff069c
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7fd6ff2)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x80481f2)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fd6ff2, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff069c, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff069d, 8)== ord('\xbe'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff069e, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff069f)
condition = Operators.AND(condition, cpu.EDX == 0xf7fd6ff2)
condition = Operators.AND(condition, cpu.EAX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSX_12_symbolic(self):
''' Instruction MOVSX_12
Groups:
0xf7ff05d7: movsx esi, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff05d8] = '\xbe'
mem[0xf7ff05d9] = '\xf1'
mem[0xf7ff05d7] = '\x0f'
cpu.EIP = 0xf7ff05d7
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0x36)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x36)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff05d8, 8)== ord('\xbe'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff05d9, 8)== ord('\xf1'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff05d7, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff05da)
condition = Operators.AND(condition, cpu.ESI == 0x36)
condition = Operators.AND(condition, cpu.CL == 0x36)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSX_13_symbolic(self):
''' Instruction MOVSX_13
Groups:
0xf7ff06c5: movsx ecx, dl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff06c5] = '\x0f'
mem[0xf7ff06c6] = '\xbe'
mem[0xf7ff06c7] = '\xca'
cpu.EIP = 0xf7ff06c5
cpu.DL = cs.new_bitvec(8)
cs.add(cpu.DL == 0x61)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x63)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff06c5, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff06c6, 8)== ord('\xbe'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff06c7, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff06c8)
condition = Operators.AND(condition, cpu.DL == 0x61)
condition = Operators.AND(condition, cpu.ECX == 0x61)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSX_14_symbolic(self):
''' Instruction MOVSX_14
Groups:
0xf7ff06c2: movsx eax, al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff06c2] = '\x0f'
mem[0xf7ff06c3] = '\xbe'
mem[0xf7ff06c4] = '\xc0'
cpu.EIP = 0xf7ff06c2
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x2e)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x2e)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff06c2, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff06c3, 8)== ord('\xbe'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff06c4, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff06c5)
condition = Operators.AND(condition, cpu.AL == 0x2e)
condition = Operators.AND(condition, cpu.EAX == 0x2e)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSX_15_symbolic(self):
''' Instruction MOVSX_15
Groups:
0xf7ff05da: movsx ecx, dl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff05da] = '\x0f'
mem[0xf7ff05db] = '\xbe'
mem[0xf7ff05dc] = '\xca'
cpu.EIP = 0xf7ff05da
cpu.DL = cs.new_bitvec(8)
cs.add(cpu.DL == 0x36)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x36)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff05da, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff05db, 8)== ord('\xbe'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff05dc, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff05dd)
condition = Operators.AND(condition, cpu.DL == 0x36)
condition = Operators.AND(condition, cpu.ECX == 0x36)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSX_16_symbolic(self):
''' Instruction MOVSX_16
Groups:
0xf7ff06c2: movsx eax, al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff06c2] = '\x0f'
mem[0xf7ff06c3] = '\xbe'
mem[0xf7ff06c4] = '\xc0'
cpu.EIP = 0xf7ff06c2
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x63)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x63)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff06c2, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff06c3, 8)== ord('\xbe'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff06c4, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff06c5)
condition = Operators.AND(condition, cpu.AL == 0x63)
condition = Operators.AND(condition, cpu.EAX == 0x63)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSX_17_symbolic(self):
''' Instruction MOVSX_17
Groups:
0xf7ff05d7: movsx esi, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff05d8] = '\xbe'
mem[0xf7ff05d9] = '\xf1'
mem[0xf7ff05d7] = '\x0f'
cpu.EIP = 0xf7ff05d7
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0x36)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x36)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff05d8, 8)== ord('\xbe'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff05d9, 8)== ord('\xf1'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff05d7, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff05da)
condition = Operators.AND(condition, cpu.ESI == 0x36)
condition = Operators.AND(condition, cpu.CL == 0x36)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSX_18_symbolic(self):
''' Instruction MOVSX_18
Groups:
0xf7ff06c2: movsx eax, al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff06c2] = '\x0f'
mem[0xf7ff06c3] = '\xbe'
mem[0xf7ff06c4] = '\xc0'
cpu.EIP = 0xf7ff06c2
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x63)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x63)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff06c2, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff06c3, 8)== ord('\xbe'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff06c4, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff06c5)
condition = Operators.AND(condition, cpu.AL == 0x63)
condition = Operators.AND(condition, cpu.EAX == 0x63)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSX_19_symbolic(self):
''' Instruction MOVSX_19
Groups:
0x805ba82: movsx cx, byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x805ba82] = 'f'
mem[0x805ba83] = '\x0f'
mem[0x805ba84] = '\xbe'
mem[0x805ba85] = 'M'
mem[0x805ba86] = '\x00'
cpu.EIP = 0x805ba82
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0xffec)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805ba82, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x805ba83, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x805ba84, 8)== ord('\xbe'))
condition = Operators.AND(condition, cpu.read_int(0x805ba85, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x805ba86, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x805ba87)
condition = Operators.AND(condition, cpu.CX == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSX_2_symbolic(self):
''' Instruction MOVSX_2
Groups:
0xf7ff069c: movsx eax, byte ptr [edx]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fd7000, 0x1000, 'rwx')
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fd7038)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7ff069c] = '\x0f'
mem[0xf7ff069d] = '\xbe'
mem[0xf7ff069e] = '\x02'
cpu.EIP = 0xf7ff069c
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7fd7038)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x80481f2)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fd7038, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff069c, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff069d, 8)== ord('\xbe'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff069e, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff069f)
condition = Operators.AND(condition, cpu.EDX == 0xf7fd7038)
condition = Operators.AND(condition, cpu.EAX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSX_20_symbolic(self):
''' Instruction MOVSX_20
Groups:
0x805ba91: movsx ecx, word ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x805ba91] = '\x0f'
mem[0x805ba92] = '\xbf'
mem[0x805ba93] = 'M'
mem[0x805ba94] = '\x00'
cpu.EIP = 0x805ba91
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805ba91, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x805ba92, 8)== ord('\xbf'))
condition = Operators.AND(condition, cpu.read_int(0x805ba93, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x805ba94, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x805ba95)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSX_21_symbolic(self):
''' Instruction MOVSX_21
Groups:
0xf7ff05da: movsx ecx, dl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff05da] = '\x0f'
mem[0xf7ff05db] = '\xbe'
mem[0xf7ff05dc] = '\xca'
cpu.EIP = 0xf7ff05da
cpu.DL = cs.new_bitvec(8)
cs.add(cpu.DL == 0x36)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x36)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff05da, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff05db, 8)== ord('\xbe'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff05dc, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff05dd)
condition = Operators.AND(condition, cpu.DL == 0x36)
condition = Operators.AND(condition, cpu.ECX == 0x36)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSX_3_symbolic(self):
''' Instruction MOVSX_3
Groups:
0x805ba87: movsx ecx, dl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x805ba88] = '\xbe'
mem[0x805ba89] = '\xca'
mem[0x805ba87] = '\x0f'
cpu.EIP = 0x805ba87
cpu.DL = cs.new_bitvec(8)
cs.add(cpu.DL == 0xec)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805ba88, 8)== ord('\xbe'))
condition = Operators.AND(condition, cpu.read_int(0x805ba89, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.read_int(0x805ba87, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0x805ba8a)
condition = Operators.AND(condition, cpu.DL == 0xec)
condition = Operators.AND(condition, cpu.ECX == 0xffffffec)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSX_4_symbolic(self):
''' Instruction MOVSX_4
Groups:
0x805ba8d: movsx ecx, byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x805ba90] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x805ba8d] = '\x0f'
mem[0x805ba8e] = '\xbe'
mem[0x805ba8f] = 'M'
cpu.EIP = 0x805ba8d
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x3ec)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805ba90, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805ba8d, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x805ba8e, 8)== ord('\xbe'))
condition = Operators.AND(condition, cpu.read_int(0x805ba8f, 8)== ord('M'))
condition = Operators.AND(condition, cpu.EIP == 0x805ba91)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSX_5_symbolic(self):
''' Instruction MOVSX_5
Groups:
0xf7ff05d7: movsx esi, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff05d8] = '\xbe'
mem[0xf7ff05d9] = '\xf1'
mem[0xf7ff05d7] = '\x0f'
cpu.EIP = 0xf7ff05d7
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0x36)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x36)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff05d8, 8)== ord('\xbe'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff05d9, 8)== ord('\xf1'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff05d7, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff05da)
condition = Operators.AND(condition, cpu.ESI == 0x36)
condition = Operators.AND(condition, cpu.CL == 0x36)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSX_6_symbolic(self):
''' Instruction MOVSX_6
Groups:
0xf7ff06c5: movsx ecx, dl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff06c5] = '\x0f'
mem[0xf7ff06c6] = '\xbe'
mem[0xf7ff06c7] = '\xca'
cpu.EIP = 0xf7ff06c5
cpu.DL = cs.new_bitvec(8)
cs.add(cpu.DL == 0x61)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x2e)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff06c5, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff06c6, 8)== ord('\xbe'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff06c7, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff06c8)
condition = Operators.AND(condition, cpu.DL == 0x61)
condition = Operators.AND(condition, cpu.ECX == 0x61)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSX_7_symbolic(self):
''' Instruction MOVSX_7
Groups:
0xf7ff06c2: movsx eax, al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff06c2] = '\x0f'
mem[0xf7ff06c3] = '\xbe'
mem[0xf7ff06c4] = '\xc0'
cpu.EIP = 0xf7ff06c2
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x63)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x63)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff06c2, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff06c3, 8)== ord('\xbe'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff06c4, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff06c5)
condition = Operators.AND(condition, cpu.AL == 0x63)
condition = Operators.AND(condition, cpu.EAX == 0x63)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSX_8_symbolic(self):
''' Instruction MOVSX_8
Groups:
0xf7ff05da: movsx ecx, dl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff05da] = '\x0f'
mem[0xf7ff05db] = '\xbe'
mem[0xf7ff05dc] = '\xca'
cpu.EIP = 0xf7ff05da
cpu.DL = cs.new_bitvec(8)
cs.add(cpu.DL == 0x36)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x36)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff05da, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff05db, 8)== ord('\xbe'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff05dc, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff05dd)
condition = Operators.AND(condition, cpu.DL == 0x36)
condition = Operators.AND(condition, cpu.ECX == 0x36)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVSX_9_symbolic(self):
''' Instruction MOVSX_9
Groups:
0xf7ff06c5: movsx ecx, dl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff06c5] = '\x0f'
mem[0xf7ff06c6] = '\xbe'
mem[0xf7ff06c7] = '\xca'
cpu.EIP = 0xf7ff06c5
cpu.DL = cs.new_bitvec(8)
cs.add(cpu.DL == 0x6c)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x2e)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff06c5, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff06c6, 8)== ord('\xbe'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff06c7, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff06c8)
condition = Operators.AND(condition, cpu.DL == 0x6c)
condition = Operators.AND(condition, cpu.ECX == 0x6c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVZX_1_symbolic(self):
''' Instruction MOVZX_1
Groups:
0xf7fe7239: movzx eax, byte ptr [eax + 0xc]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e20000, 0x1000, 'rwx')
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e20b40)
value = cs.new_bitvec(8)
cs.add(value == 0x11)
mem[addr] = value
mem[0xf7fe7239] = '\x0f'
mem[0xf7fe723a] = '\xb6'
mem[0xf7fe723b] = '@'
mem[0xf7fe723c] = '\x0c'
cpu.EIP = 0xf7fe7239
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7e20b34)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e20b40, 8)== ord('\x11'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7239, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe723a, 8)== ord('\xb6'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe723b, 8)== ord('@'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe723c, 8)== ord('\x0c'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe723d)
condition = Operators.AND(condition, cpu.EAX == 0x11)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVZX_10_symbolic(self):
''' Instruction MOVZX_10
Groups:
0xf7fe720c: movzx edx, word ptr [edx + ecx*2]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e28000, 0x1000, 'rwx')
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe720c] = '\x0f'
mem[0xf7fe720d] = '\xb7'
mem[0xf7fe720e] = '\x14'
mem[0xf7fe720f] = 'J'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e287da)
value = cs.new_bitvec(8)
cs.add(value == 0x2)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e287db)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0xf7fe720c
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7e281c2)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x30c)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe720c, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe720d, 8)== ord('\xb7'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe720e, 8)== ord('\x14'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe720f, 8)== ord('J'))
condition = Operators.AND(condition, cpu.read_int(0xf7e287da, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.read_int(0xf7e287db, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7210)
condition = Operators.AND(condition, cpu.EDX == 0x2)
condition = Operators.AND(condition, cpu.ECX == 0x30c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVZX_11_symbolic(self):
''' Instruction MOVZX_11
Groups:
0xf7fe57ac: movzx eax, byte ptr [esi + 0x194]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe57b0] = '\x01'
mem[0xf7fe57b1] = '\x00'
mem[0xf7fe57b2] = '\x00'
mem[0xf7fe57ac] = '\x0f'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fda9ec)
value = cs.new_bitvec(8)
cs.add(value == 0x15)
mem[addr] = value
mem[0xf7fe57ad] = '\xb6'
mem[0xf7fe57ae] = '\x86'
mem[0xf7fe57af] = '\x94'
cpu.EIP = 0xf7fe57ac
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7fda858)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7fdc3bc)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe57b0, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57b1, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57b2, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fda9ec, 8)== ord('\x15'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57ac, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57ad, 8)== ord('\xb6'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57ae, 8)== ord('\x86'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57af, 8)== ord('\x94'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe57b3)
condition = Operators.AND(condition, cpu.ESI == 0xf7fda858)
condition = Operators.AND(condition, cpu.EAX == 0x15)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVZX_12_symbolic(self):
''' Instruction MOVZX_12
Groups:
0xf7fe56ac: movzx eax, byte ptr [edx]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e25000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e25fd3)
value = cs.new_bitvec(8)
cs.add(value == 0x74)
mem[addr] = value
mem[0xf7fe56ac] = '\x0f'
mem[0xf7fe56ad] = '\xb6'
mem[0xf7fe56ae] = '\x02'
cpu.EIP = 0xf7fe56ac
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7e25fd3)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x72)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e25fd3, 8)== ord('t'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ac, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ad, 8)== ord('\xb6'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ae, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56af)
condition = Operators.AND(condition, cpu.EDX == 0xf7e25fd3)
condition = Operators.AND(condition, cpu.EAX == 0x74)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVZX_13_symbolic(self):
''' Instruction MOVZX_13
Groups:
0xf7fe5796: movzx edx, byte ptr [eax + 0xd]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e20000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe5798] = 'P'
mem[0xf7fe5799] = '\r'
mem[0xf7fe5797] = '\xb6'
mem[0xf7fe5796] = '\x0f'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e202f1)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0xf7fe5796
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x1)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7e202e4)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe5798, 8)== ord('P'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe5799, 8)== ord('\r'))
condition = Operators.AND(condition, cpu.read_int(0xf7e202f1, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe5796, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe5797, 8)== ord('\xb6'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe579a)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.EAX == 0xf7e202e4)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVZX_14_symbolic(self):
''' Instruction MOVZX_14
Groups:
0xf7fe56ac: movzx eax, byte ptr [edx]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e26000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56ac] = '\x0f'
mem[0xf7fe56ad] = '\xb6'
mem[0xf7fe56ae] = '\x02'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e26a2d)
value = cs.new_bitvec(8)
cs.add(value == 0x31)
mem[addr] = value
cpu.EIP = 0xf7fe56ac
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7e26a2d)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x5f)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ac, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ad, 8)== ord('\xb6'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ae, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.read_int(0xf7e26a2d, 8)== ord('1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56af)
condition = Operators.AND(condition, cpu.EDX == 0xf7e26a2d)
condition = Operators.AND(condition, cpu.EAX == 0x31)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVZX_15_symbolic(self):
''' Instruction MOVZX_15
Groups:
0xf7fe56ac: movzx eax, byte ptr [edx]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e23000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56ac] = '\x0f'
mem[0xf7fe56ad] = '\xb6'
mem[0xf7fe56ae] = '\x02'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e23345)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0xf7fe56ac
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7e23345)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x65)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ac, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ad, 8)== ord('\xb6'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ae, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.read_int(0xf7e23345, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56af)
condition = Operators.AND(condition, cpu.EDX == 0xf7e23345)
condition = Operators.AND(condition, cpu.EAX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVZX_16_symbolic(self):
''' Instruction MOVZX_16
Groups:
0xf7fe56ac: movzx eax, byte ptr [edx]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e24000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56ac] = '\x0f'
mem[0xf7fe56ad] = '\xb6'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e24b9e)
value = cs.new_bitvec(8)
cs.add(value == 0x72)
mem[addr] = value
mem[0xf7fe56ae] = '\x02'
cpu.EIP = 0xf7fe56ac
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7e24b9e)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x6f)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ac, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ad, 8)== ord('\xb6'))
condition = Operators.AND(condition, cpu.read_int(0xf7e24b9e, 8)== ord('r'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ae, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56af)
condition = Operators.AND(condition, cpu.EDX == 0xf7e24b9e)
condition = Operators.AND(condition, cpu.EAX == 0x72)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVZX_17_symbolic(self):
''' Instruction MOVZX_17
Groups:
0xf7fe7239: movzx eax, byte ptr [eax + 0xc]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e1b000, 0x1000, 'rwx')
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e1bd70)
value = cs.new_bitvec(8)
cs.add(value == 0x11)
mem[addr] = value
mem[0xf7fe7239] = '\x0f'
mem[0xf7fe723a] = '\xb6'
mem[0xf7fe723b] = '@'
mem[0xf7fe723c] = '\x0c'
cpu.EIP = 0xf7fe7239
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7e1bd64)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e1bd70, 8)== ord('\x11'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7239, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe723a, 8)== ord('\xb6'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe723b, 8)== ord('@'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe723c, 8)== ord('\x0c'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe723d)
condition = Operators.AND(condition, cpu.EAX == 0x11)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVZX_18_symbolic(self):
''' Instruction MOVZX_18
Groups:
0xf7fe56ac: movzx eax, byte ptr [edx]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fdc000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56ac] = '\x0f'
mem[0xf7fe56ad] = '\xb6'
mem[0xf7fe56ae] = '\x02'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdc56d)
value = cs.new_bitvec(8)
cs.add(value == 0x6c)
mem[addr] = value
cpu.EIP = 0xf7fe56ac
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7fdc56d)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x64)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ac, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ad, 8)== ord('\xb6'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ae, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdc56d, 8)== ord('l'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56af)
condition = Operators.AND(condition, cpu.EDX == 0xf7fdc56d)
condition = Operators.AND(condition, cpu.EAX == 0x6c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVZX_19_symbolic(self):
''' Instruction MOVZX_19
Groups:
0xf7fe56ac: movzx eax, byte ptr [edx]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e26000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56ac] = '\x0f'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e26a64)
value = cs.new_bitvec(8)
cs.add(value == 0x72)
mem[addr] = value
mem[0xf7fe56ad] = '\xb6'
mem[0xf7fe56ae] = '\x02'
cpu.EIP = 0xf7fe56ac
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7e26a64)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x75)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e26a64, 8)== ord('r'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ac, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ad, 8)== ord('\xb6'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ae, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56af)
condition = Operators.AND(condition, cpu.EDX == 0xf7e26a64)
condition = Operators.AND(condition, cpu.EAX == 0x72)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVZX_2_symbolic(self):
''' Instruction MOVZX_2
Groups:
0xf7fe56ac: movzx eax, byte ptr [edx]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e24000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e24cb9)
value = cs.new_bitvec(8)
cs.add(value == 0x6f)
mem[addr] = value
mem[0xf7fe56ac] = '\x0f'
mem[0xf7fe56ad] = '\xb6'
mem[0xf7fe56ae] = '\x02'
cpu.EIP = 0xf7fe56ac
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7e24cb9)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x64)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e24cb9, 8)== ord('o'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ac, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ad, 8)== ord('\xb6'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ae, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56af)
condition = Operators.AND(condition, cpu.EDX == 0xf7e24cb9)
condition = Operators.AND(condition, cpu.EAX == 0x6f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVZX_20_symbolic(self):
''' Instruction MOVZX_20
Groups:
0xf7fe56ac: movzx eax, byte ptr [edx]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e22000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e22bf1)
value = cs.new_bitvec(8)
cs.add(value == 0x5f)
mem[addr] = value
mem[0xf7fe56ac] = '\x0f'
mem[0xf7fe56ad] = '\xb6'
mem[0xf7fe56ae] = '\x02'
cpu.EIP = 0xf7fe56ac
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7e22bf1)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x5f)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e22bf1, 8)== ord('_'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ac, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ad, 8)== ord('\xb6'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ae, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56af)
condition = Operators.AND(condition, cpu.EDX == 0xf7e22bf1)
condition = Operators.AND(condition, cpu.EAX == 0x5f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVZX_21_symbolic(self):
''' Instruction MOVZX_21
Groups:
0xf7fe56ac: movzx eax, byte ptr [edx]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e24000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56ac] = '\x0f'
mem[0xf7fe56ad] = '\xb6'
mem[0xf7fe56ae] = '\x02'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e247e5)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0xf7fe56ac
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7e247e5)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x6b)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ac, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ad, 8)== ord('\xb6'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ae, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.read_int(0xf7e247e5, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56af)
condition = Operators.AND(condition, cpu.EDX == 0xf7e247e5)
condition = Operators.AND(condition, cpu.EAX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVZX_3_symbolic(self):
''' Instruction MOVZX_3
Groups:
0xf7fe56ac: movzx eax, byte ptr [edx]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e22000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56ac] = '\x0f'
mem[0xf7fe56ad] = '\xb6'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e22bf6)
value = cs.new_bitvec(8)
cs.add(value == 0x63)
mem[addr] = value
mem[0xf7fe56ae] = '\x02'
cpu.EIP = 0xf7fe56ac
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7e22bf6)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x65)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ac, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ad, 8)== ord('\xb6'))
condition = Operators.AND(condition, cpu.read_int(0xf7e22bf6, 8)== ord('c'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ae, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56af)
condition = Operators.AND(condition, cpu.EDX == 0xf7e22bf6)
condition = Operators.AND(condition, cpu.EAX == 0x63)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVZX_4_symbolic(self):
''' Instruction MOVZX_4
Groups:
0xf7fe7239: movzx eax, byte ptr [eax + 0xc]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e1e000, 0x1000, 'rwx')
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e1ec70)
value = cs.new_bitvec(8)
cs.add(value == 0x11)
mem[addr] = value
mem[0xf7fe7239] = '\x0f'
mem[0xf7fe723a] = '\xb6'
mem[0xf7fe723b] = '@'
mem[0xf7fe723c] = '\x0c'
cpu.EIP = 0xf7fe7239
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7e1ec64)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e1ec70, 8)== ord('\x11'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7239, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe723a, 8)== ord('\xb6'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe723b, 8)== ord('@'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe723c, 8)== ord('\x0c'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe723d)
condition = Operators.AND(condition, cpu.EAX == 0x11)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVZX_5_symbolic(self):
''' Instruction MOVZX_5
Groups:
0xf7fe56ac: movzx eax, byte ptr [edx]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e27000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e27850)
value = cs.new_bitvec(8)
cs.add(value == 0x73)
mem[addr] = value
mem[0xf7fe56ac] = '\x0f'
mem[0xf7fe56ad] = '\xb6'
mem[0xf7fe56ae] = '\x02'
cpu.EIP = 0xf7fe56ac
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7e27850)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x74)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e27850, 8)== ord('s'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ac, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ad, 8)== ord('\xb6'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ae, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56af)
condition = Operators.AND(condition, cpu.EDX == 0xf7e27850)
condition = Operators.AND(condition, cpu.EAX == 0x73)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVZX_6_symbolic(self):
''' Instruction MOVZX_6
Groups:
0xf7fe7239: movzx eax, byte ptr [eax + 0xc]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e21000, 0x1000, 'rwx')
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e21a00)
value = cs.new_bitvec(8)
cs.add(value == 0x11)
mem[addr] = value
mem[0xf7fe7239] = '\x0f'
mem[0xf7fe723a] = '\xb6'
mem[0xf7fe723b] = '@'
mem[0xf7fe723c] = '\x0c'
cpu.EIP = 0xf7fe7239
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7e219f4)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e21a00, 8)== ord('\x11'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7239, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe723a, 8)== ord('\xb6'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe723b, 8)== ord('@'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe723c, 8)== ord('\x0c'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe723d)
condition = Operators.AND(condition, cpu.EAX == 0x11)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVZX_7_symbolic(self):
''' Instruction MOVZX_7
Groups:
0xf7fe56ac: movzx eax, byte ptr [edx]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e27000, 0x1000, 'rwx')
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e271c0)
value = cs.new_bitvec(8)
cs.add(value == 0x79)
mem[addr] = value
mem[0xf7fe56ac] = '\x0f'
mem[0xf7fe56ad] = '\xb6'
mem[0xf7fe56ae] = '\x02'
cpu.EIP = 0xf7fe56ac
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7e271c0)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x74)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e271c0, 8)== ord('y'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ac, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ad, 8)== ord('\xb6'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56ae, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56af)
condition = Operators.AND(condition, cpu.EDX == 0xf7e271c0)
condition = Operators.AND(condition, cpu.EAX == 0x79)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVZX_8_symbolic(self):
''' Instruction MOVZX_8
Groups:
0xf7fe7239: movzx eax, byte ptr [eax + 0xc]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fdc000, 0x1000, 'rwx')
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdc3c8)
value = cs.new_bitvec(8)
cs.add(value == 0x22)
mem[addr] = value
mem[0xf7fe7239] = '\x0f'
mem[0xf7fe723a] = '\xb6'
mem[0xf7fe723b] = '@'
mem[0xf7fe723c] = '\x0c'
cpu.EIP = 0xf7fe7239
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7fdc3bc)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fdc3c8, 8)== ord('"'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7239, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe723a, 8)== ord('\xb6'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe723b, 8)== ord('@'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe723c, 8)== ord('\x0c'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe723d)
condition = Operators.AND(condition, cpu.EAX == 0x22)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOVZX_9_symbolic(self):
''' Instruction MOVZX_9
Groups:
0xf7fec2c2: movzx edx, word ptr [eax + 4]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e29000, 0x1000, 'rwx')
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec2c2] = '\x0f'
mem[0xf7fec2c3] = '\xb7'
mem[0xf7fec2c4] = 'P'
mem[0xf7fec2c5] = '\x04'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e295f8)
value = cs.new_bitvec(8)
cs.add(value == 0xc)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e295f9)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0xf7fec2c2
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x24)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7e295f4)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fec2c2, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec2c3, 8)== ord('\xb7'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec2c4, 8)== ord('P'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec2c5, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.read_int(0xf7e295f8, 8)== ord('\x0c'))
condition = Operators.AND(condition, cpu.read_int(0xf7e295f9, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fec2c6)
condition = Operators.AND(condition, cpu.EDX == 0xc)
condition = Operators.AND(condition, cpu.EAX == 0xf7e295f4)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOV_1_symbolic(self):
''' Instruction MOV_1
Groups:
0xf7fe22fb: mov dword ptr [ebp - 0x9c], eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe2000, 0x1000, 'rwx')
mem.mmap(0xffffc000, 0x1000, 'rwx')
mem[0xf7fe2300] = '\xff'
mem[0xf7fe22fd] = 'd'
mem[0xf7fe22ff] = '\xff'
mem[0xf7fe22fe] = '\xff'
mem[0xf7fe22fc] = '\x85'
mem[0xf7fe22fb] = '\x89'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffcfec)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffcfed)
value = cs.new_bitvec(8)
cs.add(value == 0xf)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffcfee)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffcfef)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0xf7fe22fb
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd088)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7fc3a7c)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe2300, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe22fd, 8)== ord('d'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe22ff, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe22fe, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe22fc, 8)== ord('\x85'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe22fb, 8)== ord('\x89'))
condition = Operators.AND(condition, cpu.read_int(0xffffcfec, 8)== ord('|'))
condition = Operators.AND(condition, cpu.read_int(0xffffcfed, 8)== ord(':'))
condition = Operators.AND(condition, cpu.read_int(0xffffcfee, 8)== ord('\xfc'))
condition = Operators.AND(condition, cpu.read_int(0xffffcfef, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe2301)
condition = Operators.AND(condition, cpu.EBP == 0xffffd088)
condition = Operators.AND(condition, cpu.EAX == 0xf7fc3a7c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOV_10_symbolic(self):
''' Instruction MOV_10
Groups:
0x8057c2f: mov esp, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08057000, 0x1000, 'rwx')
mem[0x8057c30] = '\xd4'
mem[0x8057c2f] = '\x89'
cpu.EIP = 0x8057c2f
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xffffc606)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffc606)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8057c30, 8)== ord('\xd4'))
condition = Operators.AND(condition, cpu.read_int(0x8057c2f, 8)== ord('\x89'))
condition = Operators.AND(condition, cpu.EIP == 0x8057c31)
condition = Operators.AND(condition, cpu.EDX == 0xffffc606)
condition = Operators.AND(condition, cpu.ESP == 0xffffc606)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOV_11_symbolic(self):
''' Instruction MOV_11
Groups:
0xf7fe56a0: mov ecx, edi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a0] = '\x89'
mem[0xf7fe56a1] = '\xf9'
cpu.EIP = 0xf7fe56a0
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xc498786f)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x710ff860)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a0, 8)== ord('\x89'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a1, 8)== ord('\xf9'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56a2)
condition = Operators.AND(condition, cpu.EDI == 0xc498786f)
condition = Operators.AND(condition, cpu.ECX == 0xc498786f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOV_12_symbolic(self):
''' Instruction MOV_12
Groups:
0xf7fe71a8: mov eax, dword ptr [esi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e2b000, 0x1000, 'rwx')
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe71a8] = '\x8b'
mem[0xf7fe71a9] = '\x06'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e2b33c)
value = cs.new_bitvec(8)
cs.add(value == 0x54)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e2b33d)
value = cs.new_bitvec(8)
cs.add(value == 0xa6)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e2b33e)
value = cs.new_bitvec(8)
cs.add(value == 0x1a)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e2b33f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0xf7fe71a8
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7e2b33c)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7fbf650)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe71a8, 8)== ord('\x8b'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe71a9, 8)== ord('\x06'))
condition = Operators.AND(condition, cpu.read_int(0xf7e2b33c, 8)== ord('T'))
condition = Operators.AND(condition, cpu.read_int(0xf7e2b33d, 8)== ord('\xa6'))
condition = Operators.AND(condition, cpu.read_int(0xf7e2b33e, 8)== ord('\x1a'))
condition = Operators.AND(condition, cpu.read_int(0xf7e2b33f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe71aa)
condition = Operators.AND(condition, cpu.ESI == 0xf7e2b33c)
condition = Operators.AND(condition, cpu.EAX == 0x1aa654)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOV_13_symbolic(self):
''' Instruction MOV_13
Groups:
0xf7fe4f32: mov edx, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f32] = '\x89'
mem[0xf7fe4f33] = '\xc2'
cpu.EIP = 0xf7fe4f32
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x3105395)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x20002000)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f32, 8)== ord('\x89'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f33, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4f34)
condition = Operators.AND(condition, cpu.EDX == 0x20002000)
condition = Operators.AND(condition, cpu.EAX == 0x20002000)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOV_14_symbolic(self):
''' Instruction MOV_14
Groups:
0xf7fe0b98: mov esi, dword ptr [ebp - 0x30]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe0000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe0b98] = '\x8b'
mem[0xf7fe0b99] = 'u'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd678)
value = cs.new_bitvec(8)
cs.add(value == 0x10)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd679)
value = cs.new_bitvec(8)
cs.add(value == 0xd0)
mem[addr] = value
mem[0xf7fe0b9a] = '\xd0'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd67b)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd67a)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
cpu.EIP = 0xf7fe0b98
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd6a8)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7fdc44c)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd678, 8)== ord('\x10'))
condition = Operators.AND(condition, cpu.read_int(0xffffd679, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe0b98, 8)== ord('\x8b'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe0b99, 8)== ord('u'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe0b9a, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xffffd67b, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd67a, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe0b9b)
condition = Operators.AND(condition, cpu.EBP == 0xffffd6a8)
condition = Operators.AND(condition, cpu.ESI == 0xf7ffd010)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOV_15_symbolic(self):
''' Instruction MOV_15
Groups:
0xf7ff167f: mov eax, dword ptr [esp + 0x20]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7ff1680] = 'D'
mem[0xf7ff1681] = '$'
mem[0xf7ff1682] = ' '
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4b3)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4b1)
value = cs.new_bitvec(8)
cs.add(value == 0x2)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4b0)
value = cs.new_bitvec(8)
cs.add(value == 0x8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4b2)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7ff167f] = '\x8b'
cpu.EIP = 0xf7ff167f
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x209)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd490)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff1680, 8)== ord('D'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff1681, 8)== ord('$'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff1682, 8)== ord(' '))
condition = Operators.AND(condition, cpu.read_int(0xffffd4b3, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4b1, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4b0, 8)== ord('\x08'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4b2, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff167f, 8)== ord('\x8b'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff1683)
condition = Operators.AND(condition, cpu.ESP == 0xffffd490)
condition = Operators.AND(condition, cpu.EAX == 0x208)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOV_16_symbolic(self):
''' Instruction MOV_16
Groups:
0xf7fe576f: mov dword ptr [esp], eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd380)
value = cs.new_bitvec(8)
cs.add(value == 0xe8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd381)
value = cs.new_bitvec(8)
cs.add(value == 0xd3)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd382)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd383)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
mem[0xf7fe576f] = '\x89'
mem[0xf7fe5770] = '\x04'
mem[0xf7fe5771] = '$'
cpu.EIP = 0xf7fe576f
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd380)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xffffd3e8)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd380, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd381, 8)== ord('\xd3'))
condition = Operators.AND(condition, cpu.read_int(0xffffd382, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd383, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe576f, 8)== ord('\x89'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe5770, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe5771, 8)== ord('$'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe5772)
condition = Operators.AND(condition, cpu.EAX == 0xffffd3e8)
condition = Operators.AND(condition, cpu.ESP == 0xffffd380)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOV_17_symbolic(self):
''' Instruction MOV_17
Groups:
0xf7fe7219: mov dword ptr [ebp - 0x74], edi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd484)
value = cs.new_bitvec(8)
cs.add(value == 0x88)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd485)
value = cs.new_bitvec(8)
cs.add(value == 0xab)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd486)
value = cs.new_bitvec(8)
cs.add(value == 0xfd)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd487)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
mem[0xf7fe7219] = '\x89'
mem[0xf7fe721a] = '}'
mem[0xf7fe721b] = '\x8c'
cpu.EIP = 0xf7fe7219
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7fdab88)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd4f8)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd484, 8)== ord('\x88'))
condition = Operators.AND(condition, cpu.read_int(0xffffd485, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.read_int(0xffffd486, 8)== ord('\xfd'))
condition = Operators.AND(condition, cpu.read_int(0xffffd487, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7219, 8)== ord('\x89'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe721a, 8)== ord('}'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe721b, 8)== ord('\x8c'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe721c)
condition = Operators.AND(condition, cpu.EDI == 0xf7fdab88)
condition = Operators.AND(condition, cpu.EBP == 0xffffd4f8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOV_18_symbolic(self):
''' Instruction MOV_18
Groups:
0xf7fe99cf: mov dword ptr [ebp - 0x20], eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe99cf] = '\x89'
mem[0xf7fe99d0] = 'E'
mem[0xf7fe99d1] = '\xe0'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd478)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd479)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd47a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd47b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0xf7fe99cf
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd498)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xfffffffe)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe99cf, 8)== ord('\x89'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe99d0, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe99d1, 8)== ord('\xe0'))
condition = Operators.AND(condition, cpu.read_int(0xffffd478, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd479, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd47a, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd47b, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe99d2)
condition = Operators.AND(condition, cpu.EBP == 0xffffd498)
condition = Operators.AND(condition, cpu.EAX == 0xfffffffe)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOV_19_symbolic(self):
''' Instruction MOV_19
Groups:
0xf7febbf1: mov edi, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7feb000, 0x1000, 'rwx')
mem[0xf7febbf1] = '\x89'
mem[0xf7febbf2] = '\xc7'
cpu.EIP = 0xf7febbf1
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7ffd938)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7e28049)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7febbf1, 8)== ord('\x89'))
condition = Operators.AND(condition, cpu.read_int(0xf7febbf2, 8)== ord('\xc7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7febbf3)
condition = Operators.AND(condition, cpu.EDI == 0xf7e28049)
condition = Operators.AND(condition, cpu.EAX == 0xf7e28049)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOV_2_symbolic(self):
''' Instruction MOV_2
Groups:
0x8072b02: mov eax, 0x137
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08072000, 0x1000, 'rwx')
mem[0x8072b02] = '\xb8'
mem[0x8072b03] = '7'
mem[0x8072b04] = '\x01'
mem[0x8072b05] = '\x00'
mem[0x8072b06] = '\x00'
cpu.EIP = 0x8072b02
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x137)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8072b02, 8)== ord('\xb8'))
condition = Operators.AND(condition, cpu.read_int(0x8072b03, 8)== ord('7'))
condition = Operators.AND(condition, cpu.read_int(0x8072b04, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0x8072b05, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8072b06, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8072b07)
condition = Operators.AND(condition, cpu.EAX == 0x137)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOV_20_symbolic(self):
''' Instruction MOV_20
Groups:
0x8059513: mov edx, esp
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x8059513] = '\x89'
mem[0x8059514] = '\xe2'
cpu.EIP = 0x8059513
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xffffc606)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffc606)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8059513, 8)== ord('\x89'))
condition = Operators.AND(condition, cpu.read_int(0x8059514, 8)== ord('\xe2'))
condition = Operators.AND(condition, cpu.EIP == 0x8059515)
condition = Operators.AND(condition, cpu.EDX == 0xffffc606)
condition = Operators.AND(condition, cpu.ESP == 0xffffc606)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOV_21_symbolic(self):
''' Instruction MOV_21
Groups:
0x8077737: mov edx, 0
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08077000, 0x1000, 'rwx')
mem[0x8077738] = '\x00'
mem[0x8077739] = '\x00'
mem[0x807773a] = '\x00'
mem[0x807773b] = '\x00'
mem[0x8077737] = '\xba'
cpu.EIP = 0x8077737
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8077738, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8077739, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x807773a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x807773b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8077737, 8)== ord('\xba'))
condition = Operators.AND(condition, cpu.EIP == 0x807773c)
condition = Operators.AND(condition, cpu.EDX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOV_3_symbolic(self):
''' Instruction MOV_3
Groups:
0xf7ff3e68: mov al, byte ptr [ecx]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e28000, 0x1000, 'rwx')
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e68] = '\x8a'
mem[0xf7ff3e69] = '\x01'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e280a1)
value = cs.new_bitvec(8)
cs.add(value == 0x32)
mem[addr] = value
cpu.EIP = 0xf7ff3e68
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x2e)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf7e280a1)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e68, 8)== ord('\x8a'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e69, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xf7e280a1, 8)== ord('2'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e6a)
condition = Operators.AND(condition, cpu.AL == 0x32)
condition = Operators.AND(condition, cpu.ECX == 0xf7e280a1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOV_4_symbolic(self):
''' Instruction MOV_4
Groups:
0x8058801: mov ebp, ebx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08058000, 0x1000, 'rwx')
mem[0x8058801] = '\x89'
mem[0x8058802] = '\xdd'
cpu.EIP = 0x8058801
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.EBX = cs.new_bitvec(32)
cs.add(cpu.EBX == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8058801, 8)== ord('\x89'))
condition = Operators.AND(condition, cpu.read_int(0x8058802, 8)== ord('\xdd'))
condition = Operators.AND(condition, cpu.EIP == 0x8058803)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.EBX == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOV_5_symbolic(self):
''' Instruction MOV_5
Groups:
0xf7fe4fcb: mov eax, dword ptr [esp + 0x5c]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd34f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd34e)
value = cs.new_bitvec(8)
cs.add(value == 0xfd)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd34c)
value = cs.new_bitvec(8)
cs.add(value == 0x58)
mem[addr] = value
mem[0xf7fe4fcb] = '\x8b'
mem[0xf7fe4fcc] = 'D'
mem[0xf7fe4fcd] = '$'
mem[0xf7fe4fce] = '\\'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd34d)
value = cs.new_bitvec(8)
cs.add(value == 0xa8)
mem[addr] = value
cpu.EIP = 0xf7fe4fcb
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xffffd3f0)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2f0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd34f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd34e, 8)== ord('\xfd'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4fcc, 8)== ord('D'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4fcb, 8)== ord('\x8b'))
condition = Operators.AND(condition, cpu.read_int(0xffffd34c, 8)== ord('X'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4fcd, 8)== ord('$'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4fce, 8)== ord('\\'))
condition = Operators.AND(condition, cpu.read_int(0xffffd34d, 8)== ord('\xa8'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4fcf)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2f0)
condition = Operators.AND(condition, cpu.EAX == 0xf7fda858)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOV_6_symbolic(self):
''' Instruction MOV_6
Groups:
0xf7ff3e68: mov al, byte ptr [ecx]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fdc000, 0x1000, 'rwx')
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e68] = '\x8a'
mem[0xf7ff3e69] = '\x01'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fdc4f5)
value = cs.new_bitvec(8)
cs.add(value == 0x61)
mem[addr] = value
cpu.EIP = 0xf7ff3e68
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x74)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf7fdc4f5)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e68, 8)== ord('\x8a'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e69, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdc4f5, 8)== ord('a'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e6a)
condition = Operators.AND(condition, cpu.AL == 0x61)
condition = Operators.AND(condition, cpu.ECX == 0xf7fdc4f5)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOV_7_symbolic(self):
''' Instruction MOV_7
Groups:
0x805083b: mov eax, 0x137
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08050000, 0x1000, 'rwx')
mem[0x805083b] = '\xb8'
mem[0x805083c] = '7'
mem[0x805083d] = '\x01'
mem[0x805083e] = '\x00'
mem[0x805083f] = '\x00'
cpu.EIP = 0x805083b
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x137)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805083b, 8)== ord('\xb8'))
condition = Operators.AND(condition, cpu.read_int(0x805083c, 8)== ord('7'))
condition = Operators.AND(condition, cpu.read_int(0x805083d, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0x805083e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805083f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8050840)
condition = Operators.AND(condition, cpu.EAX == 0x137)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOV_8_symbolic(self):
''' Instruction MOV_8
Groups:
0xf7fe4d09: mov eax, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4d09] = '\x89'
mem[0xf7fe4d0a] = '\xc8'
cpu.EIP = 0xf7fe4d09
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7fdc642)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x6)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4d09, 8)== ord('\x89'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4d0a, 8)== ord('\xc8'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4d0b)
condition = Operators.AND(condition, cpu.ECX == 0x6)
condition = Operators.AND(condition, cpu.EAX == 0x6)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_MOV_9_symbolic(self):
''' Instruction MOV_9
Groups:
0xf7fe9dad: mov byte ptr [eax], 0x2f
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem.mmap(0xf7ffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7ffdf2b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fe9dad] = '\xc6'
mem[0xf7fe9dae] = '\x00'
mem[0xf7fe9daf] = '/'
cpu.EIP = 0xf7fe9dad
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7ffdf2b)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ffdf2b, 8)== ord('/'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9dad, 8)== ord('\xc6'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9dae, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9daf, 8)== ord('/'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe9db0)
condition = Operators.AND(condition, cpu.EAX == 0xf7ffdf2b)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NEG_1_symbolic(self):
''' Instruction NEG_1
Groups:
0xf7ff15a4: neg edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem[0xf7ff15a4] = '\xf7'
mem[0xf7ff15a5] = '\xda'
cpu.EIP = 0xf7ff15a4
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7ffdc28)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff15a4, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff15a5, 8)== ord('\xda'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff15a6)
condition = Operators.AND(condition, cpu.EDX == 0x80023d8)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NEG_10_symbolic(self):
''' Instruction NEG_10
Groups:
0xf7ff15a4: neg edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem[0xf7ff15a4] = '\xf7'
mem[0xf7ff15a5] = '\xda'
cpu.EIP = 0xf7ff15a4
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7ffdea8)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff15a4, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff15a5, 8)== ord('\xda'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff15a6)
condition = Operators.AND(condition, cpu.EDX == 0x8002158)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NEG_11_symbolic(self):
''' Instruction NEG_11
Groups:
0xf7fdea7d: neg eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fde000, 0x1000, 'rwx')
mem[0xf7fdea7d] = '\xf7'
mem[0xf7fdea7e] = '\xd8'
cpu.EIP = 0xf7fdea7d
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x1)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fdea7d, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdea7e, 8)== ord('\xd8'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fdea7f)
condition = Operators.AND(condition, cpu.EAX == 0xffffffff)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NEG_12_symbolic(self):
''' Instruction NEG_12
Groups:
0xf7fe270f: neg eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe2000, 0x1000, 'rwx')
mem[0xf7fe2710] = '\xd8'
mem[0xf7fe270f] = '\xf7'
cpu.EIP = 0xf7fe270f
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x6ffffef5)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe2710, 8)== ord('\xd8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe270f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe2711)
condition = Operators.AND(condition, cpu.EAX == 0x9000010b)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NEG_13_symbolic(self):
''' Instruction NEG_13
Groups:
0x8065f5e: neg dword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x8065f60] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x47)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x1f)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x85)
mem[addr] = value
mem[0x8065f5e] = '\xf7'
mem[0x8065f5f] = ']'
cpu.EIP = 0x8065f5e
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8065f60, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\xb9'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\xe0'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('z'))
condition = Operators.AND(condition, cpu.read_int(0x8065f5e, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0x8065f5f, 8)== ord(']'))
condition = Operators.AND(condition, cpu.EIP == 0x8065f61)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NEG_14_symbolic(self):
''' Instruction NEG_14
Groups:
0xf7fe20a7: neg edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe2000, 0x1000, 'rwx')
mem[0xf7fe20a8] = '\xda'
mem[0xf7fe20a7] = '\xf7'
cpu.EIP = 0xf7fe20a7
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x1000)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe20a8, 8)== ord('\xda'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe20a7, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe20a9)
condition = Operators.AND(condition, cpu.EDX == 0xfffff000)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NEG_15_symbolic(self):
''' Instruction NEG_15
Groups:
0xf7fe230f: neg esi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe2000, 0x1000, 'rwx')
mem[0xf7fe2310] = '\xde'
mem[0xf7fe230f] = '\xf7'
cpu.EIP = 0xf7fe230f
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0x1000)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe2310, 8)== ord('\xde'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe230f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe2311)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.ESI == 0xfffff000)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NEG_16_symbolic(self):
''' Instruction NEG_16
Groups:
0xf7ff06a5: neg eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff06a5] = '\xf7'
mem[0xf7ff06a6] = '\xd8'
cpu.EIP = 0xf7ff06a5
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff06a5, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff06a6, 8)== ord('\xd8'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff06a7)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NEG_17_symbolic(self):
''' Instruction NEG_17
Groups:
0xf7ff1640: neg edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem[0xf7ff1640] = '\xf7'
mem[0xf7ff1641] = '\xda'
cpu.EIP = 0xf7ff1640
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x1000)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff1640, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff1641, 8)== ord('\xda'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff1642)
condition = Operators.AND(condition, cpu.EDX == 0xfffff000)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NEG_18_symbolic(self):
''' Instruction NEG_18
Groups:
0xf7ff1591: neg eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem[0xf7ff1591] = '\xf7'
mem[0xf7ff1592] = '\xd8'
cpu.EIP = 0xf7ff1591
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x8)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff1591, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff1592, 8)== ord('\xd8'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff1593)
condition = Operators.AND(condition, cpu.EAX == 0xfffffff8)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NEG_19_symbolic(self):
''' Instruction NEG_19
Groups:
0xf7ff1591: neg eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem[0xf7ff1591] = '\xf7'
mem[0xf7ff1592] = '\xd8'
cpu.EIP = 0xf7ff1591
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x8)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff1591, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff1592, 8)== ord('\xd8'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff1593)
condition = Operators.AND(condition, cpu.EAX == 0xfffffff8)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NEG_2_symbolic(self):
''' Instruction NEG_2
Groups:
0xf7ff1591: neg eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem[0xf7ff1591] = '\xf7'
mem[0xf7ff1592] = '\xd8'
cpu.EIP = 0xf7ff1591
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x8)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff1591, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff1592, 8)== ord('\xd8'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff1593)
condition = Operators.AND(condition, cpu.EAX == 0xfffffff8)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NEG_20_symbolic(self):
''' Instruction NEG_20
Groups:
0xf7fed337: neg eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fed000, 0x1000, 'rwx')
mem[0xf7fed338] = '\xd8'
mem[0xf7fed337] = '\xf7'
cpu.EIP = 0xf7fed337
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fed338, 8)== ord('\xd8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed337, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fed339)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NEG_21_symbolic(self):
''' Instruction NEG_21
Groups:
0xf7ff15a4: neg edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem[0xf7ff15a4] = '\xf7'
mem[0xf7ff15a5] = '\xda'
cpu.EIP = 0xf7ff15a4
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7fdaad0)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff15a4, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff15a5, 8)== ord('\xda'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff15a6)
condition = Operators.AND(condition, cpu.EDX == 0x8025530)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NEG_3_symbolic(self):
''' Instruction NEG_3
Groups:
0xf7ff1591: neg eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem[0xf7ff1591] = '\xf7'
mem[0xf7ff1592] = '\xd8'
cpu.EIP = 0xf7ff1591
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x40)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff1591, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff1592, 8)== ord('\xd8'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff1593)
condition = Operators.AND(condition, cpu.EAX == 0xffffffc0)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NEG_4_symbolic(self):
''' Instruction NEG_4
Groups:
0xf7fe6b73: neg edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe6b73] = '\xf7'
mem[0xf7fe6b74] = '\xda'
cpu.EIP = 0xf7fe6b73
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x1000)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe6b73, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe6b74, 8)== ord('\xda'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe6b75)
condition = Operators.AND(condition, cpu.EDX == 0xfffff000)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NEG_5_symbolic(self):
''' Instruction NEG_5
Groups:
0xf7fe20a7: neg edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe2000, 0x1000, 'rwx')
mem[0xf7fe20a8] = '\xda'
mem[0xf7fe20a7] = '\xf7'
cpu.EIP = 0xf7fe20a7
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x1000)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe20a8, 8)== ord('\xda'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe20a7, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe20a9)
condition = Operators.AND(condition, cpu.EDX == 0xfffff000)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NEG_6_symbolic(self):
''' Instruction NEG_6
Groups:
0xf7ff1591: neg eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem[0xf7ff1591] = '\xf7'
mem[0xf7ff1592] = '\xd8'
cpu.EIP = 0xf7ff1591
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x8)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff1591, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff1592, 8)== ord('\xd8'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff1593)
condition = Operators.AND(condition, cpu.EAX == 0xfffffff8)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NEG_7_symbolic(self):
''' Instruction NEG_7
Groups:
0xf7ff15a4: neg edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem[0xf7ff15a4] = '\xf7'
mem[0xf7ff15a5] = '\xda'
cpu.EIP = 0xf7ff15a4
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7e14240)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff15a4, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff15a5, 8)== ord('\xda'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff15a6)
condition = Operators.AND(condition, cpu.EDX == 0x81ebdc0)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NEG_8_symbolic(self):
''' Instruction NEG_8
Groups:
0xf7ff15a4: neg edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem[0xf7ff15a4] = '\xf7'
mem[0xf7ff15a5] = '\xda'
cpu.EIP = 0xf7ff15a4
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7fdab08)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff15a4, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff15a5, 8)== ord('\xda'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff15a6)
condition = Operators.AND(condition, cpu.EDX == 0x80254f8)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NEG_9_symbolic(self):
''' Instruction NEG_9
Groups:
0xf7ff15a4: neg edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem[0xf7ff15a4] = '\xf7'
mem[0xf7ff15a5] = '\xda'
cpu.EIP = 0xf7ff15a4
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7fda858)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff15a4, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff15a5, 8)== ord('\xda'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff15a6)
condition = Operators.AND(condition, cpu.EDX == 0x80257a8)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NOT_1_symbolic(self):
''' Instruction NOT_1
Groups:
0x8065e96: not dword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0xef)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
mem[0x8065e96] = '\xf7'
mem[0x8065e97] = 'U'
mem[0x8065e98] = '\x00'
cpu.EIP = 0x8065e96
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x10'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8065e96, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0x8065e97, 8)== ord('U'))
condition = Operators.AND(condition, cpu.read_int(0x8065e98, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8065e99)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NOT_10_symbolic(self):
''' Instruction NOT_10
Groups:
0x8065e87: not cx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem[0x8065e88] = '\xf7'
mem[0x8065e89] = '\xd1'
mem[0x8065e87] = 'f'
cpu.EIP = 0x8065e87
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0xff00)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8065e88, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0x8065e89, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.read_int(0x8065e87, 8)== ord('f'))
condition = Operators.AND(condition, cpu.EIP == 0x8065e8a)
condition = Operators.AND(condition, cpu.CX == 0xff)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NOT_11_symbolic(self):
''' Instruction NOT_11
Groups:
0x8065e93: not dword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x10)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8065e93] = '\xf7'
mem[0x8065e94] = 'U'
mem[0x8065e95] = '\x00'
cpu.EIP = 0x8065e93
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\xef'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0x8065e93, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0x8065e94, 8)== ord('U'))
condition = Operators.AND(condition, cpu.read_int(0x8065e95, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8065e96)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NOT_12_symbolic(self):
''' Instruction NOT_12
Groups:
0xf7fe685e: not ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe685e] = '\xf7'
mem[0xf7fe685f] = '\xd1'
cpu.EIP = 0xf7fe685e
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xffffffff)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe685e, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe685f, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe6860)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NOT_13_symbolic(self):
''' Instruction NOT_13
Groups:
0x8065e8a: not ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem[0x8065e8a] = '\xf7'
mem[0x8065e8b] = '\xd1'
cpu.EIP = 0x8065e8a
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x7fff00ff)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8065e8a, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0x8065e8b, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.EIP == 0x8065e8c)
condition = Operators.AND(condition, cpu.ECX == 0x8000ff00)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NOT_14_symbolic(self):
''' Instruction NOT_14
Groups:
0x8065e85: not cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem[0x8065e85] = '\xf6'
mem[0x8065e86] = '\xd1'
cpu.EIP = 0x8065e85
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0xff)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8065e85, 8)== ord('\xf6'))
condition = Operators.AND(condition, cpu.read_int(0x8065e86, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.EIP == 0x8065e87)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NOT_15_symbolic(self):
''' Instruction NOT_15
Groups:
0xf7fdd6c3: not eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fdd000, 0x1000, 'rwx')
mem[0xf7fdd6c3] = '\xf7'
mem[0xf7fdd6c4] = '\xd0'
cpu.EIP = 0xf7fdd6c3
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xffffffff)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fdd6c3, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdd6c4, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fdd6c5)
condition = Operators.AND(condition, cpu.EAX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NOT_2_symbolic(self):
''' Instruction NOT_2
Groups:
0x8065e8f: not word ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0xef)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8065e8f] = 'f'
mem[0x8065e90] = '\xf7'
mem[0x8065e91] = 'U'
mem[0x8065e92] = '\x00'
cpu.EIP = 0x8065e8f
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x10'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0x8065e8f, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8065e90, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0x8065e91, 8)== ord('U'))
condition = Operators.AND(condition, cpu.read_int(0x8065e92, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8065e93)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NOT_3_symbolic(self):
''' Instruction NOT_3
Groups:
0xf7fe685e: not ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe685e] = '\xf7'
mem[0xf7fe685f] = '\xd1'
cpu.EIP = 0xf7fe685e
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe685e, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe685f, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe6860)
condition = Operators.AND(condition, cpu.ECX == 0xffffffff)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NOT_4_symbolic(self):
''' Instruction NOT_4
Groups:
0xf7e2e8fb: not eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e2e000, 0x1000, 'rwx')
mem[0xf7e2e8fb] = '\xf7'
mem[0xf7e2e8fc] = '\xd0'
cpu.EIP = 0xf7e2e8fb
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xffffffe0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e2e8fb, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7e2e8fc, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7e2e8fd)
condition = Operators.AND(condition, cpu.EAX == 0x1f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NOT_5_symbolic(self):
''' Instruction NOT_5
Groups:
0xf7fe25d1: not eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe2000, 0x1000, 'rwx')
mem[0xf7fe25d1] = '\xf7'
mem[0xf7fe25d2] = '\xd0'
cpu.EIP = 0xf7fe25d1
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x6)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe25d1, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe25d2, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe25d3)
condition = Operators.AND(condition, cpu.EAX == 0xfffffff9)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NOT_6_symbolic(self):
''' Instruction NOT_6
Groups:
0x8065e8c: not byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x10)
mem[addr] = value
mem[0x8065e8c] = '\xf6'
mem[0x8065e8d] = 'U'
mem[0x8065e8e] = '\x00'
cpu.EIP = 0x8065e8c
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\xef'))
condition = Operators.AND(condition, cpu.read_int(0x8065e8c, 8)== ord('\xf6'))
condition = Operators.AND(condition, cpu.read_int(0x8065e8d, 8)== ord('U'))
condition = Operators.AND(condition, cpu.read_int(0x8065e8e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8065e8f)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NOT_7_symbolic(self):
''' Instruction NOT_7
Groups:
0xf7fe685e: not ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe685e] = '\xf7'
mem[0xf7fe685f] = '\xd1'
cpu.EIP = 0xf7fe685e
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xffffffff)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe685e, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe685f, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe6860)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NOT_8_symbolic(self):
''' Instruction NOT_8
Groups:
0xf7ff0b0e: not edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff0b0e] = '\xf7'
mem[0xf7ff0b0f] = '\xd2'
cpu.EIP = 0xf7ff0b0e
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x800f0000)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff0b0e, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0b0f, 8)== ord('\xd2'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff0b10)
condition = Operators.AND(condition, cpu.EDX == 0x7ff0ffff)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_NOT_9_symbolic(self):
''' Instruction NOT_9
Groups:
0xf7ff0b1f: not edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff0b20] = '\xd2'
mem[0xf7ff0b1f] = '\xf7'
cpu.EIP = 0xf7ff0b1f
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x4008000)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff0b20, 8)== ord('\xd2'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0b1f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff0b21)
condition = Operators.AND(condition, cpu.EDX == 0xfbff7fff)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_OR_1_symbolic(self):
''' Instruction OR_1
Groups:
0x8052945: or ecx, 0x3130313
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08052000, 0x1000, 'rwx')
mem[0x8052945] = '\x81'
mem[0x8052946] = '\xc9'
mem[0x8052947] = '\x13'
mem[0x8052948] = '\x03'
mem[0x8052949] = '\x13'
mem[0x805294a] = '\x03'
cpu.EIP = 0x8052945
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x3130313)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8052945, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0x8052946, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0x8052947, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x8052948, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x8052949, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x805294a, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x805294b)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ECX == 0x3130313)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_OR_10_symbolic(self):
''' Instruction OR_10
Groups:
0x804fbfd: or ecx, 0x3130313
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804f000, 0x1000, 'rwx')
mem[0x804fc00] = '\x03'
mem[0x804fc01] = '\x13'
mem[0x804fc02] = '\x03'
mem[0x804fbfd] = '\x81'
mem[0x804fbfe] = '\xc9'
mem[0x804fbff] = '\x13'
cpu.EIP = 0x804fbfd
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x3130313)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804fc00, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x804fc01, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x804fc02, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x804fbfd, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0x804fbfe, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0x804fbff, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.EIP == 0x804fc03)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ECX == 0x3130313)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_OR_11_symbolic(self):
''' Instruction OR_11
Groups:
0x804f135: or ecx, 0x3130313
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804f000, 0x1000, 'rwx')
mem[0x804f135] = '\x81'
mem[0x804f136] = '\xc9'
mem[0x804f137] = '\x13'
mem[0x804f138] = '\x03'
mem[0x804f139] = '\x13'
mem[0x804f13a] = '\x03'
cpu.EIP = 0x804f135
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x3130313)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804f135, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0x804f136, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0x804f137, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x804f138, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x804f139, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x804f13a, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x804f13b)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ECX == 0x3130313)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_OR_12_symbolic(self):
''' Instruction OR_12
Groups:
0xf7fe99e4: or edx, dword ptr [ebp - 0x24]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe99e4] = '\x0b'
mem[0xf7fe99e5] = 'U'
mem[0xf7fe99e6] = '\xdc'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd474)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd475)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd476)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd477)
value = cs.new_bitvec(8)
cs.add(value == 0x4)
mem[addr] = value
cpu.EIP = 0xf7fe99e4
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd498)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe99e4, 8)== ord('\x0b'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe99e5, 8)== ord('U'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe99e6, 8)== ord('\xdc'))
condition = Operators.AND(condition, cpu.read_int(0xffffd474, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd475, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd476, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd477, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe99e7)
condition = Operators.AND(condition, cpu.EDX == 0x4000000)
condition = Operators.AND(condition, cpu.EBP == 0xffffd498)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_OR_13_symbolic(self):
''' Instruction OR_13
Groups:
0x8072245: or ecx, 0x3130313
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08072000, 0x1000, 'rwx')
mem[0x8072245] = '\x81'
mem[0x8072246] = '\xc9'
mem[0x8072247] = '\x13'
mem[0x8072248] = '\x03'
mem[0x8072249] = '\x13'
mem[0x807224a] = '\x03'
cpu.EIP = 0x8072245
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xff1f731f)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8072245, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0x8072246, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0x8072247, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x8072248, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x8072249, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x807224a, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807224b)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == True)
condition = Operators.AND(condition, cpu.ECX == 0xff1f731f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_OR_14_symbolic(self):
''' Instruction OR_14
Groups:
0x8053286: or ecx, 0x3130313
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08053000, 0x1000, 'rwx')
mem[0x8053286] = '\x81'
mem[0x8053287] = '\xc9'
mem[0x8053288] = '\x13'
mem[0x8053289] = '\x03'
mem[0x805328a] = '\x13'
mem[0x805328b] = '\x03'
cpu.EIP = 0x8053286
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x3130313)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8053286, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0x8053287, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0x8053288, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x8053289, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x805328a, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x805328b, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x805328c)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ECX == 0x3130313)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_OR_15_symbolic(self):
''' Instruction OR_15
Groups:
0x80556bb: or ecx, 0x3130313
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08055000, 0x1000, 'rwx')
mem[0x80556c0] = '\x03'
mem[0x80556bb] = '\x81'
mem[0x80556bc] = '\xc9'
mem[0x80556bd] = '\x13'
mem[0x80556be] = '\x03'
mem[0x80556bf] = '\x13'
cpu.EIP = 0x80556bb
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x3130313)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80556c0, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x80556bb, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0x80556bc, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0x80556bd, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x80556be, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x80556bf, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.EIP == 0x80556c1)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ECX == 0x3130313)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_OR_16_symbolic(self):
''' Instruction OR_16
Groups:
0x8052c25: or ecx, 0x3130313
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08052000, 0x1000, 'rwx')
mem[0x8052c25] = '\x81'
mem[0x8052c26] = '\xc9'
mem[0x8052c27] = '\x13'
mem[0x8052c28] = '\x03'
mem[0x8052c29] = '\x13'
mem[0x8052c2a] = '\x03'
cpu.EIP = 0x8052c25
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x3130313)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8052c25, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0x8052c26, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0x8052c27, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x8052c28, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x8052c29, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x8052c2a, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8052c2b)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ECX == 0x3130313)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_OR_17_symbolic(self):
''' Instruction OR_17
Groups:
0x80557fd: or ecx, 0x3130313
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08055000, 0x1000, 'rwx')
mem[0x8055800] = '\x03'
mem[0x8055801] = '\x13'
mem[0x8055802] = '\x03'
mem[0x80557fd] = '\x81'
mem[0x80557fe] = '\xc9'
mem[0x80557ff] = '\x13'
cpu.EIP = 0x80557fd
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x3130313)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8055800, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x8055801, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x8055802, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x80557fd, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0x80557fe, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0x80557ff, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.EIP == 0x8055803)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ECX == 0x3130313)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_OR_18_symbolic(self):
''' Instruction OR_18
Groups:
0x80539e4: or ecx, 0x3130313
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08053000, 0x1000, 'rwx')
mem[0x80539e4] = '\x81'
mem[0x80539e5] = '\xc9'
mem[0x80539e6] = '\x13'
mem[0x80539e7] = '\x03'
mem[0x80539e8] = '\x13'
mem[0x80539e9] = '\x03'
cpu.EIP = 0x80539e4
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x3130313)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80539e4, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0x80539e5, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0x80539e6, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x80539e7, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x80539e8, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x80539e9, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x80539ea)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ECX == 0x3130313)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_OR_19_symbolic(self):
''' Instruction OR_19
Groups:
0x8073cc6: or ecx, 0x3130313
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08073000, 0x1000, 'rwx')
mem[0x8073cc6] = '\x81'
mem[0x8073cc7] = '\xc9'
mem[0x8073cc8] = '\x13'
mem[0x8073cc9] = '\x03'
mem[0x8073cca] = '\x13'
mem[0x8073ccb] = '\x03'
cpu.EIP = 0x8073cc6
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xff1f731f)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8073cc6, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0x8073cc7, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0x8073cc8, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x8073cc9, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x8073cca, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x8073ccb, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8073ccc)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == True)
condition = Operators.AND(condition, cpu.ECX == 0xff1f731f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_OR_2_symbolic(self):
''' Instruction OR_2
Groups:
0x8072ec2: or ecx, 0x3130313
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08072000, 0x1000, 'rwx')
mem[0x8072ec2] = '\x81'
mem[0x8072ec3] = '\xc9'
mem[0x8072ec4] = '\x13'
mem[0x8072ec5] = '\x03'
mem[0x8072ec6] = '\x13'
mem[0x8072ec7] = '\x03'
cpu.EIP = 0x8072ec2
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xff1f731f)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8072ec2, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0x8072ec3, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0x8072ec4, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x8072ec5, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x8072ec6, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x8072ec7, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8072ec8)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == True)
condition = Operators.AND(condition, cpu.ECX == 0xff1f731f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_OR_20_symbolic(self):
''' Instruction OR_20
Groups:
0x8051ddc: or ecx, 0x3130313
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08051000, 0x1000, 'rwx')
mem[0x8051de0] = '\x13'
mem[0x8051de1] = '\x03'
mem[0x8051ddc] = '\x81'
mem[0x8051ddd] = '\xc9'
mem[0x8051dde] = '\x13'
mem[0x8051ddf] = '\x03'
cpu.EIP = 0x8051ddc
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x3130313)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8051de0, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x8051de1, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x8051ddc, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0x8051ddd, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0x8051dde, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x8051ddf, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8051de2)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ECX == 0x3130313)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_OR_21_symbolic(self):
''' Instruction OR_21
Groups:
0x807523f: or ecx, 0x3130313
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08075000, 0x1000, 'rwx')
mem[0x8075240] = '\xc9'
mem[0x8075241] = '\x13'
mem[0x8075242] = '\x03'
mem[0x8075243] = '\x13'
mem[0x8075244] = '\x03'
mem[0x807523f] = '\x81'
cpu.EIP = 0x807523f
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xff1f731f)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8075240, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0x8075241, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x8075242, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x8075243, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x8075244, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x807523f, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.EIP == 0x8075245)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == True)
condition = Operators.AND(condition, cpu.ECX == 0xff1f731f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_OR_3_symbolic(self):
''' Instruction OR_3
Groups:
0x804dfc7: or ecx, 0x3130313
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x804dfc7] = '\x81'
mem[0x804dfc8] = '\xc9'
mem[0x804dfc9] = '\x13'
mem[0x804dfca] = '\x03'
mem[0x804dfcb] = '\x13'
mem[0x804dfcc] = '\x03'
cpu.EIP = 0x804dfc7
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x3130313)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804dfc7, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0x804dfc8, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0x804dfc9, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x804dfca, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x804dfcb, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x804dfcc, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x804dfcd)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ECX == 0x3130313)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_OR_4_symbolic(self):
''' Instruction OR_4
Groups:
0x80755c0: or ecx, 0x3130313
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08075000, 0x1000, 'rwx')
mem[0x80755c0] = '\x81'
mem[0x80755c1] = '\xc9'
mem[0x80755c2] = '\x13'
mem[0x80755c3] = '\x03'
mem[0x80755c4] = '\x13'
mem[0x80755c5] = '\x03'
cpu.EIP = 0x80755c0
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xff1f731f)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80755c0, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0x80755c1, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0x80755c2, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x80755c3, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x80755c4, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x80755c5, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x80755c6)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == True)
condition = Operators.AND(condition, cpu.ECX == 0xff1f731f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_OR_5_symbolic(self):
''' Instruction OR_5
Groups:
0x8072273: or ecx, 0x3130313
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08072000, 0x1000, 'rwx')
mem[0x8072273] = '\x81'
mem[0x8072274] = '\xc9'
mem[0x8072275] = '\x13'
mem[0x8072276] = '\x03'
mem[0x8072277] = '\x13'
mem[0x8072278] = '\x03'
cpu.EIP = 0x8072273
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xff1f731f)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8072273, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0x8072274, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0x8072275, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x8072276, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x8072277, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x8072278, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x8072279)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == True)
condition = Operators.AND(condition, cpu.ECX == 0xff1f731f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_OR_6_symbolic(self):
''' Instruction OR_6
Groups:
0x804f796: or ecx, 0x3130313
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804f000, 0x1000, 'rwx')
mem[0x804f796] = '\x81'
mem[0x804f797] = '\xc9'
mem[0x804f798] = '\x13'
mem[0x804f799] = '\x03'
mem[0x804f79a] = '\x13'
mem[0x804f79b] = '\x03'
cpu.EIP = 0x804f796
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x3130313)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804f796, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0x804f797, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0x804f798, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x804f799, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x804f79a, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x804f79b, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x804f79c)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ECX == 0x3130313)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_OR_7_symbolic(self):
''' Instruction OR_7
Groups:
0xf7fe7283: or eax, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7283] = '\t'
mem[0xf7fe7284] = '\xc8'
cpu.EIP = 0xf7fe7283
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xffffff00)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf7e1dd00)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7283, 8)== ord('\t'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7284, 8)== ord('\xc8'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7285)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EAX == 0xffffff00)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.ECX == 0xf7e1dd00)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_OR_8_symbolic(self):
''' Instruction OR_8
Groups:
0x80713ce: or ecx, 0x3130313
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08071000, 0x1000, 'rwx')
mem[0x80713ce] = '\x81'
mem[0x80713cf] = '\xc9'
mem[0x80713d0] = '\x13'
mem[0x80713d1] = '\x03'
mem[0x80713d2] = '\x13'
mem[0x80713d3] = '\x03'
cpu.EIP = 0x80713ce
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xff1f731f)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80713ce, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0x80713cf, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0x80713d0, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x80713d1, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x80713d2, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x80713d3, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x80713d4)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == True)
condition = Operators.AND(condition, cpu.ECX == 0xff1f731f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_OR_9_symbolic(self):
''' Instruction OR_9
Groups:
0x8078547: or ecx, 0x3130313
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08078000, 0x1000, 'rwx')
mem[0x8078547] = '\x81'
mem[0x8078548] = '\xc9'
mem[0x8078549] = '\x13'
mem[0x807854a] = '\x03'
mem[0x807854b] = '\x13'
mem[0x807854c] = '\x03'
cpu.EIP = 0x8078547
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xff1f731f)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8078547, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0x8078548, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0x8078549, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x807854a, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x807854b, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0x807854c, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0x807854d)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == True)
condition = Operators.AND(condition, cpu.ECX == 0xff1f731f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PALIGNR_1_symbolic(self):
''' Instruction PALIGNR_1
Groups: ssse3
0x8059a25: palignr xmm0, xmm1, 2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x8059a25] = 'f'
mem[0x8059a26] = '\x0f'
mem[0x8059a27] = ':'
mem[0x8059a28] = '\x0f'
mem[0x8059a29] = '\xc1'
mem[0x8059a2a] = '\x02'
cpu.EIP = 0x8059a25
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8059a25, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8059a26, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8059a27, 8)== ord(':'))
condition = Operators.AND(condition, cpu.read_int(0x8059a28, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8059a29, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x8059a2a, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0x8059a2b)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PALIGNR_2_symbolic(self):
''' Instruction PALIGNR_2
Groups: ssse3
0x8059a2b: palignr xmm0, xmmword ptr [ebp], 2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x3e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x30)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x1e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb608)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb609)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8059a2b] = 'f'
mem[0x8059a2c] = '\x0f'
mem[0x8059a2d] = ':'
mem[0x8059a2e] = '\x0f'
mem[0x8059a2f] = 'E'
mem[0x8059a30] = '\x00'
mem[0x8059a31] = '\x02'
cpu.EIP = 0x8059a2b
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('>'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('0'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x1e'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb608, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb609, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8059a2b, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8059a2c, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8059a2d, 8)== ord(':'))
condition = Operators.AND(condition, cpu.read_int(0x8059a2e, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8059a2f, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x8059a30, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8059a31, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0x8059a32)
condition = Operators.AND(condition, cpu.XMM0 == 0x1e00)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PAND_1_symbolic(self):
''' Instruction PAND_1
Groups: sse2
0x8079492: pand xmm0, xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079492] = 'f'
mem[0x8079493] = '\x0f'
mem[0x8079494] = '\xdb'
mem[0x8079495] = '\xc1'
cpu.EIP = 0x8079492
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079492, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8079493, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8079494, 8)== ord('\xdb'))
condition = Operators.AND(condition, cpu.read_int(0x8079495, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x8079496)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PAND_2_symbolic(self):
''' Instruction PAND_2
Groups: sse2
0x8079496: pand xmm0, xmmword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x7f)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x3)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb608)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb609)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8079496] = 'f'
mem[0x8079497] = '\x0f'
mem[0x8079498] = '\xdb'
mem[0x8079499] = 'E'
mem[0x807949a] = '\x00'
cpu.EIP = 0x8079496
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x7f'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb608, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb609, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8079496, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8079497, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8079498, 8)== ord('\xdb'))
condition = Operators.AND(condition, cpu.read_int(0x8079499, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x807949a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x807949b)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PAUSE_1_symbolic(self):
''' Instruction PAUSE_1
Groups: sse2
0x8059855: pause
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x8059855] = '\xf3'
mem[0x8059856] = '\x90'
cpu.EIP = 0x8059855
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8059855, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0x8059856, 8)== ord('\x90'))
condition = Operators.AND(condition, cpu.EIP == 0x8059857)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PCMPEQB_1_symbolic(self):
''' Instruction PCMPEQB_1
Groups: sse2
0x80565cb: pcmpeqb xmm0, xmmword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08056000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x37)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb608)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb609)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x80565cb] = 'f'
mem[0x80565cc] = '\x0f'
mem[0x80565cd] = 't'
mem[0x80565ce] = 'E'
mem[0x80565cf] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0x80565cb
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0xffffffffffffffffffffffffffffffff)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('7'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb608, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb609, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x80565cb, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x80565cc, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80565cd, 8)== ord('t'))
condition = Operators.AND(condition, cpu.read_int(0x80565ce, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x80565cf, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x80565d0)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PCMPEQB_2_symbolic(self):
''' Instruction PCMPEQB_2
Groups: sse2
0x80565c7: pcmpeqb xmm0, xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08056000, 0x1000, 'rwx')
mem[0x80565c8] = '\x0f'
mem[0x80565c9] = 't'
mem[0x80565ca] = '\xc1'
mem[0x80565c7] = 'f'
cpu.EIP = 0x80565c7
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80565c8, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80565c9, 8)== ord('t'))
condition = Operators.AND(condition, cpu.read_int(0x80565ca, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x80565c7, 8)== ord('f'))
condition = Operators.AND(condition, cpu.EIP == 0x80565cb)
condition = Operators.AND(condition, cpu.XMM0 == 0xffffffffffffffffffffffffffffffff)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PEXTRW_1_symbolic(self):
''' Instruction PEXTRW_1
Groups: sse2
0x80599cf: pextrw ecx, xmm1, 2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x80599d0] = '\x0f'
mem[0x80599d1] = '\xc5'
mem[0x80599d2] = '\xc9'
mem[0x80599d3] = '\x02'
mem[0x80599cf] = 'f'
cpu.EIP = 0x80599cf
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xff0d9f31)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80599d0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80599d1, 8)== ord('\xc5'))
condition = Operators.AND(condition, cpu.read_int(0x80599d2, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0x80599d3, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.read_int(0x80599cf, 8)== ord('f'))
condition = Operators.AND(condition, cpu.EIP == 0x80599d4)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PEXTRW_2_symbolic(self):
''' Instruction PEXTRW_2
Groups: sse41
0x80599d4: pextrw word ptr [ebp], xmm1, 2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0xfb)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0xb4)
mem[addr] = value
mem[0x80599d4] = 'f'
mem[0x80599d5] = '\x0f'
mem[0x80599d6] = ':'
mem[0x80599d7] = '\x15'
mem[0x80599d8] = 'M'
mem[0x80599d9] = '\x00'
mem[0x80599da] = '\x02'
cpu.EIP = 0x80599d4
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x80599d4, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x80599d5, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80599d6, 8)== ord(':'))
condition = Operators.AND(condition, cpu.read_int(0x80599d7, 8)== ord('\x15'))
condition = Operators.AND(condition, cpu.read_int(0x80599d8, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x80599d9, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x80599da, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0x80599db)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PINSRW_1_symbolic(self):
''' Instruction PINSRW_1
Groups: sse2
0x805ba73: pinsrw xmm0, edx, 2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x805ba73] = 'f'
mem[0x805ba74] = '\x0f'
mem[0x805ba75] = '\xc4'
mem[0x805ba76] = '\xc2'
mem[0x805ba77] = '\x02'
cpu.EIP = 0x805ba73
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x1)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x3ec)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805ba73, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x805ba74, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x805ba75, 8)== ord('\xc4'))
condition = Operators.AND(condition, cpu.read_int(0x805ba76, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.read_int(0x805ba77, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0x805ba78)
condition = Operators.AND(condition, cpu.XMM0 == 0x3ec00000001)
condition = Operators.AND(condition, cpu.EDX == 0x3ec)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PINSRW_2_symbolic(self):
''' Instruction PINSRW_2
Groups: sse2
0x805ba78: pinsrw xmm0, word ptr [ebp], 2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x805ba78] = 'f'
mem[0x805ba79] = '\x0f'
mem[0x805ba7a] = '\xc4'
mem[0x805ba7b] = 'E'
mem[0x805ba7c] = '\x00'
mem[0x805ba7d] = '\x02'
cpu.EIP = 0x805ba78
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x3ec00000001)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805ba78, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x805ba79, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x805ba7a, 8)== ord('\xc4'))
condition = Operators.AND(condition, cpu.read_int(0x805ba7b, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x805ba7c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805ba7d, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0x805ba7e)
condition = Operators.AND(condition, cpu.XMM0 == 0x1)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PMINUB_1_symbolic(self):
''' Instruction PMINUB_1
Groups: sse2
0x8065f88: pminub xmm0, xmmword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x85)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x1f)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8065f88] = 'f'
mem[0x8065f89] = '\x0f'
mem[0x8065f8a] = '\xda'
mem[0x8065f8b] = 'E'
mem[0x8065f8c] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb608)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb609)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0x8065f88
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x85'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x1f'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8065f88, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8065f89, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8065f8a, 8)== ord('\xda'))
condition = Operators.AND(condition, cpu.read_int(0x8065f8b, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x8065f8c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb608, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb609, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8065f8d)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PMINUB_2_symbolic(self):
''' Instruction PMINUB_2
Groups: sse2
0x8065f84: pminub xmm0, xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem[0x8065f84] = 'f'
mem[0x8065f85] = '\x0f'
mem[0x8065f86] = '\xda'
mem[0x8065f87] = '\xc1'
cpu.EIP = 0x8065f84
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x8000800080000000)
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8065f84, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8065f85, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8065f86, 8)== ord('\xda'))
condition = Operators.AND(condition, cpu.read_int(0x8065f87, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x8065f88)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PMOVMSKB_1_symbolic(self):
''' Instruction PMOVMSKB_1
Groups: sse2
0x804d5b5: pmovmskb ecx, xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x804d5b8] = '\xc9'
mem[0x804d5b5] = 'f'
mem[0x804d5b6] = '\x0f'
mem[0x804d5b7] = '\xd7'
cpu.EIP = 0x804d5b5
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804d5b8, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0x804d5b5, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x804d5b6, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d5b7, 8)== ord('\xd7'))
condition = Operators.AND(condition, cpu.EIP == 0x804d5b9)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_POPCNT_1_symbolic(self):
''' Instruction POPCNT_1
Groups:
0x804d545: popcnt ecx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x804d548] = '\xca'
mem[0x804d545] = '\xf3'
mem[0x804d546] = '\x0f'
mem[0x804d547] = '\xb8'
cpu.EIP = 0x804d545
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf0)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804d548, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.read_int(0x804d545, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0x804d546, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d547, 8)== ord('\xb8'))
condition = Operators.AND(condition, cpu.EIP == 0x804d549)
condition = Operators.AND(condition, cpu.EDX == 0xf0)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.ECX == 0x4)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_POPCNT_2_symbolic(self):
''' Instruction POPCNT_2
Groups:
0x804d53a: popcnt cx, dx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x804d53a] = 'f'
mem[0x804d53b] = '\xf3'
mem[0x804d53c] = '\x0f'
mem[0x804d53d] = '\xb8'
mem[0x804d53e] = '\xca'
cpu.EIP = 0x804d53a
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x0)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.DX = cs.new_bitvec(16)
cs.add(cpu.DX == 0xf0)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804d53a, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x804d53b, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0x804d53c, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d53d, 8)== ord('\xb8'))
condition = Operators.AND(condition, cpu.read_int(0x804d53e, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0x804d53f)
condition = Operators.AND(condition, cpu.CX == 0x4)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.DX == 0xf0)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_POPCNT_3_symbolic(self):
''' Instruction POPCNT_3
Groups:
0x804d549: popcnt ecx, dword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x804d549] = '\xf3'
mem[0x804d54a] = '\x0f'
mem[0x804d54b] = '\xb8'
mem[0x804d54c] = 'M'
mem[0x804d54d] = '\x00'
cpu.EIP = 0x804d549
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x4)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804d549, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0x804d54a, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d54b, 8)== ord('\xb8'))
condition = Operators.AND(condition, cpu.read_int(0x804d54c, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x804d54d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x804d54e)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.ECX == 0x0)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_POPCNT_4_symbolic(self):
''' Instruction POPCNT_4
Groups:
0x804d53f: popcnt cx, word ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x804d540] = '\xf3'
mem[0x804d541] = '\x0f'
mem[0x804d542] = '\xb8'
mem[0x804d543] = 'M'
mem[0x804d544] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x804d53f] = 'f'
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.EIP = 0x804d53f
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x4)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804d540, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0x804d541, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d542, 8)== ord('\xb8'))
condition = Operators.AND(condition, cpu.read_int(0x804d543, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x804d544, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804d53f, 8)== ord('f'))
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.EIP == 0x804d545)
condition = Operators.AND(condition, cpu.CX == 0x0)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_POPFD_1_symbolic(self):
''' Instruction POPFD_1
Groups: not64bitmode
0x804840d: popfd
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem.mmap(0xffffc000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffc600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffc601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffc602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffc603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffc604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffc5ff)
value = cs.new_bitvec(8)
cs.add(value == 0xeb)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffc5fc)
value = cs.new_bitvec(8)
cs.add(value == 0xeb)
mem[addr] = value
mem[0x804840d] = '\x9d'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffc5fe)
value = cs.new_bitvec(8)
cs.add(value == 0x6e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffc5fd)
value = cs.new_bitvec(8)
cs.add(value == 0xb6)
mem[addr] = value
cpu.EIP = 0x804840d
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffc600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffc600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffc601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffc602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffc603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffc604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffc5ff, 8)== ord('\xeb'))
condition = Operators.AND(condition, cpu.read_int(0xffffc5fc, 8)== ord('\xeb'))
condition = Operators.AND(condition, cpu.read_int(0x804840d, 8)== ord('\x9d'))
condition = Operators.AND(condition, cpu.read_int(0xffffc5fe, 8)== ord('n'))
condition = Operators.AND(condition, cpu.read_int(0xffffc5fd, 8)== ord('\xb6'))
condition = Operators.AND(condition, cpu.EIP == 0x804840e)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.ESP == 0xffffc604)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_POPF_1_symbolic(self):
''' Instruction POPF_1
Groups:
0x804840e: popf
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem.mmap(0xffffc000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffc600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffc601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffc602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffc603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffc604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffc605)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffc606)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffc607)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffc608)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x804840e] = 'f'
mem[0x804840f] = '\x9d'
cpu.EIP = 0x804840e
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffc604)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffc600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffc601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffc602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffc603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffc604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffc605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffc606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffc607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffc608, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804840e, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x804840f, 8)== ord('\x9d'))
condition = Operators.AND(condition, cpu.EIP == 0x8048410)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.ESP == 0xffffc606)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_POP_1_symbolic(self):
''' Instruction POP_1
Groups: not64bitmode
0xf7fe4d36: pop ebx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e0)
value = cs.new_bitvec(8)
cs.add(value == 0x60)
mem[addr] = value
mem[0xf7fe4d36] = '['
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2d8)
value = cs.new_bitvec(8)
cs.add(value == 0xef)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2d9)
value = cs.new_bitvec(8)
cs.add(value == 0xab)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2da)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2db)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2dc)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2dd)
value = cs.new_bitvec(8)
cs.add(value == 0xd0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2de)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2df)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe4d36
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xf7fdabf8)
cpu.EBX = cs.new_bitvec(32)
cs.add(cpu.EBX == 0xf7ffd000)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2dc)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd2e0, 8)== ord('`'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4d36, 8)== ord('['))
condition = Operators.AND(condition, cpu.read_int(0xffffd2d8, 8)== ord('\xef'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2d9, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2da, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2db, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2dc, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2dd, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2de, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2df, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4d37)
condition = Operators.AND(condition, cpu.EBP == 0xf7fdabf8)
condition = Operators.AND(condition, cpu.EBX == 0xf7ffd000)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2e0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_POP_10_symbolic(self):
''' Instruction POP_10
Groups: not64bitmode
0xf7ff43d4: pop ebx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd014)
value = cs.new_bitvec(8)
cs.add(value == 0xd2)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd015)
value = cs.new_bitvec(8)
cs.add(value == 0x4e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd016)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd017)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd018)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7ff43d4] = '['
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd01a)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd01b)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd01c)
value = cs.new_bitvec(8)
cs.add(value == 0x2b)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd019)
value = cs.new_bitvec(8)
cs.add(value == 0xd0)
mem[addr] = value
cpu.EIP = 0xf7ff43d4
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd308)
cpu.EBX = cs.new_bitvec(32)
cs.add(cpu.EBX == 0xf7ff4390)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd018)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd014, 8)== ord('\xd2'))
condition = Operators.AND(condition, cpu.read_int(0xffffd015, 8)== ord('N'))
condition = Operators.AND(condition, cpu.read_int(0xffffd016, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xffffd017, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd018, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff43d4, 8)== ord('['))
condition = Operators.AND(condition, cpu.read_int(0xffffd01a, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd01b, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd01c, 8)== ord('+'))
condition = Operators.AND(condition, cpu.read_int(0xffffd019, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff43d5)
condition = Operators.AND(condition, cpu.EBP == 0xffffd308)
condition = Operators.AND(condition, cpu.EBX == 0xf7ffd000)
condition = Operators.AND(condition, cpu.ESP == 0xffffd01c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_POP_11_symbolic(self):
''' Instruction POP_11
Groups: not64bitmode
0xf7fe9129: pop edi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4f0)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4f1)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4f2)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4f3)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4f4)
value = cs.new_bitvec(8)
cs.add(value == 0x38)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4f5)
value = cs.new_bitvec(8)
cs.add(value == 0xd9)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4f6)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4f7)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4f8)
value = cs.new_bitvec(8)
cs.add(value == 0xc8)
mem[addr] = value
mem[0xf7fe9129] = '_'
cpu.EIP = 0xf7fe9129
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xc)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd4f8)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd4f4)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd4f0, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4f1, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4f2, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4f3, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4f4, 8)== ord('8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4f5, 8)== ord('\xd9'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4f6, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4f7, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4f8, 8)== ord('\xc8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9129, 8)== ord('_'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe912a)
condition = Operators.AND(condition, cpu.EDI == 0xf7ffd938)
condition = Operators.AND(condition, cpu.EBP == 0xffffd4f8)
condition = Operators.AND(condition, cpu.ESP == 0xffffd4f8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_POP_12_symbolic(self):
''' Instruction POP_12
Groups: not64bitmode
0xf7fe4d38: pop edi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e0)
value = cs.new_bitvec(8)
cs.add(value == 0xf0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e1)
value = cs.new_bitvec(8)
cs.add(value == 0x7e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e2)
value = cs.new_bitvec(8)
cs.add(value == 0xe1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e3)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e4)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e5)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e6)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e7)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e8)
value = cs.new_bitvec(8)
cs.add(value == 0x18)
mem[addr] = value
mem[0xf7fe4d38] = '_'
cpu.EIP = 0xf7fe4d38
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7e1e4e4)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xf7fdaba8)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2e4)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd2e0, 8)== ord('\xf0'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e1, 8)== ord('~'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e2, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e3, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e4, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e5, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e7, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e8, 8)== ord('\x18'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4d38, 8)== ord('_'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4d39)
condition = Operators.AND(condition, cpu.EDI == 0x1)
condition = Operators.AND(condition, cpu.EBP == 0xf7fdaba8)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2e8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_POP_13_symbolic(self):
''' Instruction POP_13
Groups: not64bitmode
0xf7ff06a2: pop esi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd010)
value = cs.new_bitvec(8)
cs.add(value == 0x22)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd011)
value = cs.new_bitvec(8)
cs.add(value == 0x3)
mem[addr] = value
mem[0xf7ff06a2] = '^'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd013)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd014)
value = cs.new_bitvec(8)
cs.add(value == 0x23)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd012)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd00c)
value = cs.new_bitvec(8)
cs.add(value == 0xe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd00d)
value = cs.new_bitvec(8)
cs.add(value == 0x70)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd00e)
value = cs.new_bitvec(8)
cs.add(value == 0xfd)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd00f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7ff06a2
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0x80481f2)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0x0)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd010)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd010, 8)== ord('"'))
condition = Operators.AND(condition, cpu.read_int(0xffffd011, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff06a2, 8)== ord('^'))
condition = Operators.AND(condition, cpu.read_int(0xffffd013, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd014, 8)== ord('#'))
condition = Operators.AND(condition, cpu.read_int(0xffffd012, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd00c, 8)== ord('\x0e'))
condition = Operators.AND(condition, cpu.read_int(0xffffd00d, 8)== ord('p'))
condition = Operators.AND(condition, cpu.read_int(0xffffd00e, 8)== ord('\xfd'))
condition = Operators.AND(condition, cpu.read_int(0xffffd00f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff06a3)
condition = Operators.AND(condition, cpu.EBP == 0x80481f2)
condition = Operators.AND(condition, cpu.ESI == 0x322)
condition = Operators.AND(condition, cpu.ESP == 0xffffd014)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_POP_14_symbolic(self):
''' Instruction POP_14
Groups: not64bitmode
0xf7feacad: pop ebp
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fea000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4f4)
value = cs.new_bitvec(8)
cs.add(value == 0x5c)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4f5)
value = cs.new_bitvec(8)
cs.add(value == 0xd5)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4f6)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4f7)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4f8)
value = cs.new_bitvec(8)
cs.add(value == 0xc8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4f9)
value = cs.new_bitvec(8)
cs.add(value == 0xd5)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4fa)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4fb)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4fc)
value = cs.new_bitvec(8)
cs.add(value == 0x11)
mem[addr] = value
mem[0xf7feacad] = ']'
cpu.EIP = 0xf7feacad
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xf7fe0740)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd4f8)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd4f4, 8)== ord('\\'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4f5, 8)== ord('\xd5'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4f6, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4f7, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4f8, 8)== ord('\xc8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4f9, 8)== ord('\xd5'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4fa, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4fb, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4fc, 8)== ord('\x11'))
condition = Operators.AND(condition, cpu.read_int(0xf7feacad, 8)== ord(']'))
condition = Operators.AND(condition, cpu.EIP == 0xf7feacae)
condition = Operators.AND(condition, cpu.EBP == 0xffffd5c8)
condition = Operators.AND(condition, cpu.ESP == 0xffffd4fc)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_POP_15_symbolic(self):
''' Instruction POP_15
Groups: not64bitmode
0xf7fe4d37: pop esi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e0)
value = cs.new_bitvec(8)
cs.add(value == 0x8c)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e1)
value = cs.new_bitvec(8)
cs.add(value == 0xc2)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e2)
value = cs.new_bitvec(8)
cs.add(value == 0xfd)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e3)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e4)
value = cs.new_bitvec(8)
cs.add(value == 0x2)
mem[addr] = value
mem[0xf7fe4d37] = '^'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2dc)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2dd)
value = cs.new_bitvec(8)
cs.add(value == 0xd0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2de)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2df)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe4d37
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xf7fdadf8)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xd696910)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2e0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd2e0, 8)== ord('\x8c'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e1, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e2, 8)== ord('\xfd'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e3, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e4, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4d37, 8)== ord('^'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2dc, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2dd, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2de, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2df, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4d38)
condition = Operators.AND(condition, cpu.EBP == 0xf7fdadf8)
condition = Operators.AND(condition, cpu.ESI == 0xf7fdc28c)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2e4)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_POP_16_symbolic(self):
''' Instruction POP_16
Groups: not64bitmode
0xf7febc56: pop esi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7feb000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e0)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e1)
value = cs.new_bitvec(8)
cs.add(value == 0xd0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e2)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e3)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e4)
value = cs.new_bitvec(8)
cs.add(value == 0x60)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e5)
value = cs.new_bitvec(8)
cs.add(value == 0x6a)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e6)
value = cs.new_bitvec(8)
cs.add(value == 0xe1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e7)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e8)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
mem[0xf7febc56] = '^'
cpu.EIP = 0xf7febc56
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xf7fdab18)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0x0)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2e4)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd2e0, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e1, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e2, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e3, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e4, 8)== ord('`'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e5, 8)== ord('j'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e6, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e7, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e8, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xf7febc56, 8)== ord('^'))
condition = Operators.AND(condition, cpu.EIP == 0xf7febc57)
condition = Operators.AND(condition, cpu.EBP == 0xf7fdab18)
condition = Operators.AND(condition, cpu.ESI == 0xf7e16a60)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2e8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_POP_17_symbolic(self):
''' Instruction POP_17
Groups: not64bitmode
0xf7febc56: pop esi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7feb000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f0)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f1)
value = cs.new_bitvec(8)
cs.add(value == 0xd0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f2)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f3)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f4)
value = cs.new_bitvec(8)
cs.add(value == 0x38)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f5)
value = cs.new_bitvec(8)
cs.add(value == 0xd9)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f6)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f7)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f8)
value = cs.new_bitvec(8)
cs.add(value == 0xe9)
mem[addr] = value
mem[0xf7febc56] = '^'
cpu.EIP = 0xf7febc56
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd488)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0x0)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd3f4)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd3f0, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f1, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f2, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f3, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f4, 8)== ord('8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f5, 8)== ord('\xd9'))
condition = Operators.AND(condition, cpu.read_int(0xf7febc56, 8)== ord('^'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f7, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f8, 8)== ord('\xe9'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f6, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0xf7febc57)
condition = Operators.AND(condition, cpu.EBP == 0xffffd488)
condition = Operators.AND(condition, cpu.ESI == 0xf7ffd938)
condition = Operators.AND(condition, cpu.ESP == 0xffffd3f8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_POP_18_symbolic(self):
''' Instruction POP_18
Groups: not64bitmode
0xf7fe4d37: pop esi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e0)
value = cs.new_bitvec(8)
cs.add(value == 0x94)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e1)
value = cs.new_bitvec(8)
cs.add(value == 0x71)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e2)
value = cs.new_bitvec(8)
cs.add(value == 0xe1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e3)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e4)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
mem[0xf7fe4d37] = '^'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2dc)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2dd)
value = cs.new_bitvec(8)
cs.add(value == 0xd0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2de)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2df)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe4d37
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xf7fdadf8)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xd696910)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2e0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd2e0, 8)== ord('\x94'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e1, 8)== ord('q'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e2, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e3, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e4, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4d37, 8)== ord('^'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2dc, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2dd, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2de, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2df, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4d38)
condition = Operators.AND(condition, cpu.EBP == 0xf7fdadf8)
condition = Operators.AND(condition, cpu.ESI == 0xf7e17194)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2e4)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_POP_19_symbolic(self):
''' Instruction POP_19
Groups: not64bitmode
0xf7fe4d39: pop ebp
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e4)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e5)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e6)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e7)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e8)
value = cs.new_bitvec(8)
cs.add(value == 0x18)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e9)
value = cs.new_bitvec(8)
cs.add(value == 0xab)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ea)
value = cs.new_bitvec(8)
cs.add(value == 0xfd)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2eb)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ec)
value = cs.new_bitvec(8)
cs.add(value == 0xf4)
mem[addr] = value
mem[0xf7fe4d39] = ']'
cpu.EIP = 0xf7fe4d39
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xf7fdadf8)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2e8)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd2e4, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e5, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e7, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e8, 8)== ord('\x18'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e9, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ea, 8)== ord('\xfd'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2eb, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ec, 8)== ord('\xf4'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4d39, 8)== ord(']'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4d3a)
condition = Operators.AND(condition, cpu.EBP == 0xf7fdab18)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2ec)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_POP_2_symbolic(self):
''' Instruction POP_2
Groups: not64bitmode
0xf7fe4d36: pop ebx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e0)
value = cs.new_bitvec(8)
cs.add(value == 0x98)
mem[addr] = value
mem[0xf7fe4d36] = '['
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2d8)
value = cs.new_bitvec(8)
cs.add(value == 0xef)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2d9)
value = cs.new_bitvec(8)
cs.add(value == 0xab)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2da)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2db)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2dc)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2dd)
value = cs.new_bitvec(8)
cs.add(value == 0xd0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2de)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2df)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe4d36
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xf7fdaba8)
cpu.EBX = cs.new_bitvec(32)
cs.add(cpu.EBX == 0xf7ffd000)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2dc)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd2e0, 8)== ord('\x98'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4d36, 8)== ord('['))
condition = Operators.AND(condition, cpu.read_int(0xffffd2d8, 8)== ord('\xef'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2d9, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2da, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2db, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2dc, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2dd, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2de, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2df, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4d37)
condition = Operators.AND(condition, cpu.EBP == 0xf7fdaba8)
condition = Operators.AND(condition, cpu.EBX == 0xf7ffd000)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2e0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_POP_20_symbolic(self):
''' Instruction POP_20
Groups: not64bitmode
0xf7fe4d38: pop edi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e0)
value = cs.new_bitvec(8)
cs.add(value == 0xd0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e1)
value = cs.new_bitvec(8)
cs.add(value == 0x80)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e2)
value = cs.new_bitvec(8)
cs.add(value == 0xe1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e3)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e4)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e5)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e6)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e7)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e8)
value = cs.new_bitvec(8)
cs.add(value == 0x18)
mem[addr] = value
mem[0xf7fe4d38] = '_'
cpu.EIP = 0xf7fe4d38
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7e1ec64)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xf7fdaba8)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2e4)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd2e0, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e1, 8)== ord('\x80'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e2, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e3, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e4, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e5, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e7, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e8, 8)== ord('\x18'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4d38, 8)== ord('_'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4d39)
condition = Operators.AND(condition, cpu.EDI == 0x1)
condition = Operators.AND(condition, cpu.EBP == 0xf7fdaba8)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2e8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_POP_21_symbolic(self):
''' Instruction POP_21
Groups: not64bitmode
0xf7eaa40c: pop edi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd5f0)
value = cs.new_bitvec(8)
cs.add(value == 0x3)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd5f1)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd5f2)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd5f3)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd5f4)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd5f5)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd5f6)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd5f7)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd5f8)
value = cs.new_bitvec(8)
cs.add(value == 0xd4)
mem[addr] = value
mem[0xf7eaa40c] = '_'
cpu.EIP = 0xf7eaa40c
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xffffd5ef)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xbc)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd5f4)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd5f0, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0xffffd5f1, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd5f2, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd5f3, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd5f4, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xffffd5f5, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd5f6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd5f7, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd5f8, 8)== ord('\xd4'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa40c, 8)== ord('_'))
condition = Operators.AND(condition, cpu.EIP == 0xf7eaa40d)
condition = Operators.AND(condition, cpu.EDI == 0x1)
condition = Operators.AND(condition, cpu.EBP == 0xbc)
condition = Operators.AND(condition, cpu.ESP == 0xffffd5f8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_POP_3_symbolic(self):
''' Instruction POP_3
Groups: not64bitmode
0xf7fe57eb: pop ebx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd430)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fe57eb] = '['
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd428)
value = cs.new_bitvec(8)
cs.add(value == 0x4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd429)
value = cs.new_bitvec(8)
cs.add(value == 0x99)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd42a)
value = cs.new_bitvec(8)
cs.add(value == 0xe2)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd42b)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd42c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd42d)
value = cs.new_bitvec(8)
cs.add(value == 0xd0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd42e)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd42f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe57eb
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd438)
cpu.EBX = cs.new_bitvec(32)
cs.add(cpu.EBX == 0xf7ffd000)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd42c)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd430, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd42b, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd428, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.read_int(0xffffd429, 8)== ord('\x99'))
condition = Operators.AND(condition, cpu.read_int(0xffffd42a, 8)== ord('\xe2'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57eb, 8)== ord('['))
condition = Operators.AND(condition, cpu.read_int(0xffffd42c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd42d, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xffffd42e, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd42f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe57ec)
condition = Operators.AND(condition, cpu.EBP == 0xffffd438)
condition = Operators.AND(condition, cpu.EBX == 0xf7ffd000)
condition = Operators.AND(condition, cpu.ESP == 0xffffd430)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_POP_4_symbolic(self):
''' Instruction POP_4
Groups: not64bitmode
0xf7ff06cb: pop edi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd010)
value = cs.new_bitvec(8)
cs.add(value == 0x41)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd011)
value = cs.new_bitvec(8)
cs.add(value == 0x3)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd012)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd013)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd014)
value = cs.new_bitvec(8)
cs.add(value == 0xb8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd015)
value = cs.new_bitvec(8)
cs.add(value == 0x3)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd016)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd017)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd018)
value = cs.new_bitvec(8)
cs.add(value == 0xcb)
mem[addr] = value
mem[0xf7ff06cb] = '_'
cpu.EIP = 0xf7ff06cb
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x31)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0x61)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd014)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd010, 8)== ord('A'))
condition = Operators.AND(condition, cpu.read_int(0xffffd011, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0xffffd012, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd013, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd014, 8)== ord('\xb8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd015, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0xffffd016, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd017, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd018, 8)== ord('\xcb'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff06cb, 8)== ord('_'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff06cc)
condition = Operators.AND(condition, cpu.EDI == 0x3b8)
condition = Operators.AND(condition, cpu.EBP == 0x61)
condition = Operators.AND(condition, cpu.ESP == 0xffffd018)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_POP_5_symbolic(self):
''' Instruction POP_5
Groups: not64bitmode
0xf7fe4d39: pop ebp
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e4)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e5)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e6)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e7)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e8)
value = cs.new_bitvec(8)
cs.add(value == 0x18)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e9)
value = cs.new_bitvec(8)
cs.add(value == 0xab)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ea)
value = cs.new_bitvec(8)
cs.add(value == 0xfd)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2eb)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ec)
value = cs.new_bitvec(8)
cs.add(value == 0xf4)
mem[addr] = value
mem[0xf7fe4d39] = ']'
cpu.EIP = 0xf7fe4d39
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xf7fdaba8)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2e8)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd2e4, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e5, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e7, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e8, 8)== ord('\x18'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e9, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ea, 8)== ord('\xfd'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2eb, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ec, 8)== ord('\xf4'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4d39, 8)== ord(']'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4d3a)
condition = Operators.AND(condition, cpu.EBP == 0xf7fdab18)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2ec)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_POP_6_symbolic(self):
''' Instruction POP_6
Groups: not64bitmode
0xf7fe4fe2: pop esi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd370)
value = cs.new_bitvec(8)
cs.add(value == 0xb4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd371)
value = cs.new_bitvec(8)
cs.add(value == 0xd4)
mem[addr] = value
mem[0xf7fe4fe2] = '^'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd373)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd374)
value = cs.new_bitvec(8)
cs.add(value == 0x10)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd372)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd36c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd36d)
value = cs.new_bitvec(8)
cs.add(value == 0xd0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd36e)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd36f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe4fe2
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xf7fdab18)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7e17efc)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd370)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd370, 8)== ord('\xb4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd371, 8)== ord('\xd4'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4fe2, 8)== ord('^'))
condition = Operators.AND(condition, cpu.read_int(0xffffd373, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd374, 8)== ord('\x10'))
condition = Operators.AND(condition, cpu.read_int(0xffffd372, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd36c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd36d, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xffffd36e, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd36f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4fe3)
condition = Operators.AND(condition, cpu.EBP == 0xf7fdab18)
condition = Operators.AND(condition, cpu.ESI == 0xffffd4b4)
condition = Operators.AND(condition, cpu.ESP == 0xffffd374)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_POP_7_symbolic(self):
''' Instruction POP_7
Groups: not64bitmode
0xf7fe4d38: pop edi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e0)
value = cs.new_bitvec(8)
cs.add(value == 0x18)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e1)
value = cs.new_bitvec(8)
cs.add(value == 0x8c)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e2)
value = cs.new_bitvec(8)
cs.add(value == 0xe1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e3)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e4)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e5)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e6)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e7)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e8)
value = cs.new_bitvec(8)
cs.add(value == 0x18)
mem[addr] = value
mem[0xf7fe4d38] = '_'
cpu.EIP = 0xf7fe4d38
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7e21984)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xf7fdaba8)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2e4)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd2e0, 8)== ord('\x18'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e1, 8)== ord('\x8c'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e2, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e3, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e4, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e5, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e7, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e8, 8)== ord('\x18'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4d38, 8)== ord('_'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4d39)
condition = Operators.AND(condition, cpu.EDI == 0x1)
condition = Operators.AND(condition, cpu.EBP == 0xf7fdaba8)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2e8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_POP_8_symbolic(self):
''' Instruction POP_8
Groups: not64bitmode
0xf7fe4fe4: pop ebp
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe4fe4] = ']'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd375)
value = cs.new_bitvec(8)
cs.add(value == 0xaa)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd376)
value = cs.new_bitvec(8)
cs.add(value == 0xfd)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd377)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd378)
value = cs.new_bitvec(8)
cs.add(value == 0x38)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd374)
value = cs.new_bitvec(8)
cs.add(value == 0x10)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37a)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37b)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37c)
value = cs.new_bitvec(8)
cs.add(value == 0x7a)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd379)
value = cs.new_bitvec(8)
cs.add(value == 0xd4)
mem[addr] = value
cpu.EIP = 0xf7fe4fe4
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xf7fdab18)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd378)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4fe4, 8)== ord(']'))
condition = Operators.AND(condition, cpu.read_int(0xffffd375, 8)== ord('\xaa'))
condition = Operators.AND(condition, cpu.read_int(0xffffd376, 8)== ord('\xfd'))
condition = Operators.AND(condition, cpu.read_int(0xffffd377, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd378, 8)== ord('8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd374, 8)== ord('\x10'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37a, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37b, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37c, 8)== ord('z'))
condition = Operators.AND(condition, cpu.read_int(0xffffd379, 8)== ord('\xd4'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4fe5)
condition = Operators.AND(condition, cpu.EBP == 0xffffd438)
condition = Operators.AND(condition, cpu.ESP == 0xffffd37c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_POP_9_symbolic(self):
''' Instruction POP_9
Groups: not64bitmode
0xf7fe57eb: pop ebx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd430)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fe57eb] = '['
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd428)
value = cs.new_bitvec(8)
cs.add(value == 0x4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd429)
value = cs.new_bitvec(8)
cs.add(value == 0x99)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd42a)
value = cs.new_bitvec(8)
cs.add(value == 0xe2)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd42b)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd42c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd42d)
value = cs.new_bitvec(8)
cs.add(value == 0xd0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd42e)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd42f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe57eb
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd438)
cpu.EBX = cs.new_bitvec(32)
cs.add(cpu.EBX == 0xf7ffd000)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd42c)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd430, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd42b, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd428, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.read_int(0xffffd429, 8)== ord('\x99'))
condition = Operators.AND(condition, cpu.read_int(0xffffd42a, 8)== ord('\xe2'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57eb, 8)== ord('['))
condition = Operators.AND(condition, cpu.read_int(0xffffd42c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd42d, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xffffd42e, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd42f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe57ec)
condition = Operators.AND(condition, cpu.EBP == 0xffffd438)
condition = Operators.AND(condition, cpu.EBX == 0xf7ffd000)
condition = Operators.AND(condition, cpu.ESP == 0xffffd430)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_POR_1_symbolic(self):
''' Instruction POR_1
Groups: sse2
0x8079357: por xmm0, xmmword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0xfc)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0xf1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x80)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb608)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb609)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8079357] = 'f'
mem[0x8079358] = '\x0f'
mem[0x8079359] = '\xeb'
mem[0x807935a] = 'E'
mem[0x807935b] = '\x00'
cpu.EIP = 0x8079357
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\xfc'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\xf1'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x80'))
condition = Operators.AND(condition, cpu.read_int(0xffffb608, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb609, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8079357, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8079358, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8079359, 8)== ord('\xeb'))
condition = Operators.AND(condition, cpu.read_int(0x807935a, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x807935b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x807935c)
condition = Operators.AND(condition, cpu.XMM0 == 0x80f1fc0000000101)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_POR_2_symbolic(self):
''' Instruction POR_2
Groups: sse2
0x8079353: por xmm0, xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079353] = 'f'
mem[0x8079354] = '\x0f'
mem[0x8079355] = '\xeb'
mem[0x8079356] = '\xc1'
cpu.EIP = 0x8079353
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079353, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8079354, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8079355, 8)== ord('\xeb'))
condition = Operators.AND(condition, cpu.read_int(0x8079356, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x8079357)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PREFETCHT0_1_symbolic(self):
''' Instruction PREFETCHT0_1
Groups: sse1
0x8070431: prefetcht0 byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x60)
mem[addr] = value
mem[0x8070431] = '\x0f'
mem[0x8070432] = '\x18'
mem[0x8070433] = 'M'
mem[0x8070434] = '\x00'
cpu.EIP = 0x8070431
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('`'))
condition = Operators.AND(condition, cpu.read_int(0x8070431, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8070432, 8)== ord('\x18'))
condition = Operators.AND(condition, cpu.read_int(0x8070433, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x8070434, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8070435)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PREFETCHT1_1_symbolic(self):
''' Instruction PREFETCHT1_1
Groups: sse1
0x807042d: prefetcht1 byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x8070430] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x60)
mem[addr] = value
mem[0x807042d] = '\x0f'
mem[0x807042e] = '\x18'
mem[0x807042f] = 'U'
cpu.EIP = 0x807042d
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8070430, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('`'))
condition = Operators.AND(condition, cpu.read_int(0x807042d, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x807042e, 8)== ord('\x18'))
condition = Operators.AND(condition, cpu.read_int(0x807042f, 8)== ord('U'))
condition = Operators.AND(condition, cpu.EIP == 0x8070431)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PREFETCHT2_1_symbolic(self):
''' Instruction PREFETCHT2_1
Groups: sse1
0x8070429: prefetcht2 byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x60)
mem[addr] = value
mem[0x8070429] = '\x0f'
mem[0x807042a] = '\x18'
mem[0x807042b] = ']'
mem[0x807042c] = '\x00'
cpu.EIP = 0x8070429
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('`'))
condition = Operators.AND(condition, cpu.read_int(0x8070429, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x807042a, 8)== ord('\x18'))
condition = Operators.AND(condition, cpu.read_int(0x807042b, 8)== ord(']'))
condition = Operators.AND(condition, cpu.read_int(0x807042c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x807042d)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PSHUFD_1_symbolic(self):
''' Instruction PSHUFD_1
Groups: sse2
0x8060d6e: pshufd xmm0, xmm1, 2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08060000, 0x1000, 'rwx')
mem[0x8060d70] = 'p'
mem[0x8060d71] = '\xc1'
mem[0x8060d72] = '\x02'
mem[0x8060d6e] = 'f'
mem[0x8060d6f] = '\x0f'
cpu.EIP = 0x8060d6e
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8060d70, 8)== ord('p'))
condition = Operators.AND(condition, cpu.read_int(0x8060d71, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x8060d72, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.read_int(0x8060d6e, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8060d6f, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0x8060d73)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PSHUFD_2_symbolic(self):
''' Instruction PSHUFD_2
Groups: sse2
0x8060d73: pshufd xmm0, xmmword ptr [ebp], 2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08060000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x80)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0xf0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb608)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb609)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8060d73] = 'f'
mem[0x8060d74] = '\x0f'
mem[0x8060d75] = 'p'
mem[0x8060d76] = 'E'
mem[0x8060d77] = '\x00'
mem[0x8060d78] = '\x02'
cpu.EIP = 0x8060d73
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x80'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\xf0'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb608, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb609, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8060d73, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8060d74, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8060d75, 8)== ord('p'))
condition = Operators.AND(condition, cpu.read_int(0x8060d76, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x8060d77, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8060d78, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0x8060d79)
condition = Operators.AND(condition, cpu.XMM0 == 0xf0800000f0800000f0800000000000)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PSHUFLW_1_symbolic(self):
''' Instruction PSHUFLW_1
Groups: sse2
0x8060d7e: pshuflw xmm0, xmmword ptr [ebp], 2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08060000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x8060d80] = 'p'
mem[0x8060d81] = 'E'
mem[0x8060d82] = '\x00'
mem[0x8060d83] = '\x02'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x80)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb608)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb609)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0xf0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8060d7e] = '\xf2'
mem[0x8060d7f] = '\x0f'
cpu.EIP = 0x8060d7e
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8060d80, 8)== ord('p'))
condition = Operators.AND(condition, cpu.read_int(0x8060d81, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x8060d82, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8060d83, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x80'))
condition = Operators.AND(condition, cpu.read_int(0xffffb608, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb609, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\xf0'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8060d7e, 8)== ord('\xf2'))
condition = Operators.AND(condition, cpu.read_int(0x8060d7f, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0x8060d84)
condition = Operators.AND(condition, cpu.XMM0 == 0x8000800080000000)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PSHUFLW_2_symbolic(self):
''' Instruction PSHUFLW_2
Groups: sse2
0x8060d79: pshuflw xmm0, xmm1, 2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08060000, 0x1000, 'rwx')
mem[0x8060d79] = '\xf2'
mem[0x8060d7a] = '\x0f'
mem[0x8060d7b] = 'p'
mem[0x8060d7c] = '\xc1'
mem[0x8060d7d] = '\x02'
cpu.EIP = 0x8060d79
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0xf0800000f0800000f0800000000000)
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8060d79, 8)== ord('\xf2'))
condition = Operators.AND(condition, cpu.read_int(0x8060d7a, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8060d7b, 8)== ord('p'))
condition = Operators.AND(condition, cpu.read_int(0x8060d7c, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x8060d7d, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0x8060d7e)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PSLLDQ_1_symbolic(self):
''' Instruction PSLLDQ_1
Groups: sse2
0x80701bd: pslldq xmm0, 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x80701c0] = '\xf8'
mem[0x80701c1] = '\x04'
mem[0x80701bd] = 'f'
mem[0x80701be] = '\x0f'
mem[0x80701bf] = 's'
cpu.EIP = 0x80701bd
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80701c0, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0x80701c1, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.read_int(0x80701bd, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x80701be, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80701bf, 8)== ord('s'))
condition = Operators.AND(condition, cpu.EIP == 0x80701c2)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PSLLDQ_2_symbolic(self):
''' Instruction PSLLDQ_2
Groups: sse2
0x80701c2: pslldq xmm0, -1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x80701c2] = 'f'
mem[0x80701c3] = '\x0f'
mem[0x80701c4] = 's'
mem[0x80701c5] = '\xf8'
mem[0x80701c6] = '\xff'
cpu.EIP = 0x80701c2
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80701c2, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x80701c3, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80701c4, 8)== ord('s'))
condition = Operators.AND(condition, cpu.read_int(0x80701c5, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0x80701c6, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0x80701c7)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PSRLDQ_1_symbolic(self):
''' Instruction PSRLDQ_1
Groups: sse2
0x807948d: psrldq xmm0, -1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079490] = '\xd8'
mem[0x8079491] = '\xff'
mem[0x807948d] = 'f'
mem[0x807948e] = '\x0f'
mem[0x807948f] = 's'
cpu.EIP = 0x807948d
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079490, 8)== ord('\xd8'))
condition = Operators.AND(condition, cpu.read_int(0x8079491, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0x807948d, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x807948e, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x807948f, 8)== ord('s'))
condition = Operators.AND(condition, cpu.EIP == 0x8079492)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PSRLDQ_2_symbolic(self):
''' Instruction PSRLDQ_2
Groups: sse2
0x8079488: psrldq xmm0, 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079488] = 'f'
mem[0x8079489] = '\x0f'
mem[0x807948a] = 's'
mem[0x807948b] = '\xd8'
mem[0x807948c] = '\x04'
cpu.EIP = 0x8079488
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079488, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8079489, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x807948a, 8)== ord('s'))
condition = Operators.AND(condition, cpu.read_int(0x807948b, 8)== ord('\xd8'))
condition = Operators.AND(condition, cpu.read_int(0x807948c, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.EIP == 0x807948d)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PSRLQ_1_symbolic(self):
''' Instruction PSRLQ_1
Groups: sse2
0x80702c5: psrlq xmm0, xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x80702c8] = '\xc1'
mem[0x80702c5] = 'f'
mem[0x80702c6] = '\x0f'
mem[0x80702c7] = '\xd3'
cpu.EIP = 0x80702c5
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x80f1fc0001e18501)
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80702c8, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x80702c5, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x80702c6, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80702c7, 8)== ord('\xd3'))
condition = Operators.AND(condition, cpu.EIP == 0x80702c9)
condition = Operators.AND(condition, cpu.XMM0 == 0x80f1fc0001e18501)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PSRLQ_2_symbolic(self):
''' Instruction PSRLQ_2
Groups: sse2
0x80702c9: psrlq xmm0, xmmword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x85)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0xe1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0xfc)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0xf1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x80)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb608)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x80702c9] = 'f'
mem[0x80702ca] = '\x0f'
mem[0x80702cb] = '\xd3'
mem[0x80702cc] = 'E'
mem[0x80702cd] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb609)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0x80702c9
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x80f1fc0001e18501)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x85'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\xfc'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\xf1'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x80'))
condition = Operators.AND(condition, cpu.read_int(0xffffb608, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x80702c9, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x80702ca, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80702cb, 8)== ord('\xd3'))
condition = Operators.AND(condition, cpu.read_int(0x80702cc, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x80702cd, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb609, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x80702ce)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PSRLQ_3_symbolic(self):
''' Instruction PSRLQ_3
Groups: sse2
0x80702ce: psrlq xmm0, 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x80702d0] = 's'
mem[0x80702d1] = '\xd0'
mem[0x80702d2] = '\x04'
mem[0x80702ce] = 'f'
mem[0x80702cf] = '\x0f'
cpu.EIP = 0x80702ce
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80702d0, 8)== ord('s'))
condition = Operators.AND(condition, cpu.read_int(0x80702d1, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0x80702d2, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.read_int(0x80702ce, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x80702cf, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0x80702d3)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PSRLQ_4_symbolic(self):
''' Instruction PSRLQ_4
Groups: sse2
0x80702d3: psrlq xmm0, -1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x80702d3] = 'f'
mem[0x80702d4] = '\x0f'
mem[0x80702d5] = 's'
mem[0x80702d6] = '\xd0'
mem[0x80702d7] = '\xff'
cpu.EIP = 0x80702d3
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80702d3, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x80702d4, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80702d5, 8)== ord('s'))
condition = Operators.AND(condition, cpu.read_int(0x80702d6, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0x80702d7, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0x80702d8)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PSUBB_1_symbolic(self):
''' Instruction PSUBB_1
Groups: sse2
0x805bb96: psubb xmm0, xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x805bb98] = '\xf8'
mem[0x805bb99] = '\xc1'
mem[0x805bb96] = 'f'
mem[0x805bb97] = '\x0f'
cpu.EIP = 0x805bb96
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805bb98, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0x805bb99, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x805bb96, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x805bb97, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0x805bb9a)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PSUBB_2_symbolic(self):
''' Instruction PSUBB_2
Groups: sse2
0x805bb9a: psubb xmm0, xmmword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb608)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb609)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x805bb9a] = 'f'
mem[0x805bb9b] = '\x0f'
mem[0x805bb9c] = '\xf8'
mem[0x805bb9d] = 'E'
mem[0x805bb9e] = '\x00'
cpu.EIP = 0x805bb9a
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb608, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb609, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805bb9a, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x805bb9b, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x805bb9c, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0x805bb9d, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x805bb9e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x805bb9f)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PTEST_1_symbolic(self):
''' Instruction PTEST_1
Groups: sse41
0x80702df: ptest xmm0, xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x80702e0] = '\x0f'
mem[0x80702e1] = '8'
mem[0x80702e2] = '\x17'
mem[0x80702e3] = '\xc1'
mem[0x80702df] = 'f'
cpu.EIP = 0x80702df
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80702e0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80702e1, 8)== ord('8'))
condition = Operators.AND(condition, cpu.read_int(0x80702e2, 8)== ord('\x17'))
condition = Operators.AND(condition, cpu.read_int(0x80702e3, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x80702df, 8)== ord('f'))
condition = Operators.AND(condition, cpu.EIP == 0x80702e4)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PTEST_2_symbolic(self):
''' Instruction PTEST_2
Groups: sse41
0x80702e4: ptest xmm0, xmmword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x85)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0xe1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0xfc)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0xf1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x80)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb608)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb609)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x80702e4] = 'f'
mem[0x80702e5] = '\x0f'
mem[0x80702e6] = '8'
mem[0x80702e7] = '\x17'
mem[0x80702e8] = 'E'
mem[0x80702e9] = '\x00'
cpu.EIP = 0x80702e4
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x85'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\xfc'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\xf1'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x80'))
condition = Operators.AND(condition, cpu.read_int(0xffffb608, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb609, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x80702e4, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x80702e5, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80702e6, 8)== ord('8'))
condition = Operators.AND(condition, cpu.read_int(0x80702e7, 8)== ord('\x17'))
condition = Operators.AND(condition, cpu.read_int(0x80702e8, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x80702e9, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x80702ea)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PUNPCKLBW_1_symbolic(self):
''' Instruction PUNPCKLBW_1
Groups: sse2
0x8079382: punpcklbw xmm0, xmmword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8079382] = 'f'
mem[0x8079383] = '\x0f'
mem[0x8079384] = '`'
mem[0x8079385] = 'E'
mem[0x8079386] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x80)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb608)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb609)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0xf1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0xfc)
mem[addr] = value
cpu.EIP = 0x8079382
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x8000f100fc00000000000000010001)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8079382, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8079383, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8079384, 8)== ord('`'))
condition = Operators.AND(condition, cpu.read_int(0x8079385, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x8079386, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x80'))
condition = Operators.AND(condition, cpu.read_int(0xffffb608, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb609, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\xf1'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\xfc'))
condition = Operators.AND(condition, cpu.EIP == 0x8079387)
condition = Operators.AND(condition, cpu.XMM0 == 0x8000f100fc0000000000000100000101)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PUNPCKLBW_2_symbolic(self):
''' Instruction PUNPCKLBW_2
Groups: sse2
0x807937e: punpcklbw xmm0, xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079380] = '`'
mem[0x8079381] = '\xc1'
mem[0x807937e] = 'f'
mem[0x807937f] = '\x0f'
cpu.EIP = 0x807937e
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x80f1fc0000000101)
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079380, 8)== ord('`'))
condition = Operators.AND(condition, cpu.read_int(0x8079381, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x807937e, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x807937f, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0x8079382)
condition = Operators.AND(condition, cpu.XMM0 == 0x8000f100fc00000000000000010001)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PUNPCKLDQ_1_symbolic(self):
''' Instruction PUNPCKLDQ_1
Groups: sse2
0x804d60e: punpckldq xmm0, xmmword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb608)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb609)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x804d60e] = 'f'
mem[0x804d60f] = '\x0f'
mem[0x804d610] = 'b'
mem[0x804d611] = 'E'
mem[0x804d612] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0x804d60e
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb608, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb609, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804d60e, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x804d60f, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d610, 8)== ord('b'))
condition = Operators.AND(condition, cpu.read_int(0x804d611, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x804d612, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x804d613)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PUNPCKLDQ_2_symbolic(self):
''' Instruction PUNPCKLDQ_2
Groups: sse2
0x804d60a: punpckldq xmm0, xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x804d60a] = 'f'
mem[0x804d60b] = '\x0f'
mem[0x804d60c] = 'b'
mem[0x804d60d] = '\xc1'
cpu.EIP = 0x804d60a
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804d60a, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x804d60b, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x804d60c, 8)== ord('b'))
condition = Operators.AND(condition, cpu.read_int(0x804d60d, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x804d60e)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PUNPCKLQDQ_1_symbolic(self):
''' Instruction PUNPCKLQDQ_1
Groups: sse2
0x8056673: punpcklqdq xmm0, xmmword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08056000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb608)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb609)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8056673] = 'f'
mem[0x8056674] = '\x0f'
mem[0x8056675] = 'l'
mem[0x8056676] = 'E'
mem[0x8056677] = '\x00'
cpu.EIP = 0x8056673
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb608, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb609, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8056673, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8056674, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8056675, 8)== ord('l'))
condition = Operators.AND(condition, cpu.read_int(0x8056676, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x8056677, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8056678)
condition = Operators.AND(condition, cpu.XMM0 == 0xffffffff0000000000000000)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PUNPCKLQDQ_2_symbolic(self):
''' Instruction PUNPCKLQDQ_2
Groups: sse2
0x805666f: punpcklqdq xmm0, xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08056000, 0x1000, 'rwx')
mem[0x8056670] = '\x0f'
mem[0x8056671] = 'l'
mem[0x8056672] = '\xc1'
mem[0x805666f] = 'f'
cpu.EIP = 0x805666f
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8056670, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8056671, 8)== ord('l'))
condition = Operators.AND(condition, cpu.read_int(0x8056672, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x805666f, 8)== ord('f'))
condition = Operators.AND(condition, cpu.EIP == 0x8056673)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PUNPCKLWD_1_symbolic(self):
''' Instruction PUNPCKLWD_1
Groups: sse2
0x805985b: punpcklwd xmm0, xmmword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb608)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb609)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x805985b] = 'f'
mem[0x805985c] = '\x0f'
mem[0x805985d] = 'a'
mem[0x805985e] = 'E'
mem[0x805985f] = '\x00'
cpu.EIP = 0x805985b
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb608, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb609, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805985b, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x805985c, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x805985d, 8)== ord('a'))
condition = Operators.AND(condition, cpu.read_int(0x805985e, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x805985f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8059860)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PUNPCKLWD_2_symbolic(self):
''' Instruction PUNPCKLWD_2
Groups: sse2
0x8059857: punpcklwd xmm0, xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x8059858] = '\x0f'
mem[0x8059859] = 'a'
mem[0x805985a] = '\xc1'
mem[0x8059857] = 'f'
cpu.EIP = 0x8059857
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8059858, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8059859, 8)== ord('a'))
condition = Operators.AND(condition, cpu.read_int(0x805985a, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x8059857, 8)== ord('f'))
condition = Operators.AND(condition, cpu.EIP == 0x805985b)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PUSH_1_symbolic(self):
''' Instruction PUSH_1
Groups: not64bitmode
0xf7febbf3: push esi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7feb000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7febbf3] = 'V'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f4)
value = cs.new_bitvec(8)
cs.add(value == 0x38)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f5)
value = cs.new_bitvec(8)
cs.add(value == 0xd9)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f6)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f7)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f8)
value = cs.new_bitvec(8)
cs.add(value == 0xe9)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f9)
value = cs.new_bitvec(8)
cs.add(value == 0x81)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3fa)
value = cs.new_bitvec(8)
cs.add(value == 0x4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3fb)
value = cs.new_bitvec(8)
cs.add(value == 0x8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3fc)
value = cs.new_bitvec(8)
cs.add(value == 0x4c)
mem[addr] = value
cpu.EIP = 0xf7febbf3
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd488)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7ffdc28)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd3f8)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7febbf3, 8)== ord('V'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f4, 8)== ord('('))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f5, 8)== ord('\xdc'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f6, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f7, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f8, 8)== ord('\xe9'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f9, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3fa, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3fb, 8)== ord('\x08'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3fc, 8)== ord('L'))
condition = Operators.AND(condition, cpu.EIP == 0xf7febbf4)
condition = Operators.AND(condition, cpu.EBP == 0xffffd488)
condition = Operators.AND(condition, cpu.ESI == 0xf7ffdc28)
condition = Operators.AND(condition, cpu.ESP == 0xffffd3f4)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PUSH_10_symbolic(self):
''' Instruction PUSH_10
Groups: not64bitmode
0xf7fe4c87: push ebx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e0)
value = cs.new_bitvec(8)
cs.add(value == 0x6c)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e1)
value = cs.new_bitvec(8)
cs.add(value == 0x8a)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e2)
value = cs.new_bitvec(8)
cs.add(value == 0xe1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e3)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e4)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
mem[0xf7fe4c87] = 'S'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2dc)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2dd)
value = cs.new_bitvec(8)
cs.add(value == 0xd0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2de)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2df)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe4c87
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xf7fdab18)
cpu.EBX = cs.new_bitvec(32)
cs.add(cpu.EBX == 0xf7ffd000)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2e0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd2e0, 8)== ord('l'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e1, 8)== ord('\x8a'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e2, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e3, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e4, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4c87, 8)== ord('S'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2dc, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2dd, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2de, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2df, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4c88)
condition = Operators.AND(condition, cpu.EBP == 0xf7fdab18)
condition = Operators.AND(condition, cpu.EBX == 0xf7ffd000)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2dc)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PUSH_11_symbolic(self):
''' Instruction PUSH_11
Groups: not64bitmode
0xf7fe4c87: push ebx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e0)
value = cs.new_bitvec(8)
cs.add(value == 0x88)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e1)
value = cs.new_bitvec(8)
cs.add(value == 0x76)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e2)
value = cs.new_bitvec(8)
cs.add(value == 0xe1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e3)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e4)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
mem[0xf7fe4c87] = 'S'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2dc)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2dd)
value = cs.new_bitvec(8)
cs.add(value == 0xd0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2de)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2df)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe4c87
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xf7fdab18)
cpu.EBX = cs.new_bitvec(32)
cs.add(cpu.EBX == 0xf7ffd000)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2e0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd2e0, 8)== ord('\x88'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e1, 8)== ord('v'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e2, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e3, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e4, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4c87, 8)== ord('S'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2dc, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2dd, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2de, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2df, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4c88)
condition = Operators.AND(condition, cpu.EBP == 0xf7fdab18)
condition = Operators.AND(condition, cpu.EBX == 0xf7ffd000)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2dc)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PUSH_12_symbolic(self):
''' Instruction PUSH_12
Groups: not64bitmode
0xf7fe4e15: push ebx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd370)
value = cs.new_bitvec(8)
cs.add(value == 0xb4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd371)
value = cs.new_bitvec(8)
cs.add(value == 0xd4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd372)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd373)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd374)
value = cs.new_bitvec(8)
cs.add(value == 0x10)
mem[addr] = value
mem[0xf7fe4e15] = 'S'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd36c)
value = cs.new_bitvec(8)
cs.add(value == 0xf5)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd36d)
value = cs.new_bitvec(8)
cs.add(value == 0x8a)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd36e)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd36f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe4e15
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd438)
cpu.EBX = cs.new_bitvec(32)
cs.add(cpu.EBX == 0xf7ffd000)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd370)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd370, 8)== ord('\xb4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd371, 8)== ord('\xd4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd372, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd373, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd374, 8)== ord('\x10'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4e15, 8)== ord('S'))
condition = Operators.AND(condition, cpu.read_int(0xffffd36c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd36d, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xffffd36e, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd36f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4e16)
condition = Operators.AND(condition, cpu.EBP == 0xffffd438)
condition = Operators.AND(condition, cpu.EBX == 0xf7ffd000)
condition = Operators.AND(condition, cpu.ESP == 0xffffd36c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PUSH_13_symbolic(self):
''' Instruction PUSH_13
Groups: not64bitmode
0xf7fe5670: push ebp
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd440)
value = cs.new_bitvec(8)
cs.add(value == 0x10)
mem[addr] = value
mem[0xf7fe5670] = 'U'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd438)
value = cs.new_bitvec(8)
cs.add(value == 0xf8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd439)
value = cs.new_bitvec(8)
cs.add(value == 0xd4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43a)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43b)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43c)
value = cs.new_bitvec(8)
cs.add(value == 0xf8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43d)
value = cs.new_bitvec(8)
cs.add(value == 0x72)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43e)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe5670
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd4f8)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd43c)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd440, 8)== ord('\x10'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe5670, 8)== ord('U'))
condition = Operators.AND(condition, cpu.read_int(0xffffd438, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd439, 8)== ord('\xd4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43a, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43b, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43c, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43d, 8)== ord('r'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43e, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe5671)
condition = Operators.AND(condition, cpu.EBP == 0xffffd4f8)
condition = Operators.AND(condition, cpu.ESP == 0xffffd438)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PUSH_14_symbolic(self):
''' Instruction PUSH_14
Groups: not64bitmode
0xf7fe5670: push ebp
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd440)
value = cs.new_bitvec(8)
cs.add(value == 0x10)
mem[addr] = value
mem[0xf7fe5670] = 'U'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd438)
value = cs.new_bitvec(8)
cs.add(value == 0xf8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd439)
value = cs.new_bitvec(8)
cs.add(value == 0xd4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43a)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43b)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43c)
value = cs.new_bitvec(8)
cs.add(value == 0xf8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43d)
value = cs.new_bitvec(8)
cs.add(value == 0x72)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43e)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe5670
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd4f8)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd43c)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd440, 8)== ord('\x10'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe5670, 8)== ord('U'))
condition = Operators.AND(condition, cpu.read_int(0xffffd438, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd439, 8)== ord('\xd4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43a, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43b, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43c, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43d, 8)== ord('r'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43e, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe5671)
condition = Operators.AND(condition, cpu.EBP == 0xffffd4f8)
condition = Operators.AND(condition, cpu.ESP == 0xffffd438)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PUSH_15_symbolic(self):
''' Instruction PUSH_15
Groups: not64bitmode
0xf7fe4c84: push esi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e0)
value = cs.new_bitvec(8)
cs.add(value == 0xa4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e1)
value = cs.new_bitvec(8)
cs.add(value == 0x81)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e2)
value = cs.new_bitvec(8)
cs.add(value == 0x4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e3)
value = cs.new_bitvec(8)
cs.add(value == 0x8)
mem[addr] = value
mem[0xf7fe4c84] = 'V'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e5)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e6)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e7)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e8)
value = cs.new_bitvec(8)
cs.add(value == 0x18)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e4)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
cpu.EIP = 0xf7fe4c84
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xf7fdab18)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7e17d20)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2e4)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd2e0, 8)== ord(' '))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e1, 8)== ord('}'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e2, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e3, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4c84, 8)== ord('V'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e5, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e7, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e8, 8)== ord('\x18'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e4, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4c85)
condition = Operators.AND(condition, cpu.EBP == 0xf7fdab18)
condition = Operators.AND(condition, cpu.ESI == 0xf7e17d20)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2e0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PUSH_16_symbolic(self):
''' Instruction PUSH_16
Groups: not64bitmode
0xf7fe4c81: push edi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe4c81] = 'W'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e4)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e5)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e6)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e7)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e8)
value = cs.new_bitvec(8)
cs.add(value == 0x18)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e9)
value = cs.new_bitvec(8)
cs.add(value == 0xab)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ea)
value = cs.new_bitvec(8)
cs.add(value == 0xfd)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2eb)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ec)
value = cs.new_bitvec(8)
cs.add(value == 0xf4)
mem[addr] = value
cpu.EIP = 0xf7fe4c81
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x1)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xf7fdab18)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2e8)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4c81, 8)== ord('W'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e4, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e5, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e7, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e8, 8)== ord('\x18'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e9, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ea, 8)== ord('\xfd'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2eb, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ec, 8)== ord('\xf4'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4c82)
condition = Operators.AND(condition, cpu.EDI == 0x1)
condition = Operators.AND(condition, cpu.EBP == 0xf7fdab18)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2e4)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PUSH_17_symbolic(self):
''' Instruction PUSH_17
Groups: not64bitmode
0x80482da: push edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd6a4)
value = cs.new_bitvec(8)
cs.add(value == 0xb0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd6a5)
value = cs.new_bitvec(8)
cs.add(value == 0xd6)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd6a6)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd6a7)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd6a8)
value = cs.new_bitvec(8)
cs.add(value == 0xac)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd6a9)
value = cs.new_bitvec(8)
cs.add(value == 0xd6)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd6aa)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd6ab)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd6ac)
value = cs.new_bitvec(8)
cs.add(value == 0x1c)
mem[addr] = value
mem[0x80482da] = 'R'
cpu.EIP = 0x80482da
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7feb160)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0x0)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd6a8)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd6a4, 8)== ord('`'))
condition = Operators.AND(condition, cpu.read_int(0xffffd6a5, 8)== ord('\xb1'))
condition = Operators.AND(condition, cpu.read_int(0xffffd6a6, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd6a7, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd6a8, 8)== ord('\xac'))
condition = Operators.AND(condition, cpu.read_int(0xffffd6a9, 8)== ord('\xd6'))
condition = Operators.AND(condition, cpu.read_int(0xffffd6aa, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd6ab, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd6ac, 8)== ord('\x1c'))
condition = Operators.AND(condition, cpu.read_int(0x80482da, 8)== ord('R'))
condition = Operators.AND(condition, cpu.EIP == 0x80482db)
condition = Operators.AND(condition, cpu.EDX == 0xf7feb160)
condition = Operators.AND(condition, cpu.EBP == 0x0)
condition = Operators.AND(condition, cpu.ESP == 0xffffd6a4)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PUSH_18_symbolic(self):
''' Instruction PUSH_18
Groups: not64bitmode
0xf7fe4c84: push esi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e0)
value = cs.new_bitvec(8)
cs.add(value == 0xb8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e1)
value = cs.new_bitvec(8)
cs.add(value == 0x6a)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e2)
value = cs.new_bitvec(8)
cs.add(value == 0xe1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e3)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
mem[0xf7fe4c84] = 'V'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e5)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e6)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e7)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e8)
value = cs.new_bitvec(8)
cs.add(value == 0x18)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e4)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
cpu.EIP = 0xf7fe4c84
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xf7fdab18)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7e16df0)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2e4)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd2e0, 8)== ord('\xf0'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e1, 8)== ord('m'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e2, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e3, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4c84, 8)== ord('V'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e5, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e7, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e8, 8)== ord('\x18'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e4, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4c85)
condition = Operators.AND(condition, cpu.EBP == 0xf7fdab18)
condition = Operators.AND(condition, cpu.ESI == 0xf7e16df0)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2e0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PUSH_19_symbolic(self):
''' Instruction PUSH_19
Groups: not64bitmode
0xf7f00d11: push esi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7f00000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7f00d11] = 'V'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd5f4)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd5f5)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd5f6)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd5f7)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd5f8)
value = cs.new_bitvec(8)
cs.add(value == 0xb4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd5f9)
value = cs.new_bitvec(8)
cs.add(value == 0xd6)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd5fa)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd5fb)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd5fc)
value = cs.new_bitvec(8)
cs.add(value == 0xac)
mem[addr] = value
cpu.EIP = 0xf7f00d11
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd6c4)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0x3)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd5f8)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7f00d11, 8)== ord('V'))
condition = Operators.AND(condition, cpu.read_int(0xffffd5f4, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0xffffd5f5, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd5f6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd5f7, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd5f8, 8)== ord('\xb4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd5f9, 8)== ord('\xd6'))
condition = Operators.AND(condition, cpu.read_int(0xffffd5fa, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd5fb, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd5fc, 8)== ord('\xac'))
condition = Operators.AND(condition, cpu.EIP == 0xf7f00d12)
condition = Operators.AND(condition, cpu.EBP == 0xffffd6c4)
condition = Operators.AND(condition, cpu.ESI == 0x3)
condition = Operators.AND(condition, cpu.ESP == 0xffffd5f4)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PUSH_2_symbolic(self):
''' Instruction PUSH_2
Groups: not64bitmode
0xf7fe5673: push edi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe5673] = 'W'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd434)
value = cs.new_bitvec(8)
cs.add(value == 0x6)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd435)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd436)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd437)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd438)
value = cs.new_bitvec(8)
cs.add(value == 0xf8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd439)
value = cs.new_bitvec(8)
cs.add(value == 0xd4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43a)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43b)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43c)
value = cs.new_bitvec(8)
cs.add(value == 0xf8)
mem[addr] = value
cpu.EIP = 0xf7fe5673
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x6)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd438)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd438)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe5673, 8)== ord('W'))
condition = Operators.AND(condition, cpu.read_int(0xffffd434, 8)== ord('\x06'))
condition = Operators.AND(condition, cpu.read_int(0xffffd435, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd436, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd437, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd438, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd439, 8)== ord('\xd4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43a, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43b, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43c, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe5674)
condition = Operators.AND(condition, cpu.EDI == 0x6)
condition = Operators.AND(condition, cpu.EBP == 0xffffd438)
condition = Operators.AND(condition, cpu.ESP == 0xffffd434)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PUSH_20_symbolic(self):
''' Instruction PUSH_20
Groups: not64bitmode
0xf7fe4c81: push edi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe4c81] = 'W'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e4)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e5)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e6)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e7)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e8)
value = cs.new_bitvec(8)
cs.add(value == 0x18)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e9)
value = cs.new_bitvec(8)
cs.add(value == 0xab)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ea)
value = cs.new_bitvec(8)
cs.add(value == 0xfd)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2eb)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ec)
value = cs.new_bitvec(8)
cs.add(value == 0xf4)
mem[addr] = value
cpu.EIP = 0xf7fe4c81
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x1)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xf7fdab18)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2e8)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4c81, 8)== ord('W'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e4, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e5, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e7, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e8, 8)== ord('\x18'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e9, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ea, 8)== ord('\xfd'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2eb, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ec, 8)== ord('\xf4'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4c82)
condition = Operators.AND(condition, cpu.EDI == 0x1)
condition = Operators.AND(condition, cpu.EBP == 0xf7fdab18)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2e4)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PUSH_21_symbolic(self):
''' Instruction PUSH_21
Groups: not64bitmode
0xf7fe4e15: push ebx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd370)
value = cs.new_bitvec(8)
cs.add(value == 0xb4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd371)
value = cs.new_bitvec(8)
cs.add(value == 0xd4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd372)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd373)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd374)
value = cs.new_bitvec(8)
cs.add(value == 0x10)
mem[addr] = value
mem[0xf7fe4e15] = 'S'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd36c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd36d)
value = cs.new_bitvec(8)
cs.add(value == 0xd0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd36e)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd36f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe4e15
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd438)
cpu.EBX = cs.new_bitvec(32)
cs.add(cpu.EBX == 0xf7ffd000)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd370)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd370, 8)== ord('\xb4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd371, 8)== ord('\xd4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd372, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd373, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd374, 8)== ord('\x10'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4e15, 8)== ord('S'))
condition = Operators.AND(condition, cpu.read_int(0xffffd36c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd36d, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xffffd36e, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd36f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4e16)
condition = Operators.AND(condition, cpu.EBP == 0xffffd438)
condition = Operators.AND(condition, cpu.EBX == 0xf7ffd000)
condition = Operators.AND(condition, cpu.ESP == 0xffffd36c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PUSH_3_symbolic(self):
''' Instruction PUSH_3
Groups: not64bitmode
0xf7fec093: push edi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fec093] = 'W'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd484)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd485)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd486)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd487)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd488)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd489)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd48a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd48b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd48c)
value = cs.new_bitvec(8)
cs.add(value == 0x39)
mem[addr] = value
cpu.EIP = 0xf7fec093
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd488)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd488)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fec093, 8)== ord('W'))
condition = Operators.AND(condition, cpu.read_int(0xffffd484, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd485, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd486, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd487, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd488, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd489, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd48a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd48b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd48c, 8)== ord('9'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fec094)
condition = Operators.AND(condition, cpu.EDI == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffd488)
condition = Operators.AND(condition, cpu.ESP == 0xffffd484)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PUSH_4_symbolic(self):
''' Instruction PUSH_4
Groups: not64bitmode
0xf7fe4e10: push ebp
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd380)
value = cs.new_bitvec(8)
cs.add(value == 0xe8)
mem[addr] = value
mem[0xf7fe4e10] = 'U'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd378)
value = cs.new_bitvec(8)
cs.add(value == 0x38)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd379)
value = cs.new_bitvec(8)
cs.add(value == 0xd4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37a)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37b)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37c)
value = cs.new_bitvec(8)
cs.add(value == 0x7a)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37d)
value = cs.new_bitvec(8)
cs.add(value == 0x57)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37e)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe4e10
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd438)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd37c)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd380, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4e10, 8)== ord('U'))
condition = Operators.AND(condition, cpu.read_int(0xffffd378, 8)== ord('8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd379, 8)== ord('\xd4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37a, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37b, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37c, 8)== ord('z'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37d, 8)== ord('W'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37e, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4e11)
condition = Operators.AND(condition, cpu.EBP == 0xffffd438)
condition = Operators.AND(condition, cpu.ESP == 0xffffd378)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PUSH_5_symbolic(self):
''' Instruction PUSH_5
Groups: not64bitmode
0xf7fe5673: push edi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe5673] = 'W'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd434)
value = cs.new_bitvec(8)
cs.add(value == 0x6)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd435)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd436)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd437)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd438)
value = cs.new_bitvec(8)
cs.add(value == 0xf8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd439)
value = cs.new_bitvec(8)
cs.add(value == 0xd4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43a)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43b)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43c)
value = cs.new_bitvec(8)
cs.add(value == 0xf8)
mem[addr] = value
cpu.EIP = 0xf7fe5673
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x6)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd438)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd438)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe5673, 8)== ord('W'))
condition = Operators.AND(condition, cpu.read_int(0xffffd434, 8)== ord('\x06'))
condition = Operators.AND(condition, cpu.read_int(0xffffd435, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd436, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd437, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd438, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd439, 8)== ord('\xd4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43a, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43b, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43c, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe5674)
condition = Operators.AND(condition, cpu.EDI == 0x6)
condition = Operators.AND(condition, cpu.EBP == 0xffffd438)
condition = Operators.AND(condition, cpu.ESP == 0xffffd434)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PUSH_6_symbolic(self):
''' Instruction PUSH_6
Groups: not64bitmode
0xf7febbf3: push esi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7feb000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7febbf3] = 'V'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f4)
value = cs.new_bitvec(8)
cs.add(value == 0x3)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f5)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f6)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f7)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f8)
value = cs.new_bitvec(8)
cs.add(value == 0x49)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3f9)
value = cs.new_bitvec(8)
cs.add(value == 0x80)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3fa)
value = cs.new_bitvec(8)
cs.add(value == 0xe2)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3fb)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd3fc)
value = cs.new_bitvec(8)
cs.add(value == 0x4c)
mem[addr] = value
cpu.EIP = 0xf7febbf3
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd488)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7ffd938)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd3f8)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7febbf3, 8)== ord('V'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f4, 8)== ord('8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f5, 8)== ord('\xd9'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f6, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f7, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f8, 8)== ord('I'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3f9, 8)== ord('\x80'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3fa, 8)== ord('\xe2'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3fb, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd3fc, 8)== ord('L'))
condition = Operators.AND(condition, cpu.EIP == 0xf7febbf4)
condition = Operators.AND(condition, cpu.EBP == 0xffffd488)
condition = Operators.AND(condition, cpu.ESI == 0xf7ffd938)
condition = Operators.AND(condition, cpu.ESP == 0xffffd3f4)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PUSH_7_symbolic(self):
''' Instruction PUSH_7
Groups: not64bitmode
0xf7fe6b50: push ebp
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd440)
value = cs.new_bitvec(8)
cs.add(value == 0xf0)
mem[addr] = value
mem[0xf7fe6b50] = 'U'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd438)
value = cs.new_bitvec(8)
cs.add(value == 0xf8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd439)
value = cs.new_bitvec(8)
cs.add(value == 0xd4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43a)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43b)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43c)
value = cs.new_bitvec(8)
cs.add(value == 0xab)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43d)
value = cs.new_bitvec(8)
cs.add(value == 0x70)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43e)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe6b50
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd4f8)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd43c)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd440, 8)== ord('\xf0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe6b50, 8)== ord('U'))
condition = Operators.AND(condition, cpu.read_int(0xffffd438, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd439, 8)== ord('\xd4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43a, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43b, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43c, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43d, 8)== ord('p'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43e, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe6b51)
condition = Operators.AND(condition, cpu.EBP == 0xffffd4f8)
condition = Operators.AND(condition, cpu.ESP == 0xffffd438)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PUSH_8_symbolic(self):
''' Instruction PUSH_8
Groups: not64bitmode
0xf7ff41a0: push ebx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7ff41a0] = 'S'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd040)
value = cs.new_bitvec(8)
cs.add(value == 0xf0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd038)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd039)
value = cs.new_bitvec(8)
cs.add(value == 0xd0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd03a)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd03b)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd03c)
value = cs.new_bitvec(8)
cs.add(value == 0x94)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd03d)
value = cs.new_bitvec(8)
cs.add(value == 0x12)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd03e)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd03f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7ff41a0
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd088)
cpu.EBX = cs.new_bitvec(32)
cs.add(cpu.EBX == 0xf7ffd000)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd03c)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff41a0, 8)== ord('S'))
condition = Operators.AND(condition, cpu.read_int(0xffffd040, 8)== ord('\xf0'))
condition = Operators.AND(condition, cpu.read_int(0xffffd038, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd039, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xffffd03a, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd03b, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd03c, 8)== ord('\x94'))
condition = Operators.AND(condition, cpu.read_int(0xffffd03d, 8)== ord('\x12'))
condition = Operators.AND(condition, cpu.read_int(0xffffd03e, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd03f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff41a1)
condition = Operators.AND(condition, cpu.EBP == 0xffffd088)
condition = Operators.AND(condition, cpu.EBX == 0xf7ffd000)
condition = Operators.AND(condition, cpu.ESP == 0xffffd038)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PUSH_9_symbolic(self):
''' Instruction PUSH_9
Groups: not64bitmode
0xf7fe4e15: push ebx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd370)
value = cs.new_bitvec(8)
cs.add(value == 0xb4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd371)
value = cs.new_bitvec(8)
cs.add(value == 0xd4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd372)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd373)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd374)
value = cs.new_bitvec(8)
cs.add(value == 0x10)
mem[addr] = value
mem[0xf7fe4e15] = 'S'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd36c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd36d)
value = cs.new_bitvec(8)
cs.add(value == 0xd0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd36e)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd36f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe4e15
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd438)
cpu.EBX = cs.new_bitvec(32)
cs.add(cpu.EBX == 0xf7ffd000)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd370)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd370, 8)== ord('\xb4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd371, 8)== ord('\xd4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd372, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd373, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd374, 8)== ord('\x10'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4e15, 8)== ord('S'))
condition = Operators.AND(condition, cpu.read_int(0xffffd36c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd36d, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xffffd36e, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd36f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4e16)
condition = Operators.AND(condition, cpu.EBP == 0xffffd438)
condition = Operators.AND(condition, cpu.EBX == 0xf7ffd000)
condition = Operators.AND(condition, cpu.ESP == 0xffffd36c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PXOR_1_symbolic(self):
''' Instruction PXOR_1
Groups: sse2
0x8059a6a: pxor xmm0, xmmword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0xec)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x3)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x3)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x78)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb608)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb609)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8059a6a] = 'f'
mem[0x8059a6b] = '\x0f'
mem[0x8059a6c] = '\xef'
mem[0x8059a6d] = 'E'
mem[0x8059a6e] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0x8059a6a
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x1e00)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\xec'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('x'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb608, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb609, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8059a6c, 8)== ord('\xef'))
condition = Operators.AND(condition, cpu.read_int(0x8059a6e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8059a6b, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8059a6a, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8059a6d, 8)== ord('E'))
condition = Operators.AND(condition, cpu.EIP == 0x8059a6f)
condition = Operators.AND(condition, cpu.XMM0 == 0x78031dec)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_PXOR_2_symbolic(self):
''' Instruction PXOR_2
Groups: sse2
0x8059a66: pxor xmm0, xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x8059a68] = '\xef'
mem[0x8059a69] = '\xc1'
mem[0x8059a66] = 'f'
mem[0x8059a67] = '\x0f'
cpu.EIP = 0x8059a66
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x1e00)
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8059a68, 8)== ord('\xef'))
condition = Operators.AND(condition, cpu.read_int(0x8059a69, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x8059a66, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8059a67, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0x8059a6a)
condition = Operators.AND(condition, cpu.XMM0 == 0x1e00)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_RET_1_symbolic(self):
''' Instruction RET_1
Groups: ret, not64bitmode
0xf7ff4256: ret
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2f0)
value = cs.new_bitvec(8)
cs.add(value == 0xc4)
mem[addr] = value
mem[0xf7ff4256] = '\xc3'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e8)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e9)
value = cs.new_bitvec(8)
cs.add(value == 0xd0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ea)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2eb)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ec)
value = cs.new_bitvec(8)
cs.add(value == 0x86)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ed)
value = cs.new_bitvec(8)
cs.add(value == 0x13)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ee)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ef)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7ff4256
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xf7fdb1c4)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2ec)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd2f0, 8)== ord('\xc4'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff4256, 8)== ord('\xc3'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e8, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e9, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ea, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2eb, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ec, 8)== ord('\x86'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ed, 8)== ord('\x13'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ee, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ef, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff1386)
condition = Operators.AND(condition, cpu.EBP == 0xf7fdb1c4)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2f0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_RET_10_symbolic(self):
''' Instruction RET_10
Groups: ret, not64bitmode
0xf7fe57ef: ret 0x14
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd440)
value = cs.new_bitvec(8)
cs.add(value == 0x10)
mem[addr] = value
mem[0xf7fe57ef] = '\xc2'
mem[0xf7fe57f0] = '\x14'
mem[0xf7fe57f1] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd438)
value = cs.new_bitvec(8)
cs.add(value == 0xf8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd439)
value = cs.new_bitvec(8)
cs.add(value == 0xd4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43a)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43b)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43c)
value = cs.new_bitvec(8)
cs.add(value == 0xf8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43d)
value = cs.new_bitvec(8)
cs.add(value == 0x72)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43e)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe57ef
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd4f8)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd43c)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd440, 8)== ord('\x10'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57ef, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57f0, 8)== ord('\x14'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57f1, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd438, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd439, 8)== ord('\xd4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43a, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43b, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43c, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43d, 8)== ord('r'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43e, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe72f8)
condition = Operators.AND(condition, cpu.EBP == 0xffffd4f8)
condition = Operators.AND(condition, cpu.ESP == 0xffffd454)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_RET_11_symbolic(self):
''' Instruction RET_11
Groups: ret, not64bitmode
0xf7ff476b: ret
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2b0)
value = cs.new_bitvec(8)
cs.add(value == 0x61)
mem[addr] = value
mem[0xf7ff476b] = '\xc3'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2a8)
value = cs.new_bitvec(8)
cs.add(value == 0xc0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2a9)
value = cs.new_bitvec(8)
cs.add(value == 0xd4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2aa)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ab)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ac)
value = cs.new_bitvec(8)
cs.add(value == 0x97)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ad)
value = cs.new_bitvec(8)
cs.add(value == 0x4c)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ae)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2af)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7ff476b
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xf7fdab18)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2ac)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd2b0, 8)== ord('a'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ab, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2a8, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2a9, 8)== ord('\xd4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2aa, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff476b, 8)== ord('\xc3'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ac, 8)== ord('\x97'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ad, 8)== ord('L'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ae, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2af, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4c97)
condition = Operators.AND(condition, cpu.EBP == 0xf7fdab18)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2b0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_RET_12_symbolic(self):
''' Instruction RET_12
Groups: ret, not64bitmode
0xf7fe4fe5: ret
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd380)
value = cs.new_bitvec(8)
cs.add(value == 0xe8)
mem[addr] = value
mem[0xf7fe4fe5] = '\xc3'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd378)
value = cs.new_bitvec(8)
cs.add(value == 0x38)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd379)
value = cs.new_bitvec(8)
cs.add(value == 0xd4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37a)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37b)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37c)
value = cs.new_bitvec(8)
cs.add(value == 0x7a)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37d)
value = cs.new_bitvec(8)
cs.add(value == 0x57)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37e)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe4fe5
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd438)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd37c)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd380, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4fe5, 8)== ord('\xc3'))
condition = Operators.AND(condition, cpu.read_int(0xffffd378, 8)== ord('8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd379, 8)== ord('\xd4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37a, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37b, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37c, 8)== ord('z'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37d, 8)== ord('W'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37e, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe577a)
condition = Operators.AND(condition, cpu.EBP == 0xffffd438)
condition = Operators.AND(condition, cpu.ESP == 0xffffd380)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_RET_13_symbolic(self):
''' Instruction RET_13
Groups: ret, not64bitmode
0xf7fdcf15: ret
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fdc000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd500)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fdcf15] = '\xc3'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4f8)
value = cs.new_bitvec(8)
cs.add(value == 0x18)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4f9)
value = cs.new_bitvec(8)
cs.add(value == 0xab)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4fa)
value = cs.new_bitvec(8)
cs.add(value == 0xfd)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4fb)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4fc)
value = cs.new_bitvec(8)
cs.add(value == 0x39)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4fd)
value = cs.new_bitvec(8)
cs.add(value == 0xf1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4fe)
value = cs.new_bitvec(8)
cs.add(value == 0xfd)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4ff)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fdcf15
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd5c8)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd4fc)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd500, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdcf15, 8)== ord('\xc3'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4f8, 8)== ord('\x18'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4f9, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4fa, 8)== ord('\xfd'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4fb, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4fc, 8)== ord('9'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4fd, 8)== ord('\xf1'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4fe, 8)== ord('\xfd'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4ff, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fdf139)
condition = Operators.AND(condition, cpu.EBP == 0xffffd5c8)
condition = Operators.AND(condition, cpu.ESP == 0xffffd500)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_RET_14_symbolic(self):
''' Instruction RET_14
Groups: ret, not64bitmode
0xf7ff476b: ret
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd380)
value = cs.new_bitvec(8)
cs.add(value == 0xe8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37b)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd378)
value = cs.new_bitvec(8)
cs.add(value == 0x38)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd379)
value = cs.new_bitvec(8)
cs.add(value == 0xd4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37a)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
mem[0xf7ff476b] = '\xc3'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37c)
value = cs.new_bitvec(8)
cs.add(value == 0x91)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37d)
value = cs.new_bitvec(8)
cs.add(value == 0x56)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37e)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7ff476b
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd438)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd37c)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd380, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37b, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd378, 8)== ord('8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd379, 8)== ord('\xd4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37a, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff476b, 8)== ord('\xc3'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37c, 8)== ord('\x91'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37d, 8)== ord('V'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37e, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe5691)
condition = Operators.AND(condition, cpu.EBP == 0xffffd438)
condition = Operators.AND(condition, cpu.ESP == 0xffffd380)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_RET_15_symbolic(self):
''' Instruction RET_15
Groups: ret, not64bitmode
0xf7fe4fe5: ret
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd380)
value = cs.new_bitvec(8)
cs.add(value == 0xe8)
mem[addr] = value
mem[0xf7fe4fe5] = '\xc3'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd378)
value = cs.new_bitvec(8)
cs.add(value == 0x38)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd379)
value = cs.new_bitvec(8)
cs.add(value == 0xd4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37a)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37b)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37c)
value = cs.new_bitvec(8)
cs.add(value == 0x7a)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37d)
value = cs.new_bitvec(8)
cs.add(value == 0x57)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37e)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe4fe5
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd438)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd37c)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd380, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4fe5, 8)== ord('\xc3'))
condition = Operators.AND(condition, cpu.read_int(0xffffd378, 8)== ord('8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd379, 8)== ord('\xd4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37a, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37b, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37c, 8)== ord('z'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37d, 8)== ord('W'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37e, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe577a)
condition = Operators.AND(condition, cpu.EBP == 0xffffd438)
condition = Operators.AND(condition, cpu.ESP == 0xffffd380)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_RET_16_symbolic(self):
''' Instruction RET_16
Groups: ret, not64bitmode
0xf7fe57ef: ret 0x14
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd440)
value = cs.new_bitvec(8)
cs.add(value == 0x10)
mem[addr] = value
mem[0xf7fe57ef] = '\xc2'
mem[0xf7fe57f0] = '\x14'
mem[0xf7fe57f1] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd438)
value = cs.new_bitvec(8)
cs.add(value == 0xf8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd439)
value = cs.new_bitvec(8)
cs.add(value == 0xd4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43a)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43b)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43c)
value = cs.new_bitvec(8)
cs.add(value == 0xf8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43d)
value = cs.new_bitvec(8)
cs.add(value == 0x72)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43e)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe57ef
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd4f8)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd43c)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd440, 8)== ord('\x10'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57ef, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57f0, 8)== ord('\x14'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57f1, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd438, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd439, 8)== ord('\xd4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43a, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43b, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43c, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43d, 8)== ord('r'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43e, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe72f8)
condition = Operators.AND(condition, cpu.EBP == 0xffffd4f8)
condition = Operators.AND(condition, cpu.ESP == 0xffffd454)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_RET_17_symbolic(self):
''' Instruction RET_17
Groups: ret, not64bitmode
0xf7fe4d3a: ret
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2f0)
value = cs.new_bitvec(8)
cs.add(value == 0xc4)
mem[addr] = value
mem[0xf7fe4d3a] = '\xc3'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e8)
value = cs.new_bitvec(8)
cs.add(value == 0x18)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e9)
value = cs.new_bitvec(8)
cs.add(value == 0xab)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ea)
value = cs.new_bitvec(8)
cs.add(value == 0xfd)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2eb)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ec)
value = cs.new_bitvec(8)
cs.add(value == 0xf4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ed)
value = cs.new_bitvec(8)
cs.add(value == 0x54)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ee)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ef)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe4d3a
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xf7fdab18)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2ec)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd2f0, 8)== ord('\xc4'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4d3a, 8)== ord('\xc3'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e8, 8)== ord('\x18'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e9, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ea, 8)== ord('\xfd'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2eb, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ec, 8)== ord('\xf4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ed, 8)== ord('T'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ee, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ef, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe54f4)
condition = Operators.AND(condition, cpu.EBP == 0xf7fdab18)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2f0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_RET_18_symbolic(self):
''' Instruction RET_18
Groups: ret, not64bitmode
0xf7fe4fe5: ret
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd380)
value = cs.new_bitvec(8)
cs.add(value == 0xe8)
mem[addr] = value
mem[0xf7fe4fe5] = '\xc3'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd378)
value = cs.new_bitvec(8)
cs.add(value == 0x38)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd379)
value = cs.new_bitvec(8)
cs.add(value == 0xd4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37a)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37b)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37c)
value = cs.new_bitvec(8)
cs.add(value == 0x7a)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37d)
value = cs.new_bitvec(8)
cs.add(value == 0x57)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37e)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe4fe5
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd438)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd37c)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd380, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4fe5, 8)== ord('\xc3'))
condition = Operators.AND(condition, cpu.read_int(0xffffd378, 8)== ord('8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd379, 8)== ord('\xd4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37a, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37b, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37c, 8)== ord('z'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37d, 8)== ord('W'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37e, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe577a)
condition = Operators.AND(condition, cpu.EBP == 0xffffd438)
condition = Operators.AND(condition, cpu.ESP == 0xffffd380)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_RET_19_symbolic(self):
''' Instruction RET_19
Groups: ret, not64bitmode
0xf7ff39cc: ret
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd420)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd41e)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd418)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd419)
value = cs.new_bitvec(8)
cs.add(value == 0xd0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd41a)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd41b)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
mem[0xf7ff39cc] = '\xc3'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd41d)
value = cs.new_bitvec(8)
cs.add(value == 0x6b)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd41c)
value = cs.new_bitvec(8)
cs.add(value == 0x9b)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd41f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7ff39cc
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd438)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd41c)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd420, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd41e, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd418, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd419, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xffffd41a, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd41b, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff39cc, 8)== ord('\xc3'))
condition = Operators.AND(condition, cpu.read_int(0xffffd41d, 8)== ord('k'))
condition = Operators.AND(condition, cpu.read_int(0xffffd41c, 8)== ord('\x9b'))
condition = Operators.AND(condition, cpu.read_int(0xffffd41f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe6b9b)
condition = Operators.AND(condition, cpu.EBP == 0xffffd438)
condition = Operators.AND(condition, cpu.ESP == 0xffffd420)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_RET_2_symbolic(self):
''' Instruction RET_2
Groups: ret, not64bitmode
0xf7ff3e76: ret
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2b0)
value = cs.new_bitvec(8)
cs.add(value == 0x99)
mem[addr] = value
mem[0xf7ff3e76] = '\xc3'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2a8)
value = cs.new_bitvec(8)
cs.add(value == 0xc0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2a9)
value = cs.new_bitvec(8)
cs.add(value == 0xd4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2aa)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ab)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ac)
value = cs.new_bitvec(8)
cs.add(value == 0x9d)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ad)
value = cs.new_bitvec(8)
cs.add(value == 0x4d)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ae)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2af)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7ff3e76
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xf7fdabf8)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2ac)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd2b0, 8)== ord('\x99'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e76, 8)== ord('\xc3'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2a8, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2a9, 8)== ord('\xd4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2aa, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ab, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ac, 8)== ord('\x9d'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ad, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ae, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2af, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4d9d)
condition = Operators.AND(condition, cpu.EBP == 0xf7fdabf8)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2b0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_RET_20_symbolic(self):
''' Instruction RET_20
Groups: ret, not64bitmode
0xf7ff476b: ret
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd380)
value = cs.new_bitvec(8)
cs.add(value == 0xe8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37b)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd378)
value = cs.new_bitvec(8)
cs.add(value == 0x38)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd379)
value = cs.new_bitvec(8)
cs.add(value == 0xd4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37a)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
mem[0xf7ff476b] = '\xc3'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37c)
value = cs.new_bitvec(8)
cs.add(value == 0x91)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37d)
value = cs.new_bitvec(8)
cs.add(value == 0x56)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37e)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7ff476b
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd438)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd37c)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd380, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37b, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd378, 8)== ord('8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd379, 8)== ord('\xd4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37a, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff476b, 8)== ord('\xc3'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37c, 8)== ord('\x91'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37d, 8)== ord('V'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37e, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe5691)
condition = Operators.AND(condition, cpu.EBP == 0xffffd438)
condition = Operators.AND(condition, cpu.ESP == 0xffffd380)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_RET_21_symbolic(self):
''' Instruction RET_21
Groups: ret, not64bitmode
0xf7fe4d3a: ret
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2f0)
value = cs.new_bitvec(8)
cs.add(value == 0xc4)
mem[addr] = value
mem[0xf7fe4d3a] = '\xc3'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e8)
value = cs.new_bitvec(8)
cs.add(value == 0x18)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e9)
value = cs.new_bitvec(8)
cs.add(value == 0xab)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ea)
value = cs.new_bitvec(8)
cs.add(value == 0xfd)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2eb)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ec)
value = cs.new_bitvec(8)
cs.add(value == 0xf4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ed)
value = cs.new_bitvec(8)
cs.add(value == 0x54)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ee)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ef)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe4d3a
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xf7fdab18)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2ec)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd2f0, 8)== ord('\xc4'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4d3a, 8)== ord('\xc3'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e8, 8)== ord('\x18'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e9, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ea, 8)== ord('\xfd'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2eb, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ec, 8)== ord('\xf4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ed, 8)== ord('T'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ee, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ef, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe54f4)
condition = Operators.AND(condition, cpu.EBP == 0xf7fdab18)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2f0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_RET_3_symbolic(self):
''' Instruction RET_3
Groups: ret, not64bitmode
0xf7ff3e76: ret
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2b0)
value = cs.new_bitvec(8)
cs.add(value == 0x34)
mem[addr] = value
mem[0xf7ff3e76] = '\xc3'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2a8)
value = cs.new_bitvec(8)
cs.add(value == 0xc0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2a9)
value = cs.new_bitvec(8)
cs.add(value == 0xd4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2aa)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ab)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ac)
value = cs.new_bitvec(8)
cs.add(value == 0x9d)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ad)
value = cs.new_bitvec(8)
cs.add(value == 0x4d)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ae)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2af)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7ff3e76
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xf7fdadb8)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2ac)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd2b0, 8)== ord('4'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e76, 8)== ord('\xc3'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2a8, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2a9, 8)== ord('\xd4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2aa, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ab, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ac, 8)== ord('\x9d'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ad, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ae, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2af, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4d9d)
condition = Operators.AND(condition, cpu.EBP == 0xf7fdadb8)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2b0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_RET_4_symbolic(self):
''' Instruction RET_4
Groups: ret, not64bitmode
0xf7ff476b: ret
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd380)
value = cs.new_bitvec(8)
cs.add(value == 0xe8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37b)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd378)
value = cs.new_bitvec(8)
cs.add(value == 0x38)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd379)
value = cs.new_bitvec(8)
cs.add(value == 0xd4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37a)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
mem[0xf7ff476b] = '\xc3'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37c)
value = cs.new_bitvec(8)
cs.add(value == 0x91)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37d)
value = cs.new_bitvec(8)
cs.add(value == 0x56)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37e)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd37f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7ff476b
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd438)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd37c)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd380, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37b, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd378, 8)== ord('8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd379, 8)== ord('\xd4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37a, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff476b, 8)== ord('\xc3'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37c, 8)== ord('\x91'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37d, 8)== ord('V'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37e, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd37f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe5691)
condition = Operators.AND(condition, cpu.EBP == 0xffffd438)
condition = Operators.AND(condition, cpu.ESP == 0xffffd380)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_RET_5_symbolic(self):
''' Instruction RET_5
Groups: ret, not64bitmode
0xf7fe57ef: ret 0x14
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd440)
value = cs.new_bitvec(8)
cs.add(value == 0x10)
mem[addr] = value
mem[0xf7fe57ef] = '\xc2'
mem[0xf7fe57f0] = '\x14'
mem[0xf7fe57f1] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd438)
value = cs.new_bitvec(8)
cs.add(value == 0xf8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd439)
value = cs.new_bitvec(8)
cs.add(value == 0xd4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43a)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43b)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43c)
value = cs.new_bitvec(8)
cs.add(value == 0xf8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43d)
value = cs.new_bitvec(8)
cs.add(value == 0x72)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43e)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd43f)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe57ef
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd4f8)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd43c)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd440, 8)== ord('\x10'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57ef, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57f0, 8)== ord('\x14'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57f1, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd438, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd439, 8)== ord('\xd4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43a, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43b, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43c, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43d, 8)== ord('r'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43e, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd43f, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe72f8)
condition = Operators.AND(condition, cpu.EBP == 0xffffd4f8)
condition = Operators.AND(condition, cpu.ESP == 0xffffd454)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_RET_6_symbolic(self):
''' Instruction RET_6
Groups: ret, not64bitmode
0xf7fe0776: ret
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe0000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4d0)
value = cs.new_bitvec(8)
cs.add(value == 0xa0)
mem[addr] = value
mem[0xf7fe0776] = '\xc3'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4c8)
value = cs.new_bitvec(8)
cs.add(value == 0x78)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4c9)
value = cs.new_bitvec(8)
cs.add(value == 0xd8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4ca)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4cb)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4cc)
value = cs.new_bitvec(8)
cs.add(value == 0x97)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4cd)
value = cs.new_bitvec(8)
cs.add(value == 0xac)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4ce)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd4cf)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7fe0776
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xf7fe0740)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd4cc)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd4d0, 8)== ord('\xa0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe0776, 8)== ord('\xc3'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4c8, 8)== ord('x'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4c9, 8)== ord('\xd8'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4ca, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4cb, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4cc, 8)== ord('\x97'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4cd, 8)== ord('\xac'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4ce, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd4cf, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7feac97)
condition = Operators.AND(condition, cpu.EBP == 0xf7fe0740)
condition = Operators.AND(condition, cpu.ESP == 0xffffd4d0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_RET_7_symbolic(self):
''' Instruction RET_7
Groups: ret, not64bitmode
0xf7ff476b: ret
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2f0)
value = cs.new_bitvec(8)
cs.add(value == 0xc4)
mem[addr] = value
mem[0xf7ff476b] = '\xc3'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e8)
value = cs.new_bitvec(8)
cs.add(value == 0x18)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2e9)
value = cs.new_bitvec(8)
cs.add(value == 0xab)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ea)
value = cs.new_bitvec(8)
cs.add(value == 0xfd)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2eb)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ec)
value = cs.new_bitvec(8)
cs.add(value == 0x34)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ed)
value = cs.new_bitvec(8)
cs.add(value == 0x4e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ee)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ef)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7ff476b
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd438)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2ec)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd2f0, 8)== ord('\xc4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2eb, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e8, 8)== ord('\x18'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2e9, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ea, 8)== ord('\xfd'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff476b, 8)== ord('\xc3'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ec, 8)== ord('4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ed, 8)== ord('N'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ee, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ef, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4e34)
condition = Operators.AND(condition, cpu.EBP == 0xffffd438)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2f0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_RET_8_symbolic(self):
''' Instruction RET_8
Groups: ret, not64bitmode
0xf7ff476b: ret
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2b0)
value = cs.new_bitvec(8)
cs.add(value == 0x61)
mem[addr] = value
mem[0xf7ff476b] = '\xc3'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2a8)
value = cs.new_bitvec(8)
cs.add(value == 0xc0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2a9)
value = cs.new_bitvec(8)
cs.add(value == 0xd4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2aa)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ab)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ac)
value = cs.new_bitvec(8)
cs.add(value == 0x97)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ad)
value = cs.new_bitvec(8)
cs.add(value == 0x4c)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ae)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2af)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7ff476b
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xf7fdab18)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2ac)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd2b0, 8)== ord('a'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ab, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2a8, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2a9, 8)== ord('\xd4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2aa, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff476b, 8)== ord('\xc3'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ac, 8)== ord('\x97'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ad, 8)== ord('L'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ae, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2af, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4c97)
condition = Operators.AND(condition, cpu.EBP == 0xf7fdab18)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2b0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_RET_9_symbolic(self):
''' Instruction RET_9
Groups: ret, not64bitmode
0xf7ff476b: ret
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2b0)
value = cs.new_bitvec(8)
cs.add(value == 0x61)
mem[addr] = value
mem[0xf7ff476b] = '\xc3'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2a8)
value = cs.new_bitvec(8)
cs.add(value == 0xc0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2a9)
value = cs.new_bitvec(8)
cs.add(value == 0xd4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2aa)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ab)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ac)
value = cs.new_bitvec(8)
cs.add(value == 0x97)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ad)
value = cs.new_bitvec(8)
cs.add(value == 0x4c)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2ae)
value = cs.new_bitvec(8)
cs.add(value == 0xfe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd2af)
value = cs.new_bitvec(8)
cs.add(value == 0xf7)
mem[addr] = value
cpu.EIP = 0xf7ff476b
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xf7fdab18)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2ac)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd2b0, 8)== ord('a'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ab, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2a8, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2a9, 8)== ord('\xd4'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2aa, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff476b, 8)== ord('\xc3'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ac, 8)== ord('\x97'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ad, 8)== ord('L'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2ae, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.read_int(0xffffd2af, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4c97)
condition = Operators.AND(condition, cpu.EBP == 0xf7fdab18)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2b0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROL_1_symbolic(self):
''' Instruction ROL_1
Groups:
0xf7e43469: rol ecx, 9
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e43000, 0x1000, 'rwx')
mem[0xf7e43469] = '\xc1'
mem[0xf7e4346a] = '\xc1'
mem[0xf7e4346b] = '\t'
cpu.EIP = 0xf7e43469
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x57e6423c)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e43469, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7e4346a, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7e4346b, 8)== ord('\t'))
condition = Operators.AND(condition, cpu.EIP == 0xf7e4346c)
condition = Operators.AND(condition, cpu.ECX == 0xcc8478af)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROL_10_symbolic(self):
''' Instruction ROL_10
Groups:
0x8059a07: rol byte ptr [ebp], 0xff
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x8059a08] = 'E'
mem[0x8059a09] = '\x00'
mem[0x8059a0a] = '\xff'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x30)
mem[addr] = value
mem[0x8059a07] = '\xc0'
cpu.EIP = 0x8059a07
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8059a08, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x8059a09, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8059a0a, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x18'))
condition = Operators.AND(condition, cpu.read_int(0x8059a07, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0x8059a0b)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROL_11_symbolic(self):
''' Instruction ROL_11
Groups:
0x8059a21: rol dword ptr [ebp], -1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x7c)
mem[addr] = value
mem[0x8059a21] = '\xc1'
mem[0x8059a22] = 'E'
mem[0x8059a23] = '\x00'
mem[0x8059a24] = '\xff'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x60)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x3c)
mem[addr] = value
cpu.EIP = 0x8059a21
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('>'))
condition = Operators.AND(condition, cpu.read_int(0x8059a21, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x8059a22, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x8059a23, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8059a24, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('0'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x1e'))
condition = Operators.AND(condition, cpu.EIP == 0x8059a25)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROL_12_symbolic(self):
''' Instruction ROL_12
Groups:
0x8059a15: rol dword ptr [ebp], 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0xc0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x78)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0xf8)
mem[addr] = value
mem[0x8059a15] = '\xc1'
mem[0x8059a16] = 'E'
mem[0x8059a17] = '\x00'
mem[0x8059a18] = '\x04'
cpu.EIP = 0x8059a15
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x0c'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x80'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x87'))
condition = Operators.AND(condition, cpu.read_int(0x8059a15, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x8059a16, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x8059a17, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8059a18, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.EIP == 0x8059a19)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROL_13_symbolic(self):
''' Instruction ROL_13
Groups:
0x80599e0: rol ecx, 1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x80599e0] = '\xd1'
mem[0x80599e1] = '\xc1'
cpu.EIP = 0x80599e0
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80599e0, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.read_int(0x80599e1, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x80599e2)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROL_14_symbolic(self):
''' Instruction ROL_14
Groups:
0x8059a03: rol byte ptr [ebp], 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x3)
mem[addr] = value
mem[0x8059a03] = '\xc0'
mem[0x8059a04] = 'E'
mem[0x8059a05] = '\x00'
mem[0x8059a06] = '\x04'
cpu.EIP = 0x8059a03
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('0'))
condition = Operators.AND(condition, cpu.read_int(0x8059a03, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0x8059a04, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x8059a05, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8059a06, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.EIP == 0x8059a07)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROL_15_symbolic(self):
''' Instruction ROL_15
Groups:
0x80599e5: rol word ptr [ebp], 1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x80599e5] = 'f'
mem[0x80599e6] = '\xd1'
mem[0x80599e7] = 'E'
mem[0x80599e8] = '\x00'
cpu.EIP = 0x80599e5
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x80599e5, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x80599e6, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.read_int(0x80599e7, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x80599e8, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x80599e9)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROL_16_symbolic(self):
''' Instruction ROL_16
Groups:
0x80599db: rol cl, 1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x80599db] = '\xd0'
mem[0x80599dc] = '\xc1'
cpu.EIP = 0x80599db
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80599db, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0x80599dc, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x80599dd)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROL_17_symbolic(self):
''' Instruction ROL_17
Groups:
0xf7e43479: rol ecx, 9
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e43000, 0x1000, 'rwx')
mem[0xf7e43479] = '\xc1'
mem[0xf7e4347a] = '\xc1'
mem[0xf7e4347b] = '\t'
cpu.EIP = 0xf7e43479
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x5ffb7eae)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e43479, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7e4347a, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7e4347b, 8)== ord('\t'))
condition = Operators.AND(condition, cpu.EIP == 0xf7e4347c)
condition = Operators.AND(condition, cpu.ECX == 0xf6fd5cbf)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROL_18_symbolic(self):
''' Instruction ROL_18
Groups:
0x8059a19: rol dword ptr [ebp], -1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0xf)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0xc)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x80)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x87)
mem[addr] = value
mem[0x8059a19] = '\xc1'
mem[0x8059a1a] = 'E'
mem[0x8059a1b] = '\x00'
mem[0x8059a1c] = '\xff'
cpu.EIP = 0x8059a19
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x07'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x06'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\xc3'))
condition = Operators.AND(condition, cpu.read_int(0x8059a19, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x8059a1a, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x8059a1b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8059a1c, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0x8059a1d)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROL_19_symbolic(self):
''' Instruction ROL_19
Groups:
0x80599f2: rol cl, 0xff
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x80599f2] = '\xc0'
mem[0x80599f3] = '\xc1'
mem[0x80599f4] = '\xff'
cpu.EIP = 0x80599f2
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80599f2, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0x80599f3, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x80599f4, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0x80599f5)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROL_2_symbolic(self):
''' Instruction ROL_2
Groups:
0x80599ef: rol cl, 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x80599f0] = '\xc1'
mem[0x80599f1] = '\x04'
mem[0x80599ef] = '\xc0'
cpu.EIP = 0x80599ef
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80599f0, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x80599f1, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.read_int(0x80599ef, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0x80599f2)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROL_20_symbolic(self):
''' Instruction ROL_20
Groups:
0x8059a1d: rol dword ptr [ebp], 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x8059a20] = '\x04'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x7)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0xc0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0xc3)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x6)
mem[addr] = value
mem[0x8059a1d] = '\xc1'
mem[0x8059a1e] = 'E'
mem[0x8059a1f] = '\x00'
cpu.EIP = 0x8059a1d
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8059a20, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('|'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('<'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('`'))
condition = Operators.AND(condition, cpu.read_int(0x8059a1d, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x8059a1e, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x8059a1f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8059a21)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROL_21_symbolic(self):
''' Instruction ROL_21
Groups:
0x80599e2: rol byte ptr [ebp], 1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x80599e2] = '\xd0'
mem[0x80599e3] = 'E'
mem[0x80599e4] = '\x00'
cpu.EIP = 0x80599e2
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x80599e2, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0x80599e3, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x80599e4, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x80599e5)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROL_3_symbolic(self):
''' Instruction ROL_3
Groups:
0x80599ec: rol dword ptr [ebp], 1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x3c)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0xfc)
mem[addr] = value
mem[0x80599ec] = '\xd1'
mem[0x80599ed] = 'E'
mem[0x80599ee] = '\x00'
cpu.EIP = 0x80599ec
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('x'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0x80599ec, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.read_int(0x80599ed, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x80599ee, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x80599ef)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROL_4_symbolic(self):
''' Instruction ROL_4
Groups:
0x8059a00: rol ecx, -1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x8059a00] = '\xc1'
mem[0x8059a01] = '\xc1'
mem[0x8059a02] = '\xff'
cpu.EIP = 0x8059a00
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8059a00, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x8059a01, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x8059a02, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0x8059a03)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROL_5_symbolic(self):
''' Instruction ROL_5
Groups:
0x80599f9: rol cx, -1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x80599f9] = 'f'
mem[0x80599fa] = '\xc1'
mem[0x80599fb] = '\xc1'
mem[0x80599fc] = '\xff'
cpu.EIP = 0x80599f9
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x0)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80599f9, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x80599fa, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x80599fb, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x80599fc, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0x80599fd)
condition = Operators.AND(condition, cpu.CX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROL_6_symbolic(self):
''' Instruction ROL_6
Groups:
0x80599fd: rol ecx, 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x80599fd] = '\xc1'
mem[0x80599fe] = '\xc1'
mem[0x80599ff] = '\x04'
cpu.EIP = 0x80599fd
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80599fd, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x80599fe, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x80599ff, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.EIP == 0x8059a00)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROL_7_symbolic(self):
''' Instruction ROL_7
Groups:
0x80599dd: rol cx, 1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x80599dd] = 'f'
mem[0x80599de] = '\xd1'
mem[0x80599df] = '\xc1'
cpu.EIP = 0x80599dd
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x0)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80599dd, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x80599de, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.read_int(0x80599df, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x80599e0)
condition = Operators.AND(condition, cpu.CX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROL_8_symbolic(self):
''' Instruction ROL_8
Groups:
0x8059a0b: rol word ptr [ebp], 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x18)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8059a0b] = 'f'
mem[0x8059a0c] = '\xc1'
mem[0x8059a0d] = 'E'
mem[0x8059a0e] = '\x00'
mem[0x8059a0f] = '\x04'
cpu.EIP = 0x8059a0b
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x80'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0x8059a0b, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8059a0c, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x8059a0d, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x8059a0e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8059a0f, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.EIP == 0x8059a10)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROL_9_symbolic(self):
''' Instruction ROL_9
Groups:
0xf7e484bc: rol edx, 9
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e48000, 0x1000, 'rwx')
mem[0xf7e484bc] = '\xc1'
mem[0xf7e484bd] = '\xc2'
mem[0xf7e484be] = '\t'
cpu.EIP = 0xf7e484bc
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x5fe7257c)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e484bc, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7e484bd, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.read_int(0xf7e484be, 8)== ord('\t'))
condition = Operators.AND(condition, cpu.EIP == 0xf7e484bf)
condition = Operators.AND(condition, cpu.EDX == 0xce4af8bf)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROR_1_symbolic(self):
''' Instruction ROR_1
Groups:
0x805b9c6: ror byte ptr [ebp], 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x805b9c8] = '\x00'
mem[0x805b9c9] = '\x04'
mem[0x805b9c6] = '\xc0'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0xf)
mem[addr] = value
mem[0x805b9c7] = 'M'
cpu.EIP = 0x805b9c6
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805b9c8, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805b9c9, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\xf0'))
condition = Operators.AND(condition, cpu.read_int(0x805b9c6, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0x805b9c7, 8)== ord('M'))
condition = Operators.AND(condition, cpu.EIP == 0x805b9ca)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROR_10_symbolic(self):
''' Instruction ROR_10
Groups:
0x805b9a3: ror ecx, 1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x805b9a3] = '\xd1'
mem[0x805b9a4] = '\xc9'
cpu.EIP = 0x805b9a3
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x78036403)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805b9a3, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.read_int(0x805b9a4, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.EIP == 0x805b9a5)
condition = Operators.AND(condition, cpu.ECX == 0xbc01b201)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROR_11_symbolic(self):
''' Instruction ROR_11
Groups:
0x805b9d8: ror dword ptr [ebp], 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x1c)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x20)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x80)
mem[addr] = value
mem[0x805b9d8] = '\xc1'
mem[0x805b9d9] = 'M'
mem[0x805b9da] = '\x00'
mem[0x805b9db] = '\x04'
cpu.EIP = 0x805b9d8
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\xc8'))
condition = Operators.AND(condition, cpu.read_int(0x805b9d8, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x805b9d9, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x805b9da, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805b9db, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.EIP == 0x805b9dc)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROR_12_symbolic(self):
''' Instruction ROR_12
Groups:
0x805b9a8: ror word ptr [ebp], 1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x7c)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x805b9a8] = 'f'
mem[0x805b9a9] = '\xd1'
mem[0x805b9aa] = 'M'
mem[0x805b9ab] = '\x00'
cpu.EIP = 0x805b9a8
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('>'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805b9a8, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x805b9a9, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.read_int(0x805b9aa, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x805b9ab, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x805b9ac)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROR_13_symbolic(self):
''' Instruction ROR_13
Groups:
0x805b9ac: ror dword ptr [ebp], 1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x3e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x805b9ac] = '\xd1'
mem[0x805b9ad] = 'M'
mem[0x805b9ae] = '\x00'
cpu.EIP = 0x805b9ac
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x1f'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805b9ac, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.read_int(0x805b9ad, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x805b9ae, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x805b9af)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROR_14_symbolic(self):
''' Instruction ROR_14
Groups:
0x805b9e4: ror dword ptr [ebp], -1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x40)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x39)
mem[addr] = value
mem[0x805b9e4] = '\xc1'
mem[0x805b9e5] = 'M'
mem[0x805b9e6] = '\x00'
mem[0x805b9e7] = '\xff'
cpu.EIP = 0x805b9e4
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x80'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('r'))
condition = Operators.AND(condition, cpu.read_int(0x805b9e4, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x805b9e5, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x805b9e6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805b9e7, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0x805b9e8)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROR_15_symbolic(self):
''' Instruction ROR_15
Groups:
0x805b9af: ror dword ptr [ebp], 1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x1f)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x805b9af] = '\xd1'
mem[0x805b9b0] = 'M'
mem[0x805b9b1] = '\x00'
cpu.EIP = 0x805b9af
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x80'))
condition = Operators.AND(condition, cpu.read_int(0x805b9af, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.read_int(0x805b9b0, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x805b9b1, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x805b9b2)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROR_16_symbolic(self):
''' Instruction ROR_16
Groups:
0x805b9ca: ror byte ptr [ebp], 0xff
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0xf0)
mem[addr] = value
mem[0x805b9ca] = '\xc0'
mem[0x805b9cb] = 'M'
mem[0x805b9cc] = '\x00'
mem[0x805b9cd] = '\xff'
cpu.EIP = 0x805b9ca
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0x805b9ca, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0x805b9cb, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x805b9cc, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805b9cd, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0x805b9ce)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROR_17_symbolic(self):
''' Instruction ROR_17
Groups:
0x805b9dc: ror dword ptr [ebp], -1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x2)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0xc8)
mem[addr] = value
mem[0x805b9dc] = '\xc1'
mem[0x805b9dd] = 'M'
mem[0x805b9de] = '\x00'
mem[0x805b9df] = '\xff'
cpu.EIP = 0x805b9dc
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x90'))
condition = Operators.AND(condition, cpu.read_int(0x805b9dc, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x805b9dd, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x805b9de, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805b9df, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0x805b9e0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROR_18_symbolic(self):
''' Instruction ROR_18
Groups:
0x805b9bc: ror cx, -1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x805b9bc] = 'f'
mem[0x805b9bd] = '\xc1'
mem[0x805b9be] = '\xc9'
mem[0x805b9bf] = '\xff'
cpu.EIP = 0x805b9bc
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0xb22)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805b9bc, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x805b9bd, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x805b9be, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0x805b9bf, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0x805b9c0)
condition = Operators.AND(condition, cpu.CX == 0x1644)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROR_19_symbolic(self):
''' Instruction ROR_19
Groups:
0x805b9d3: ror word ptr [ebp], -1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0xe)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x10)
mem[addr] = value
mem[0x805b9d3] = 'f'
mem[0x805b9d4] = '\xc1'
mem[0x805b9d5] = 'M'
mem[0x805b9d6] = '\x00'
mem[0x805b9d7] = '\xff'
cpu.EIP = 0x805b9d3
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x1c'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord(' '))
condition = Operators.AND(condition, cpu.read_int(0x805b9d3, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x805b9d4, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x805b9d5, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x805b9d6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805b9d7, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0x805b9d8)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROR_2_symbolic(self):
''' Instruction ROR_2
Groups:
0x805b9ce: ror word ptr [ebp], 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0xe1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x805b9ce] = 'f'
mem[0x805b9cf] = '\xc1'
mem[0x805b9d0] = 'M'
mem[0x805b9d1] = '\x00'
mem[0x805b9d2] = '\x04'
cpu.EIP = 0x805b9ce
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x0e'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x10'))
condition = Operators.AND(condition, cpu.read_int(0x805b9ce, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x805b9cf, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x805b9d0, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x805b9d1, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805b9d2, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.EIP == 0x805b9d3)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROR_20_symbolic(self):
''' Instruction ROR_20
Groups:
0x805b9b2: ror cl, 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x805b9b2] = '\xc0'
mem[0x805b9b3] = '\xc9'
mem[0x805b9b4] = '\x04'
cpu.EIP = 0x805b9b2
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == True)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x1)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805b9b2, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0x805b9b3, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0x805b9b4, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.EIP == 0x805b9b5)
condition = Operators.AND(condition, cpu.CL == 0x10)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROR_21_symbolic(self):
''' Instruction ROR_21
Groups:
0x805b9a5: ror byte ptr [ebp], 1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0xf8)
mem[addr] = value
mem[0x805b9a5] = '\xd0'
mem[0x805b9a6] = 'M'
mem[0x805b9a7] = '\x00'
cpu.EIP = 0x805b9a5
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('|'))
condition = Operators.AND(condition, cpu.read_int(0x805b9a5, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0x805b9a6, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x805b9a7, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x805b9a8)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROR_3_symbolic(self):
''' Instruction ROR_3
Groups:
0x805b9c0: ror ecx, 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x805b9c0] = '\xc1'
mem[0x805b9c1] = '\xc9'
mem[0x805b9c2] = '\x04'
cpu.EIP = 0x805b9c0
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xbc011644)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805b9c0, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x805b9c1, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0x805b9c2, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.EIP == 0x805b9c3)
condition = Operators.AND(condition, cpu.ECX == 0x4bc01164)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROR_4_symbolic(self):
''' Instruction ROR_4
Groups:
0x805b9b5: ror cl, 0xff
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x805b9b5] = '\xc0'
mem[0x805b9b6] = '\xc9'
mem[0x805b9b7] = '\xff'
cpu.EIP = 0x805b9b5
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == True)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x10)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805b9b5, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0x805b9b6, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0x805b9b7, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0x805b9b8)
condition = Operators.AND(condition, cpu.CL == 0x20)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROR_5_symbolic(self):
''' Instruction ROR_5
Groups:
0x805b9b8: ror cx, 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x805b9b8] = 'f'
mem[0x805b9b9] = '\xc1'
mem[0x805b9ba] = '\xc9'
mem[0x805b9bb] = '\x04'
cpu.EIP = 0x805b9b8
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0xb220)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805b9b8, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x805b9b9, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x805b9ba, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0x805b9bb, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.EIP == 0x805b9bc)
condition = Operators.AND(condition, cpu.CX == 0xb22)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROR_6_symbolic(self):
''' Instruction ROR_6
Groups:
0x805b9c3: ror ecx, -1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x805b9c3] = '\xc1'
mem[0x805b9c4] = '\xc9'
mem[0x805b9c5] = '\xff'
cpu.EIP = 0x805b9c3
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x4bc01164)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805b9c3, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x805b9c4, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0x805b9c5, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0x805b9c6)
condition = Operators.AND(condition, cpu.ECX == 0x978022c8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROR_7_symbolic(self):
''' Instruction ROR_7
Groups:
0x805b9e0: ror dword ptr [ebp], 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x805b9e0] = '\xc1'
mem[0x805b9e1] = 'M'
mem[0x805b9e2] = '\x00'
mem[0x805b9e3] = '\x04'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x3)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x4)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x90)
mem[addr] = value
cpu.EIP = 0x805b9e0
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805b9e0, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x805b9e1, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x805b9e2, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805b9e3, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('@'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('9'))
condition = Operators.AND(condition, cpu.EIP == 0x805b9e4)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROR_8_symbolic(self):
''' Instruction ROR_8
Groups:
0x805b99e: ror cl, 1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x805b99e] = '\xd0'
mem[0x805b99f] = '\xc9'
cpu.EIP = 0x805b99e
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0xc)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805b99e, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0x805b99f, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.EIP == 0x805b9a0)
condition = Operators.AND(condition, cpu.CL == 0x6)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_ROR_9_symbolic(self):
''' Instruction ROR_9
Groups:
0x805b9a0: ror cx, 1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x805b9a0] = 'f'
mem[0x805b9a1] = '\xd1'
mem[0x805b9a2] = '\xc9'
cpu.EIP = 0x805b9a0
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0xc806)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805b9a0, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x805b9a1, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.read_int(0x805b9a2, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.EIP == 0x805b9a3)
condition = Operators.AND(condition, cpu.CX == 0x6403)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAHF_1_symbolic(self):
''' Instruction SAHF_1
Groups:
0x807b5a9: sahf
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b5a9] = '\x9e'
cpu.EIP = 0x807b5a9
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.AH = cs.new_bitvec(8)
cs.add(cpu.AH == 0xd7)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b5a9, 8)== ord('\x9e'))
condition = Operators.AND(condition, cpu.EIP == 0x807b5aa)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.AH == 0xd7)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAHF_10_symbolic(self):
''' Instruction SAHF_10
Groups:
0x807ab2f: sahf
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807ab2f] = '\x9e'
cpu.EIP = 0x807ab2f
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.AH = cs.new_bitvec(8)
cs.add(cpu.AH == 0xd7)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807ab2f, 8)== ord('\x9e'))
condition = Operators.AND(condition, cpu.EIP == 0x807ab30)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.AH == 0xd7)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAHF_11_symbolic(self):
''' Instruction SAHF_11
Groups:
0x807b032: sahf
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b032] = '\x9e'
cpu.EIP = 0x807b032
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.AH = cs.new_bitvec(8)
cs.add(cpu.AH == 0x42)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b032, 8)== ord('\x9e'))
condition = Operators.AND(condition, cpu.EIP == 0x807b033)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.AH == 0x42)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAHF_12_symbolic(self):
''' Instruction SAHF_12
Groups:
0x807b180: sahf
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b180] = '\x9e'
cpu.EIP = 0x807b180
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.AH = cs.new_bitvec(8)
cs.add(cpu.AH == 0x52)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b180, 8)== ord('\x9e'))
condition = Operators.AND(condition, cpu.EIP == 0x807b181)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.AH == 0x52)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAHF_13_symbolic(self):
''' Instruction SAHF_13
Groups:
0x807a29d: sahf
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a29d] = '\x9e'
cpu.EIP = 0x807a29d
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.AH = cs.new_bitvec(8)
cs.add(cpu.AH == 0x87)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a29d, 8)== ord('\x9e'))
condition = Operators.AND(condition, cpu.EIP == 0x807a29e)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.AH == 0x87)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAHF_14_symbolic(self):
''' Instruction SAHF_14
Groups:
0x807aec9: sahf
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807aec9] = '\x9e'
cpu.EIP = 0x807aec9
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.AH = cs.new_bitvec(8)
cs.add(cpu.AH == 0x3)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807aec9, 8)== ord('\x9e'))
condition = Operators.AND(condition, cpu.EIP == 0x807aeca)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.AH == 0x3)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAHF_15_symbolic(self):
''' Instruction SAHF_15
Groups:
0x807b328: sahf
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b328] = '\x9e'
cpu.EIP = 0x807b328
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.AH = cs.new_bitvec(8)
cs.add(cpu.AH == 0xc6)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b328, 8)== ord('\x9e'))
condition = Operators.AND(condition, cpu.EIP == 0x807b329)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.AH == 0xc6)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAHF_16_symbolic(self):
''' Instruction SAHF_16
Groups:
0x807a58b: sahf
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a58b] = '\x9e'
cpu.EIP = 0x807a58b
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.AH = cs.new_bitvec(8)
cs.add(cpu.AH == 0x7)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a58b, 8)== ord('\x9e'))
condition = Operators.AND(condition, cpu.EIP == 0x807a58c)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.AH == 0x7)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAHF_17_symbolic(self):
''' Instruction SAHF_17
Groups:
0x807ac87: sahf
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807ac87] = '\x9e'
cpu.EIP = 0x807ac87
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.AH = cs.new_bitvec(8)
cs.add(cpu.AH == 0x7)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807ac87, 8)== ord('\x9e'))
condition = Operators.AND(condition, cpu.EIP == 0x807ac88)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.AH == 0x7)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAHF_18_symbolic(self):
''' Instruction SAHF_18
Groups:
0x807b425: sahf
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b425] = '\x9e'
cpu.EIP = 0x807b425
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.AH = cs.new_bitvec(8)
cs.add(cpu.AH == 0x93)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b425, 8)== ord('\x9e'))
condition = Operators.AND(condition, cpu.EIP == 0x807b426)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.AH == 0x93)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAHF_19_symbolic(self):
''' Instruction SAHF_19
Groups:
0x807baf9: sahf
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807baf9] = '\x9e'
cpu.EIP = 0x807baf9
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.AH = cs.new_bitvec(8)
cs.add(cpu.AH == 0x53)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807baf9, 8)== ord('\x9e'))
condition = Operators.AND(condition, cpu.EIP == 0x807bafa)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.AH == 0x53)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAHF_2_symbolic(self):
''' Instruction SAHF_2
Groups:
0x807b558: sahf
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807b558] = '\x9e'
cpu.EIP = 0x807b558
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.AH = cs.new_bitvec(8)
cs.add(cpu.AH == 0x96)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807b558, 8)== ord('\x9e'))
condition = Operators.AND(condition, cpu.EIP == 0x807b559)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.AH == 0x96)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAHF_20_symbolic(self):
''' Instruction SAHF_20
Groups:
0x8079d2e: sahf
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079d2e] = '\x9e'
cpu.EIP = 0x8079d2e
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.AH = cs.new_bitvec(8)
cs.add(cpu.AH == 0xd6)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079d2e, 8)== ord('\x9e'))
condition = Operators.AND(condition, cpu.EIP == 0x8079d2f)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.AH == 0xd6)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAHF_21_symbolic(self):
''' Instruction SAHF_21
Groups:
0x807a5c1: sahf
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a5c1] = '\x9e'
cpu.EIP = 0x807a5c1
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.AH = cs.new_bitvec(8)
cs.add(cpu.AH == 0x43)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a5c1, 8)== ord('\x9e'))
condition = Operators.AND(condition, cpu.EIP == 0x807a5c2)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.AH == 0x43)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAHF_3_symbolic(self):
''' Instruction SAHF_3
Groups:
0x80798a2: sahf
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x80798a2] = '\x9e'
cpu.EIP = 0x80798a2
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.AH = cs.new_bitvec(8)
cs.add(cpu.AH == 0x2)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80798a2, 8)== ord('\x9e'))
condition = Operators.AND(condition, cpu.EIP == 0x80798a3)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.AH == 0x2)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAHF_4_symbolic(self):
''' Instruction SAHF_4
Groups:
0x807aa96: sahf
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807aa96] = '\x9e'
cpu.EIP = 0x807aa96
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.AH = cs.new_bitvec(8)
cs.add(cpu.AH == 0x56)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807aa96, 8)== ord('\x9e'))
condition = Operators.AND(condition, cpu.EIP == 0x807aa97)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.AH == 0x56)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAHF_5_symbolic(self):
''' Instruction SAHF_5
Groups:
0x8079b23: sahf
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079b23] = '\x9e'
cpu.EIP = 0x8079b23
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.AH = cs.new_bitvec(8)
cs.add(cpu.AH == 0x13)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079b23, 8)== ord('\x9e'))
condition = Operators.AND(condition, cpu.EIP == 0x8079b24)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.AH == 0x13)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAHF_6_symbolic(self):
''' Instruction SAHF_6
Groups:
0x807bb41: sahf
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807b000, 0x1000, 'rwx')
mem[0x807bb41] = '\x9e'
cpu.EIP = 0x807bb41
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.AH = cs.new_bitvec(8)
cs.add(cpu.AH == 0x93)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807bb41, 8)== ord('\x9e'))
condition = Operators.AND(condition, cpu.EIP == 0x807bb42)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.AH == 0x93)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAHF_7_symbolic(self):
''' Instruction SAHF_7
Groups:
0x807ab81: sahf
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807ab81] = '\x9e'
cpu.EIP = 0x807ab81
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.AH = cs.new_bitvec(8)
cs.add(cpu.AH == 0x17)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807ab81, 8)== ord('\x9e'))
condition = Operators.AND(condition, cpu.EIP == 0x807ab82)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.AH == 0x17)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAHF_8_symbolic(self):
''' Instruction SAHF_8
Groups:
0x807a772: sahf
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a772] = '\x9e'
cpu.EIP = 0x807a772
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.AH = cs.new_bitvec(8)
cs.add(cpu.AH == 0xc2)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a772, 8)== ord('\x9e'))
condition = Operators.AND(condition, cpu.EIP == 0x807a773)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.AH == 0xc2)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAHF_9_symbolic(self):
''' Instruction SAHF_9
Groups:
0x807a796: sahf
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0807a000, 0x1000, 'rwx')
mem[0x807a796] = '\x9e'
cpu.EIP = 0x807a796
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.AH = cs.new_bitvec(8)
cs.add(cpu.AH == 0xd2)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807a796, 8)== ord('\x9e'))
condition = Operators.AND(condition, cpu.EIP == 0x807a797)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.AH == 0xd2)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAR_1_symbolic(self):
''' Instruction SAR_1
Groups:
0xf7fe54e1: sar eax, 2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e1] = '\xc1'
mem[0xf7fe54e2] = '\xf8'
mem[0xf7fe54e3] = '\x02'
cpu.EIP = 0xf7fe54e1
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x1a48)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e1, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e2, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e3, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe54e4)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x692)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAR_10_symbolic(self):
''' Instruction SAR_10
Groups:
0xf7fe54e1: sar eax, 2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e1] = '\xc1'
mem[0xf7fe54e2] = '\xf8'
mem[0xf7fe54e3] = '\x02'
cpu.EIP = 0xf7fe54e1
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x172c)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e1, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e2, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e3, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe54e4)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x5cb)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAR_11_symbolic(self):
''' Instruction SAR_11
Groups:
0x804d5ec: sar byte ptr [ebp], 0xff
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x804d5ec] = '\xc0'
mem[0x804d5ed] = '}'
mem[0x804d5ee] = '\x00'
mem[0x804d5ef] = '\xff'
cpu.EIP = 0x804d5ec
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804d5ec, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0x804d5ed, 8)== ord('}'))
condition = Operators.AND(condition, cpu.read_int(0x804d5ee, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804d5ef, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0x804d5f0)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAR_12_symbolic(self):
''' Instruction SAR_12
Groups:
0xf7fe54e1: sar eax, 2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e1] = '\xc1'
mem[0xf7fe54e2] = '\xf8'
mem[0xf7fe54e3] = '\x02'
cpu.EIP = 0xf7fe54e1
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x1e6c)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e1, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e2, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e3, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe54e4)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x79b)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAR_13_symbolic(self):
''' Instruction SAR_13
Groups:
0xf7fe54e1: sar eax, 2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e1] = '\xc1'
mem[0xf7fe54e2] = '\xf8'
mem[0xf7fe54e3] = '\x02'
cpu.EIP = 0xf7fe54e1
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x2184)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e1, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e2, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e3, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe54e4)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x861)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAR_14_symbolic(self):
''' Instruction SAR_14
Groups:
0xf7fe54e1: sar eax, 2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e1] = '\xc1'
mem[0xf7fe54e2] = '\xf8'
mem[0xf7fe54e3] = '\x02'
cpu.EIP = 0xf7fe54e1
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x484)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e1, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e2, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e3, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe54e4)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x121)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAR_15_symbolic(self):
''' Instruction SAR_15
Groups:
0x804d5c7: sar byte ptr [ebp], 1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x804d5c8] = '}'
mem[0x804d5c9] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x804d5c7] = '\xd0'
cpu.EIP = 0x804d5c7
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804d5c8, 8)== ord('}'))
condition = Operators.AND(condition, cpu.read_int(0x804d5c9, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804d5c7, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0x804d5ca)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAR_16_symbolic(self):
''' Instruction SAR_16
Groups:
0xf7fe2131: sar edx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe2000, 0x1000, 'rwx')
mem[0xf7fe2131] = '\xd3'
mem[0xf7fe2132] = '\xfa'
cpu.EIP = 0xf7fe2131
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x73516240)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x18)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe2131, 8)== ord('\xd3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe2132, 8)== ord('\xfa'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe2133)
condition = Operators.AND(condition, cpu.EDX == 0x73)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.CL == 0x18)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAR_17_symbolic(self):
''' Instruction SAR_17
Groups:
0xf7fe54e1: sar eax, 2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e1] = '\xc1'
mem[0xf7fe54e2] = '\xf8'
mem[0xf7fe54e3] = '\x02'
cpu.EIP = 0xf7fe54e1
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x1944)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e1, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e2, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e3, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe54e4)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x651)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAR_18_symbolic(self):
''' Instruction SAR_18
Groups:
0xf7fe54e1: sar eax, 2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e1] = '\xc1'
mem[0xf7fe54e2] = '\xf8'
mem[0xf7fe54e3] = '\x02'
cpu.EIP = 0xf7fe54e1
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x13b4)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e1, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e2, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e3, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe54e4)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x4ed)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAR_19_symbolic(self):
''' Instruction SAR_19
Groups:
0xf7fe54e1: sar eax, 2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e1] = '\xc1'
mem[0xf7fe54e2] = '\xf8'
mem[0xf7fe54e3] = '\x02'
cpu.EIP = 0xf7fe54e1
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xba4)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e1, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e2, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e3, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe54e4)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x2e9)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAR_2_symbolic(self):
''' Instruction SAR_2
Groups:
0xf7ff0800: sar esi, 1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff0800] = '\xd1'
mem[0xf7ff0801] = '\xfe'
cpu.EIP = 0xf7ff0800
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0x60b)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff0800, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0801, 8)== ord('\xfe'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff0802)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ESI == 0x305)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAR_20_symbolic(self):
''' Instruction SAR_20
Groups:
0xf7fe54e1: sar eax, 2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e1] = '\xc1'
mem[0xf7fe54e2] = '\xf8'
mem[0xf7fe54e3] = '\x02'
cpu.EIP = 0xf7fe54e1
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x370)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e1, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e2, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e3, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe54e4)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0xdc)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAR_21_symbolic(self):
''' Instruction SAR_21
Groups:
0xf7fe54e1: sar eax, 2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e1] = '\xc1'
mem[0xf7fe54e2] = '\xf8'
mem[0xf7fe54e3] = '\x02'
cpu.EIP = 0xf7fe54e1
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x1584)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e1, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e2, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e3, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe54e4)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x561)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAR_3_symbolic(self):
''' Instruction SAR_3
Groups:
0xf7fe54e1: sar eax, 2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e1] = '\xc1'
mem[0xf7fe54e2] = '\xf8'
mem[0xf7fe54e3] = '\x02'
cpu.EIP = 0xf7fe54e1
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x225c)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e1, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e2, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e3, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe54e4)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x897)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAR_4_symbolic(self):
''' Instruction SAR_4
Groups:
0xf7fe54e1: sar eax, 2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e1] = '\xc1'
mem[0xf7fe54e2] = '\xf8'
mem[0xf7fe54e3] = '\x02'
cpu.EIP = 0xf7fe54e1
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x122c)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e1, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e2, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e3, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe54e4)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x48b)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAR_5_symbolic(self):
''' Instruction SAR_5
Groups:
0xf7fe54e1: sar eax, 2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e1] = '\xc1'
mem[0xf7fe54e2] = '\xf8'
mem[0xf7fe54e3] = '\x02'
cpu.EIP = 0xf7fe54e1
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x68)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e1, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e2, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e3, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe54e4)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x1a)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAR_6_symbolic(self):
''' Instruction SAR_6
Groups:
0x804d5fe: sar dword ptr [ebp], -1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x804d600] = '\x00'
mem[0x804d601] = '\xff'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x804d5fe] = '\xc1'
mem[0x804d5ff] = '}'
cpu.EIP = 0x804d5fe
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804d600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804d601, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804d5fe, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x804d5ff, 8)== ord('}'))
condition = Operators.AND(condition, cpu.EIP == 0x804d602)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAR_7_symbolic(self):
''' Instruction SAR_7
Groups:
0xf7fe54e1: sar eax, 2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e1] = '\xc1'
mem[0xf7fe54e2] = '\xf8'
mem[0xf7fe54e3] = '\x02'
cpu.EIP = 0xf7fe54e1
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x3c)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e1, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e2, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e3, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe54e4)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0xf)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAR_8_symbolic(self):
''' Instruction SAR_8
Groups:
0x804d5d4: sar cl, 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x804d5d4] = '\xc0'
mem[0x804d5d5] = '\xf9'
mem[0x804d5d6] = '\x04'
cpu.EIP = 0x804d5d4
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x0)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804d5d4, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0x804d5d5, 8)== ord('\xf9'))
condition = Operators.AND(condition, cpu.read_int(0x804d5d6, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.EIP == 0x804d5d7)
condition = Operators.AND(condition, cpu.CL == 0x0)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SAR_9_symbolic(self):
''' Instruction SAR_9
Groups:
0xf7fe54e1: sar eax, 2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e1] = '\xc1'
mem[0xf7fe54e2] = '\xf8'
mem[0xf7fe54e3] = '\x02'
cpu.EIP = 0xf7fe54e1
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x13d8)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e1, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e2, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e3, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe54e4)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x4f6)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SCASB_1_symbolic(self):
''' Instruction SCASB_1
Groups:
0x8079346: scasb al, byte ptr es:[edi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0x0807f000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0x807f049)
value = cs.new_bitvec(8)
cs.add(value == 0xd1)
mem[addr] = value
mem[0x8079346] = '\xae'
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.EIP = 0x8079346
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x807f049)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x37)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807f049, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.read_int(0x8079346, 8)== ord('\xae'))
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.EIP == 0x8079347)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.EDI == 0x807f04a)
condition = Operators.AND(condition, cpu.AL == 0x37)
condition = Operators.AND(condition, cpu.CF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SCASD_1_symbolic(self):
''' Instruction SCASD_1
Groups:
0x8079349: scasd eax, dword ptr es:[edi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0x0807f000, 0x1000, 'rwx')
mem[0x8079349] = '\xaf'
addr = cs.new_bitvec(32)
cs.add(addr == 0x807f04c)
value = cs.new_bitvec(8)
cs.add(value == 0xed)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x807f04d)
value = cs.new_bitvec(8)
cs.add(value == 0xd1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x807f04e)
value = cs.new_bitvec(8)
cs.add(value == 0x1e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x807f04f)
value = cs.new_bitvec(8)
cs.add(value == 0xed)
mem[addr] = value
cpu.EIP = 0x8079349
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x137)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x807f04c)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079349, 8)== ord('\xaf'))
condition = Operators.AND(condition, cpu.read_int(0x807f04c, 8)== ord('\xed'))
condition = Operators.AND(condition, cpu.read_int(0x807f04d, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.read_int(0x807f04e, 8)== ord('\x1e'))
condition = Operators.AND(condition, cpu.read_int(0x807f04f, 8)== ord('\xed'))
condition = Operators.AND(condition, cpu.EIP == 0x807934a)
condition = Operators.AND(condition, cpu.EAX == 0x137)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.EDI == 0x807f050)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SCASW_1_symbolic(self):
''' Instruction SCASW_1
Groups:
0x8079347: scasw ax, word ptr es:[edi]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0x0807f000, 0x1000, 'rwx')
mem[0x8079348] = '\xaf'
addr = cs.new_bitvec(32)
cs.add(addr == 0x807f04a)
value = cs.new_bitvec(8)
cs.add(value == 0x1e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x807f04b)
value = cs.new_bitvec(8)
cs.add(value == 0xed)
mem[addr] = value
mem[0x8079347] = 'f'
cpu.EIP = 0x8079347
cpu.AX = cs.new_bitvec(16)
cs.add(cpu.AX == 0x137)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x807f04a)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079348, 8)== ord('\xaf'))
condition = Operators.AND(condition, cpu.read_int(0x807f04a, 8)== ord('\x1e'))
condition = Operators.AND(condition, cpu.read_int(0x807f04b, 8)== ord('\xed'))
condition = Operators.AND(condition, cpu.read_int(0x8079347, 8)== ord('f'))
condition = Operators.AND(condition, cpu.EIP == 0x8079349)
condition = Operators.AND(condition, cpu.AX == 0x137)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.EDI == 0x807f04c)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETAE_1_symbolic(self):
''' Instruction SETAE_1
Groups:
0x8079477: setae cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079478] = '\x93'
mem[0x8079479] = '\xc1'
mem[0x8079477] = '\x0f'
cpu.EIP = 0x8079477
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x85)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079478, 8)== ord('\x93'))
condition = Operators.AND(condition, cpu.read_int(0x8079479, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x8079477, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0x807947a)
condition = Operators.AND(condition, cpu.CL == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETAE_2_symbolic(self):
''' Instruction SETAE_2
Groups:
0x80701a7: setae cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x80701a8] = '\x93'
mem[0x80701a9] = '\xc1'
mem[0x80701a7] = '\x0f'
cpu.EIP = 0x80701a7
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80701a8, 8)== ord('\x93'))
condition = Operators.AND(condition, cpu.read_int(0x80701a9, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x80701a7, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0x80701aa)
condition = Operators.AND(condition, cpu.CL == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETAE_3_symbolic(self):
''' Instruction SETAE_3
Groups:
0x807947a: setae byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x807947a] = '\x0f'
mem[0x807947b] = '\x93'
mem[0x807947c] = 'E'
mem[0x807947d] = '\x00'
cpu.EIP = 0x807947a
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0x807947a, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x807947b, 8)== ord('\x93'))
condition = Operators.AND(condition, cpu.read_int(0x807947c, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x807947d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x807947e)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETAE_4_symbolic(self):
''' Instruction SETAE_4
Groups:
0x80794a6: setae cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x80794a8] = '\xc1'
mem[0x80794a6] = '\x0f'
mem[0x80794a7] = '\x93'
cpu.EIP = 0x80794a6
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80794a8, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x80794a6, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80794a7, 8)== ord('\x93'))
condition = Operators.AND(condition, cpu.EIP == 0x80794a9)
condition = Operators.AND(condition, cpu.CL == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETAE_5_symbolic(self):
''' Instruction SETAE_5
Groups:
0x80701aa: setae byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x80701aa] = '\x0f'
mem[0x80701ab] = '\x93'
mem[0x80701ac] = 'E'
mem[0x80701ad] = '\x00'
cpu.EIP = 0x80701aa
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0x80701aa, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80701ab, 8)== ord('\x93'))
condition = Operators.AND(condition, cpu.read_int(0x80701ac, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x80701ad, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x80701ae)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETAE_6_symbolic(self):
''' Instruction SETAE_6
Groups:
0x80794a9: setae byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x80794a9] = '\x0f'
mem[0x80794aa] = '\x93'
mem[0x80794ab] = 'E'
mem[0x80794ac] = '\x00'
cpu.EIP = 0x80794a9
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0x80794a9, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80794aa, 8)== ord('\x93'))
condition = Operators.AND(condition, cpu.read_int(0x80794ab, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x80794ac, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x80794ad)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETA_1_symbolic(self):
''' Instruction SETA_1
Groups:
0x8079342: seta byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x37)
mem[addr] = value
mem[0x8079342] = '\x0f'
mem[0x8079343] = '\x97'
mem[0x8079344] = 'E'
mem[0x8079345] = '\x00'
cpu.EIP = 0x8079342
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0x8079342, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8079343, 8)== ord('\x97'))
condition = Operators.AND(condition, cpu.read_int(0x8079344, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x8079345, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8079346)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETA_2_symbolic(self):
''' Instruction SETA_2
Groups:
0x8065f9b: seta cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem[0x8065f9b] = '\x0f'
mem[0x8065f9c] = '\x97'
mem[0x8065f9d] = '\xc1'
cpu.EIP = 0x8065f9b
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x1)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8065f9b, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8065f9c, 8)== ord('\x97'))
condition = Operators.AND(condition, cpu.read_int(0x8065f9d, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x8065f9e)
condition = Operators.AND(condition, cpu.CL == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETA_3_symbolic(self):
''' Instruction SETA_3
Groups:
0x8065f9e: seta byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x8065fa0] = 'E'
mem[0x8065fa1] = '\x00'
mem[0x8065f9e] = '\x0f'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
mem[0x8065f9f] = '\x97'
cpu.EIP = 0x8065f9e
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8065fa0, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x8065fa1, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0x8065f9e, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8065f9f, 8)== ord('\x97'))
condition = Operators.AND(condition, cpu.EIP == 0x8065fa2)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETA_4_symbolic(self):
''' Instruction SETA_4
Groups:
0x807933f: seta cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079340] = '\x97'
mem[0x8079341] = '\xc1'
mem[0x807933f] = '\x0f'
cpu.EIP = 0x807933f
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x1f)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079340, 8)== ord('\x97'))
condition = Operators.AND(condition, cpu.read_int(0x8079341, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x807933f, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0x8079342)
condition = Operators.AND(condition, cpu.CL == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETBE_1_symbolic(self):
''' Instruction SETBE_1
Groups:
0xf7fe7263: setbe cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x14)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7263, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7264, 8)== ord('\x96'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7265, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7266)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETBE_10_symbolic(self):
''' Instruction SETBE_10
Groups:
0xf7fe7263: setbe cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0xf4)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7263, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7264, 8)== ord('\x96'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7265, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7266)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETBE_11_symbolic(self):
''' Instruction SETBE_11
Groups:
0xf7fe7263: setbe cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0xa4)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7263, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7264, 8)== ord('\x96'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7265, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7266)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETBE_12_symbolic(self):
''' Instruction SETBE_12
Groups:
0xf7fe7263: setbe cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x74)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7263, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7264, 8)== ord('\x96'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7265, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7266)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETBE_13_symbolic(self):
''' Instruction SETBE_13
Groups:
0xf7fe7263: setbe cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0xa4)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7263, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7264, 8)== ord('\x96'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7265, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7266)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETBE_14_symbolic(self):
''' Instruction SETBE_14
Groups:
0x80701b8: setbe byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x80701b8] = '\x0f'
mem[0x80701b9] = '\x96'
mem[0x80701ba] = 'E'
mem[0x80701bb] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0x80701b8
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80701b8, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80701b9, 8)== ord('\x96'))
condition = Operators.AND(condition, cpu.read_int(0x80701ba, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x80701bb, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.EIP == 0x80701bc)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETBE_15_symbolic(self):
''' Instruction SETBE_15
Groups:
0xf7fe7263: setbe cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x94)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7263, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7264, 8)== ord('\x96'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7265, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7266)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETBE_16_symbolic(self):
''' Instruction SETBE_16
Groups:
0xf7fe7263: setbe cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x44)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7263, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7264, 8)== ord('\x96'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7265, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7266)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETBE_17_symbolic(self):
''' Instruction SETBE_17
Groups:
0xf7fe7263: setbe cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x74)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7263, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7264, 8)== ord('\x96'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7265, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7266)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETBE_18_symbolic(self):
''' Instruction SETBE_18
Groups:
0xf7fe7263: setbe cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x64)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7263, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7264, 8)== ord('\x96'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7265, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7266)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETBE_19_symbolic(self):
''' Instruction SETBE_19
Groups:
0xf7fe7263: setbe cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0xa4)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7263, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7264, 8)== ord('\x96'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7265, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7266)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETBE_2_symbolic(self):
''' Instruction SETBE_2
Groups:
0xf7fe7263: setbe cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x34)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7263, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7264, 8)== ord('\x96'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7265, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7266)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETBE_20_symbolic(self):
''' Instruction SETBE_20
Groups:
0xf7fe7263: setbe cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x34)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7263, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7264, 8)== ord('\x96'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7265, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7266)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETBE_21_symbolic(self):
''' Instruction SETBE_21
Groups:
0xf7fe7263: setbe cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x54)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7263, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7264, 8)== ord('\x96'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7265, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7266)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETBE_3_symbolic(self):
''' Instruction SETBE_3
Groups:
0xf7fe7f30: setbe cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7f30] = '\x0f'
mem[0xf7fe7f31] = '\x96'
mem[0xf7fe7f32] = '\xc1'
cpu.EIP = 0xf7fe7f30
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x64)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7f30, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7f31, 8)== ord('\x96'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7f32, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7f33)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETBE_4_symbolic(self):
''' Instruction SETBE_4
Groups:
0xf7fe7263: setbe cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x64)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7263, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7264, 8)== ord('\x96'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7265, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7266)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETBE_5_symbolic(self):
''' Instruction SETBE_5
Groups:
0xf7fe7263: setbe cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x44)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7263, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7264, 8)== ord('\x96'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7265, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7266)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETBE_6_symbolic(self):
''' Instruction SETBE_6
Groups:
0xf7fe7263: setbe cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x84)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7263, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7264, 8)== ord('\x96'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7265, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7266)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETBE_7_symbolic(self):
''' Instruction SETBE_7
Groups:
0xf7fe7263: setbe cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x14)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7263, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7264, 8)== ord('\x96'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7265, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7266)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETBE_8_symbolic(self):
''' Instruction SETBE_8
Groups:
0xf7fe7263: setbe cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x4c)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7263, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7264, 8)== ord('\x96'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7265, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7266)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETBE_9_symbolic(self):
''' Instruction SETBE_9
Groups:
0xf7fe7263: setbe cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7263] = '\x0f'
mem[0xf7fe7264] = '\x96'
mem[0xf7fe7265] = '\xc1'
cpu.EIP = 0xf7fe7263
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0xc4)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7263, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7264, 8)== ord('\x96'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7265, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7266)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETB_1_symbolic(self):
''' Instruction SETB_1
Groups:
0x80701ae: setb cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x80701b0] = '\xc1'
mem[0x80701ae] = '\x0f'
mem[0x80701af] = '\x92'
cpu.EIP = 0x80701ae
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x1)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80701b0, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x80701ae, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80701af, 8)== ord('\x92'))
condition = Operators.AND(condition, cpu.EIP == 0x80701b1)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETB_2_symbolic(self):
''' Instruction SETB_2
Groups:
0x8065fa9: setb cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem[0x8065fa9] = '\x0f'
mem[0x8065faa] = '\x92'
mem[0x8065fab] = '\xc1'
cpu.EIP = 0x8065fa9
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8065fa9, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8065faa, 8)== ord('\x92'))
condition = Operators.AND(condition, cpu.read_int(0x8065fab, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x8065fac)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETB_3_symbolic(self):
''' Instruction SETB_3
Groups:
0x8065fac: setb byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8065fac] = '\x0f'
mem[0x8065fad] = '\x92'
mem[0x8065fae] = 'E'
mem[0x8065faf] = '\x00'
cpu.EIP = 0x8065fac
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8065fac, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8065fad, 8)== ord('\x92'))
condition = Operators.AND(condition, cpu.read_int(0x8065fae, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x8065faf, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8065fb0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETB_4_symbolic(self):
''' Instruction SETB_4
Groups:
0x8065fa2: setb cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem[0x8065fa2] = '\x0f'
mem[0x8065fa3] = '\x92'
mem[0x8065fa4] = '\xc1'
cpu.EIP = 0x8065fa2
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x1)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8065fa2, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8065fa3, 8)== ord('\x92'))
condition = Operators.AND(condition, cpu.read_int(0x8065fa4, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x8065fa5)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETB_5_symbolic(self):
''' Instruction SETB_5
Groups:
0x8065fa5: setb byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x8065fa8] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
mem[0x8065fa5] = '\x0f'
mem[0x8065fa6] = '\x92'
mem[0x8065fa7] = 'E'
cpu.EIP = 0x8065fa5
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8065fa8, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8065fa5, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8065fa6, 8)== ord('\x92'))
condition = Operators.AND(condition, cpu.read_int(0x8065fa7, 8)== ord('E'))
condition = Operators.AND(condition, cpu.EIP == 0x8065fa9)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETB_6_symbolic(self):
''' Instruction SETB_6
Groups:
0x80701b1: setb byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
mem[0x80701b1] = '\x0f'
mem[0x80701b2] = '\x92'
mem[0x80701b3] = 'E'
mem[0x80701b4] = '\x00'
cpu.EIP = 0x80701b1
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x80701b1, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80701b2, 8)== ord('\x92'))
condition = Operators.AND(condition, cpu.read_int(0x80701b3, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x80701b4, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x80701b5)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETE_1_symbolic(self):
''' Instruction SETE_1
Groups:
0xf7fe727a: sete cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe727a] = '\x0f'
mem[0xf7fe727b] = '\x94'
mem[0xf7fe727c] = '\xc1'
cpu.EIP = 0xf7fe727a
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe727a, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe727b, 8)== ord('\x94'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe727c, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe727d)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETE_10_symbolic(self):
''' Instruction SETE_10
Groups:
0xf7fe7269: sete al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7269] = '\x0f'
mem[0xf7fe726a] = '\x94'
mem[0xf7fe726b] = '\xc0'
cpu.EIP = 0xf7fe7269
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0xe3)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7269, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe726a, 8)== ord('\x94'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe726b, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe726c)
condition = Operators.AND(condition, cpu.AL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETE_11_symbolic(self):
''' Instruction SETE_11
Groups:
0xf7fe727a: sete cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe727a] = '\x0f'
mem[0xf7fe727b] = '\x94'
mem[0xf7fe727c] = '\xc1'
cpu.EIP = 0xf7fe727a
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe727a, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe727b, 8)== ord('\x94'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe727c, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe727d)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETE_12_symbolic(self):
''' Instruction SETE_12
Groups:
0xf7fe7269: sete al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7269] = '\x0f'
mem[0xf7fe726a] = '\x94'
mem[0xf7fe726b] = '\xc0'
cpu.EIP = 0xf7fe7269
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0xe3)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7269, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe726a, 8)== ord('\x94'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe726b, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe726c)
condition = Operators.AND(condition, cpu.AL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETE_13_symbolic(self):
''' Instruction SETE_13
Groups:
0xf7fe7290: sete al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7290] = '\x0f'
mem[0xf7fe7291] = '\x94'
mem[0xf7fe7292] = '\xc0'
cpu.EIP = 0xf7fe7290
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7290, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7291, 8)== ord('\x94'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7292, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7293)
condition = Operators.AND(condition, cpu.AL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETE_14_symbolic(self):
''' Instruction SETE_14
Groups:
0xf7fe7269: sete al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7269] = '\x0f'
mem[0xf7fe726a] = '\x94'
mem[0xf7fe726b] = '\xc0'
cpu.EIP = 0xf7fe7269
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0xe3)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7269, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe726a, 8)== ord('\x94'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe726b, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe726c)
condition = Operators.AND(condition, cpu.AL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETE_15_symbolic(self):
''' Instruction SETE_15
Groups:
0xf7fe7280: sete al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7280] = '\x0f'
mem[0xf7fe7281] = '\x94'
mem[0xf7fe7282] = '\xc0'
cpu.EIP = 0xf7fe7280
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7280, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7281, 8)== ord('\x94'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7282, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7283)
condition = Operators.AND(condition, cpu.AL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETE_16_symbolic(self):
''' Instruction SETE_16
Groups:
0xf7fe4caf: sete al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cb0] = '\x94'
mem[0xf7fe4cb1] = '\xc0'
mem[0xf7fe4caf] = '\x0f'
cpu.EIP = 0xf7fe4caf
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cb0, 8)== ord('\x94'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cb1, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4caf, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4cb2)
condition = Operators.AND(condition, cpu.AL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETE_17_symbolic(self):
''' Instruction SETE_17
Groups:
0xf7fe7290: sete al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7290] = '\x0f'
mem[0xf7fe7291] = '\x94'
mem[0xf7fe7292] = '\xc0'
cpu.EIP = 0xf7fe7290
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7290, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7291, 8)== ord('\x94'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7292, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7293)
condition = Operators.AND(condition, cpu.AL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETE_18_symbolic(self):
''' Instruction SETE_18
Groups:
0xf7fe7290: sete al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7290] = '\x0f'
mem[0xf7fe7291] = '\x94'
mem[0xf7fe7292] = '\xc0'
cpu.EIP = 0xf7fe7290
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7290, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7291, 8)== ord('\x94'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7292, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7293)
condition = Operators.AND(condition, cpu.AL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETE_19_symbolic(self):
''' Instruction SETE_19
Groups:
0xf7fe4caf: sete al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cb0] = '\x94'
mem[0xf7fe4cb1] = '\xc0'
mem[0xf7fe4caf] = '\x0f'
cpu.EIP = 0xf7fe4caf
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cb0, 8)== ord('\x94'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cb1, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4caf, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4cb2)
condition = Operators.AND(condition, cpu.AL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETE_2_symbolic(self):
''' Instruction SETE_2
Groups:
0xf7fe7280: sete al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7280] = '\x0f'
mem[0xf7fe7281] = '\x94'
mem[0xf7fe7282] = '\xc0'
cpu.EIP = 0xf7fe7280
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7280, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7281, 8)== ord('\x94'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7282, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7283)
condition = Operators.AND(condition, cpu.AL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETE_20_symbolic(self):
''' Instruction SETE_20
Groups:
0xf7fe7269: sete al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7269] = '\x0f'
mem[0xf7fe726a] = '\x94'
mem[0xf7fe726b] = '\xc0'
cpu.EIP = 0xf7fe7269
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0xe3)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7269, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe726a, 8)== ord('\x94'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe726b, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe726c)
condition = Operators.AND(condition, cpu.AL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETE_21_symbolic(self):
''' Instruction SETE_21
Groups:
0xf7fe7290: sete al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7290] = '\x0f'
mem[0xf7fe7291] = '\x94'
mem[0xf7fe7292] = '\xc0'
cpu.EIP = 0xf7fe7290
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7290, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7291, 8)== ord('\x94'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7292, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7293)
condition = Operators.AND(condition, cpu.AL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETE_3_symbolic(self):
''' Instruction SETE_3
Groups:
0xf7fe7269: sete al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7269] = '\x0f'
mem[0xf7fe726a] = '\x94'
mem[0xf7fe726b] = '\xc0'
cpu.EIP = 0xf7fe7269
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0xe3)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7269, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe726a, 8)== ord('\x94'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe726b, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe726c)
condition = Operators.AND(condition, cpu.AL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETE_4_symbolic(self):
''' Instruction SETE_4
Groups:
0xf7fe4caf: sete al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cb0] = '\x94'
mem[0xf7fe4cb1] = '\xc0'
mem[0xf7fe4caf] = '\x0f'
cpu.EIP = 0xf7fe4caf
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cb0, 8)== ord('\x94'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cb1, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4caf, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4cb2)
condition = Operators.AND(condition, cpu.AL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETE_5_symbolic(self):
''' Instruction SETE_5
Groups:
0xf7fe7280: sete al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7280] = '\x0f'
mem[0xf7fe7281] = '\x94'
mem[0xf7fe7282] = '\xc0'
cpu.EIP = 0xf7fe7280
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7280, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7281, 8)== ord('\x94'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7282, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7283)
condition = Operators.AND(condition, cpu.AL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETE_6_symbolic(self):
''' Instruction SETE_6
Groups:
0xf7fe4caf: sete al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cb0] = '\x94'
mem[0xf7fe4cb1] = '\xc0'
mem[0xf7fe4caf] = '\x0f'
cpu.EIP = 0xf7fe4caf
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cb0, 8)== ord('\x94'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cb1, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4caf, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4cb2)
condition = Operators.AND(condition, cpu.AL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETE_7_symbolic(self):
''' Instruction SETE_7
Groups:
0xf7fe7269: sete al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7269] = '\x0f'
mem[0xf7fe726a] = '\x94'
mem[0xf7fe726b] = '\xc0'
cpu.EIP = 0xf7fe7269
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0xe4)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7269, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe726a, 8)== ord('\x94'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe726b, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe726c)
condition = Operators.AND(condition, cpu.AL == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETE_8_symbolic(self):
''' Instruction SETE_8
Groups:
0xf7fe7290: sete al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7290] = '\x0f'
mem[0xf7fe7291] = '\x94'
mem[0xf7fe7292] = '\xc0'
cpu.EIP = 0xf7fe7290
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7290, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7291, 8)== ord('\x94'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7292, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7293)
condition = Operators.AND(condition, cpu.AL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETE_9_symbolic(self):
''' Instruction SETE_9
Groups:
0xf7fe7280: sete al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7280] = '\x0f'
mem[0xf7fe7281] = '\x94'
mem[0xf7fe7282] = '\xc0'
cpu.EIP = 0xf7fe7280
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7280, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7281, 8)== ord('\x94'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7282, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7283)
condition = Operators.AND(condition, cpu.AL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETGE_1_symbolic(self):
''' Instruction SETGE_1
Groups:
0x805b9eb: setge byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x80)
mem[addr] = value
mem[0x805b9eb] = '\x0f'
mem[0x805b9ec] = '\x9d'
mem[0x805b9ed] = 'E'
mem[0x805b9ee] = '\x00'
cpu.EIP = 0x805b9eb
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0x805b9eb, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x805b9ec, 8)== ord('\x9d'))
condition = Operators.AND(condition, cpu.read_int(0x805b9ed, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x805b9ee, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x805b9ef)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETGE_2_symbolic(self):
''' Instruction SETGE_2
Groups:
0x805b9e8: setge cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x805b9e8] = '\x0f'
mem[0x805b9e9] = '\x9d'
mem[0x805b9ea] = '\xc1'
cpu.EIP = 0x805b9e8
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0xc8)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805b9e8, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x805b9e9, 8)== ord('\x9d'))
condition = Operators.AND(condition, cpu.read_int(0x805b9ea, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x805b9eb)
condition = Operators.AND(condition, cpu.CL == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETGE_3_symbolic(self):
''' Instruction SETGE_3
Groups:
0x8070198: setge cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x8070198] = '\x0f'
mem[0x8070199] = '\x9d'
mem[0x807019a] = '\xc1'
cpu.EIP = 0x8070198
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x1)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8070198, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8070199, 8)== ord('\x9d'))
condition = Operators.AND(condition, cpu.read_int(0x807019a, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x807019b)
condition = Operators.AND(condition, cpu.CL == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETGE_4_symbolic(self):
''' Instruction SETGE_4
Groups:
0x807019b: setge byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
mem[0x807019b] = '\x0f'
mem[0x807019c] = '\x9d'
mem[0x807019d] = 'E'
mem[0x807019e] = '\x00'
cpu.EIP = 0x807019b
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0x807019b, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x807019c, 8)== ord('\x9d'))
condition = Operators.AND(condition, cpu.read_int(0x807019d, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x807019e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x807019f)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETG_1_symbolic(self):
''' Instruction SETG_1
Groups:
0x8065f97: setg byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x8065f98] = '\x9f'
mem[0x8065f99] = 'E'
mem[0x8065f9a] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8065f97] = '\x0f'
cpu.EIP = 0x8065f97
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8065f98, 8)== ord('\x9f'))
condition = Operators.AND(condition, cpu.read_int(0x8065f99, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x8065f9a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0x8065f97, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0x8065f9b)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETG_2_symbolic(self):
''' Instruction SETG_2
Groups:
0x8065f68: setg cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem[0x8065f68] = '\x0f'
mem[0x8065f69] = '\x9f'
mem[0x8065f6a] = '\xc1'
cpu.EIP = 0x8065f68
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x3)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8065f68, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8065f69, 8)== ord('\x9f'))
condition = Operators.AND(condition, cpu.read_int(0x8065f6a, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x8065f6b)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETG_3_symbolic(self):
''' Instruction SETG_3
Groups:
0x8065f6b: setg byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x47)
mem[addr] = value
mem[0x8065f6b] = '\x0f'
mem[0x8065f6c] = '\x9f'
mem[0x8065f6d] = 'E'
mem[0x8065f6e] = '\x00'
cpu.EIP = 0x8065f6b
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8065f6b, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8065f6c, 8)== ord('\x9f'))
condition = Operators.AND(condition, cpu.read_int(0x8065f6d, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x8065f6e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8065f6f)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETG_4_symbolic(self):
''' Instruction SETG_4
Groups:
0x8065f94: setg cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem[0x8065f94] = '\x0f'
mem[0x8065f95] = '\x9f'
mem[0x8065f96] = '\xc1'
cpu.EIP = 0x8065f94
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8065f94, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8065f95, 8)== ord('\x9f'))
condition = Operators.AND(condition, cpu.read_int(0x8065f96, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x8065f97)
condition = Operators.AND(condition, cpu.CL == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETLE_1_symbolic(self):
''' Instruction SETLE_1
Groups:
0x805ba5d: setle cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x805ba5d] = '\x0f'
mem[0x805ba5e] = '\x9e'
mem[0x805ba5f] = '\xc1'
cpu.EIP = 0x805ba5d
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805ba5d, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x805ba5e, 8)== ord('\x9e'))
condition = Operators.AND(condition, cpu.read_int(0x805ba5f, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x805ba60)
condition = Operators.AND(condition, cpu.CL == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETLE_2_symbolic(self):
''' Instruction SETLE_2
Groups:
0x805ba60: setle byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x805ba60] = '\x0f'
mem[0x805ba61] = '\x9e'
mem[0x805ba62] = 'E'
mem[0x805ba63] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0x805ba60
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805ba60, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x805ba61, 8)== ord('\x9e'))
condition = Operators.AND(condition, cpu.read_int(0x805ba62, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x805ba63, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.EIP == 0x805ba64)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETLE_3_symbolic(self):
''' Instruction SETLE_3
Groups:
0x8079369: setle byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
mem[0x8079369] = '\x0f'
mem[0x807936a] = '\x9e'
mem[0x807936b] = 'E'
mem[0x807936c] = '\x00'
cpu.EIP = 0x8079369
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0x8079369, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x807936a, 8)== ord('\x9e'))
condition = Operators.AND(condition, cpu.read_int(0x807936b, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x807936c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x807936d)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETLE_4_symbolic(self):
''' Instruction SETLE_4
Groups:
0x8079366: setle cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079368] = '\xc1'
mem[0x8079366] = '\x0f'
mem[0x8079367] = '\x9e'
cpu.EIP = 0x8079366
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079368, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x8079366, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8079367, 8)== ord('\x9e'))
condition = Operators.AND(condition, cpu.EIP == 0x8079369)
condition = Operators.AND(condition, cpu.CL == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETL_1_symbolic(self):
''' Instruction SETL_1
Groups:
0x80702db: setl byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
mem[0x80702db] = '\x0f'
mem[0x80702dc] = '\x9c'
mem[0x80702dd] = 'E'
mem[0x80702de] = '\x00'
cpu.EIP = 0x80702db
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x80702db, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80702dc, 8)== ord('\x9c'))
condition = Operators.AND(condition, cpu.read_int(0x80702dd, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x80702de, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x80702df)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETL_2_symbolic(self):
''' Instruction SETL_2
Groups:
0x8065fb0: setl cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem[0x8065fb0] = '\x0f'
mem[0x8065fb1] = '\x9c'
mem[0x8065fb2] = '\xc1'
cpu.EIP = 0x8065fb0
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8065fb0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8065fb1, 8)== ord('\x9c'))
condition = Operators.AND(condition, cpu.read_int(0x8065fb2, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x8065fb3)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETL_3_symbolic(self):
''' Instruction SETL_3
Groups:
0x80702d8: setl cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x80702d8] = '\x0f'
mem[0x80702d9] = '\x9c'
mem[0x80702da] = '\xc1'
cpu.EIP = 0x80702d8
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80702d8, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80702d9, 8)== ord('\x9c'))
condition = Operators.AND(condition, cpu.read_int(0x80702da, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x80702db)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETL_4_symbolic(self):
''' Instruction SETL_4
Groups:
0x8065fb3: setl byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8065fb3] = '\x0f'
mem[0x8065fb4] = '\x9c'
mem[0x8065fb5] = 'E'
mem[0x8065fb6] = '\x00'
cpu.EIP = 0x8065fb3
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8065fb3, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8065fb4, 8)== ord('\x9c'))
condition = Operators.AND(condition, cpu.read_int(0x8065fb5, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x8065fb6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8065fb7)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETNE_1_symbolic(self):
''' Instruction SETNE_1
Groups:
0xf7fe9c2f: setne dl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9c30] = '\x95'
mem[0xf7fe9c31] = '\xc2'
mem[0xf7fe9c2f] = '\x0f'
cpu.EIP = 0xf7fe9c2f
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.DL = cs.new_bitvec(8)
cs.add(cpu.DL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe9c30, 8)== ord('\x95'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9c31, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9c2f, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe9c32)
condition = Operators.AND(condition, cpu.DL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETNE_10_symbolic(self):
''' Instruction SETNE_10
Groups:
0xf7fe42e2: setne cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe42e2] = '\x0f'
mem[0xf7fe42e3] = '\x95'
mem[0xf7fe42e4] = '\xc1'
cpu.EIP = 0xf7fe42e2
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x38)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe42e2, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe42e3, 8)== ord('\x95'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe42e4, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe42e5)
condition = Operators.AND(condition, cpu.CL == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETNE_11_symbolic(self):
''' Instruction SETNE_11
Groups:
0xf7ff08d1: setne dl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff08d1] = '\x0f'
mem[0xf7ff08d2] = '\x95'
mem[0xf7ff08d3] = '\xc2'
cpu.EIP = 0xf7ff08d1
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.DL = cs.new_bitvec(8)
cs.add(cpu.DL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff08d1, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff08d2, 8)== ord('\x95'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff08d3, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff08d4)
condition = Operators.AND(condition, cpu.DL == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETNE_12_symbolic(self):
''' Instruction SETNE_12
Groups:
0x80701a0: setne cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x80701a0] = '\x0f'
mem[0x80701a1] = '\x95'
mem[0x80701a2] = '\xc1'
cpu.EIP = 0x80701a0
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x1)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80701a0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80701a1, 8)== ord('\x95'))
condition = Operators.AND(condition, cpu.read_int(0x80701a2, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x80701a3)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETNE_13_symbolic(self):
''' Instruction SETNE_13
Groups:
0xf7fdf397: setne al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fdf000, 0x1000, 'rwx')
mem[0xf7fdf398] = '\x95'
mem[0xf7fdf399] = '\xc0'
mem[0xf7fdf397] = '\x0f'
cpu.EIP = 0xf7fdf397
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fdf398, 8)== ord('\x95'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdf399, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdf397, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fdf39a)
condition = Operators.AND(condition, cpu.AL == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETNE_14_symbolic(self):
''' Instruction SETNE_14
Groups:
0xf7fe9c2f: setne dl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9c30] = '\x95'
mem[0xf7fe9c31] = '\xc2'
mem[0xf7fe9c2f] = '\x0f'
cpu.EIP = 0xf7fe9c2f
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.DL = cs.new_bitvec(8)
cs.add(cpu.DL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe9c30, 8)== ord('\x95'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9c31, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9c2f, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe9c32)
condition = Operators.AND(condition, cpu.DL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETNE_15_symbolic(self):
''' Instruction SETNE_15
Groups:
0x807027e: setne cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x8070280] = '\xc1'
mem[0x807027e] = '\x0f'
mem[0x807027f] = '\x95'
cpu.EIP = 0x807027e
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0xf8)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8070280, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x807027e, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x807027f, 8)== ord('\x95'))
condition = Operators.AND(condition, cpu.EIP == 0x8070281)
condition = Operators.AND(condition, cpu.CL == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETNE_16_symbolic(self):
''' Instruction SETNE_16
Groups:
0xf7fe6c5c: setne al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe6c5c] = '\x0f'
mem[0xf7fe6c5d] = '\x95'
mem[0xf7fe6c5e] = '\xc0'
cpu.EIP = 0xf7fe6c5c
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe6c5c, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe6c5d, 8)== ord('\x95'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe6c5e, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe6c5f)
condition = Operators.AND(condition, cpu.AL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETNE_17_symbolic(self):
''' Instruction SETNE_17
Groups:
0xf7fdf397: setne al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fdf000, 0x1000, 'rwx')
mem[0xf7fdf398] = '\x95'
mem[0xf7fdf399] = '\xc0'
mem[0xf7fdf397] = '\x0f'
cpu.EIP = 0xf7fdf397
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fdf398, 8)== ord('\x95'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdf399, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdf397, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fdf39a)
condition = Operators.AND(condition, cpu.AL == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETNE_18_symbolic(self):
''' Instruction SETNE_18
Groups:
0xf7fe6c5c: setne al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe6c5c] = '\x0f'
mem[0xf7fe6c5d] = '\x95'
mem[0xf7fe6c5e] = '\xc0'
cpu.EIP = 0xf7fe6c5c
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe6c5c, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe6c5d, 8)== ord('\x95'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe6c5e, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe6c5f)
condition = Operators.AND(condition, cpu.AL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETNE_19_symbolic(self):
''' Instruction SETNE_19
Groups:
0xf7fe6c5c: setne al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe6000, 0x1000, 'rwx')
mem[0xf7fe6c5c] = '\x0f'
mem[0xf7fe6c5d] = '\x95'
mem[0xf7fe6c5e] = '\xc0'
cpu.EIP = 0xf7fe6c5c
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe6c5c, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe6c5d, 8)== ord('\x95'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe6c5e, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe6c5f)
condition = Operators.AND(condition, cpu.AL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETNE_2_symbolic(self):
''' Instruction SETNE_2
Groups:
0xf7fec53e: setne al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec540] = '\xc0'
mem[0xf7fec53e] = '\x0f'
mem[0xf7fec53f] = '\x95'
cpu.EIP = 0xf7fec53e
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fec540, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec53e, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec53f, 8)== ord('\x95'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fec541)
condition = Operators.AND(condition, cpu.AL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETNE_3_symbolic(self):
''' Instruction SETNE_3
Groups:
0xf7fdf32a: setne al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fdf000, 0x1000, 'rwx')
mem[0xf7fdf32a] = '\x0f'
mem[0xf7fdf32b] = '\x95'
mem[0xf7fdf32c] = '\xc0'
cpu.EIP = 0xf7fdf32a
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fdf32a, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdf32b, 8)== ord('\x95'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdf32c, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fdf32d)
condition = Operators.AND(condition, cpu.AL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETNE_4_symbolic(self):
''' Instruction SETNE_4
Groups:
0xf7fec53e: setne al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec540] = '\xc0'
mem[0xf7fec53e] = '\x0f'
mem[0xf7fec53f] = '\x95'
cpu.EIP = 0xf7fec53e
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fec540, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec53e, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec53f, 8)== ord('\x95'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fec541)
condition = Operators.AND(condition, cpu.AL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETNE_5_symbolic(self):
''' Instruction SETNE_5
Groups:
0xf7fec53e: setne al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec540] = '\xc0'
mem[0xf7fec53e] = '\x0f'
mem[0xf7fec53f] = '\x95'
cpu.EIP = 0xf7fec53e
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fec540, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec53e, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec53f, 8)== ord('\x95'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fec541)
condition = Operators.AND(condition, cpu.AL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETNE_6_symbolic(self):
''' Instruction SETNE_6
Groups:
0xf7fec53e: setne al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec540] = '\xc0'
mem[0xf7fec53e] = '\x0f'
mem[0xf7fec53f] = '\x95'
cpu.EIP = 0xf7fec53e
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fec540, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec53e, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec53f, 8)== ord('\x95'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fec541)
condition = Operators.AND(condition, cpu.AL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETNE_7_symbolic(self):
''' Instruction SETNE_7
Groups:
0x80701a3: setne byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
mem[0x80701a3] = '\x0f'
mem[0x80701a4] = '\x95'
mem[0x80701a5] = 'E'
mem[0x80701a6] = '\x00'
cpu.EIP = 0x80701a3
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x80701a3, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80701a4, 8)== ord('\x95'))
condition = Operators.AND(condition, cpu.read_int(0x80701a5, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x80701a6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x80701a7)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETNE_8_symbolic(self):
''' Instruction SETNE_8
Groups:
0xf7fe996f: setne al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9970] = '\x95'
mem[0xf7fe9971] = '\xc0'
mem[0xf7fe996f] = '\x0f'
cpu.EIP = 0xf7fe996f
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe9970, 8)== ord('\x95'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9971, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe996f, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe9972)
condition = Operators.AND(condition, cpu.AL == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETNE_9_symbolic(self):
''' Instruction SETNE_9
Groups:
0x8070281: setne byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0xf8)
mem[addr] = value
mem[0x8070281] = '\x0f'
mem[0x8070282] = '\x95'
mem[0x8070283] = 'E'
mem[0x8070284] = '\x00'
cpu.EIP = 0x8070281
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0x8070281, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8070282, 8)== ord('\x95'))
condition = Operators.AND(condition, cpu.read_int(0x8070283, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x8070284, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8070285)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETNO_1_symbolic(self):
''' Instruction SETNO_1
Groups:
0x8070194: setno byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
mem[0x8070194] = '\x0f'
mem[0x8070195] = '\x91'
mem[0x8070196] = 'E'
mem[0x8070197] = '\x00'
cpu.EIP = 0x8070194
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0x8070194, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8070195, 8)== ord('\x91'))
condition = Operators.AND(condition, cpu.read_int(0x8070196, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x8070197, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8070198)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETNO_2_symbolic(self):
''' Instruction SETNO_2
Groups:
0x8070191: setno cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x8070191] = '\x0f'
mem[0x8070192] = '\x91'
mem[0x8070193] = '\xc1'
cpu.EIP = 0x8070191
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x1)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8070191, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8070192, 8)== ord('\x91'))
condition = Operators.AND(condition, cpu.read_int(0x8070193, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x8070194)
condition = Operators.AND(condition, cpu.CL == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETNP_1_symbolic(self):
''' Instruction SETNP_1
Groups:
0x807949f: setnp cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x80794a0] = '\x9b'
mem[0x80794a1] = '\xc1'
mem[0x807949f] = '\x0f'
cpu.EIP = 0x807949f
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x1)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80794a0, 8)== ord('\x9b'))
condition = Operators.AND(condition, cpu.read_int(0x80794a1, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x807949f, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0x80794a2)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETNP_2_symbolic(self):
''' Instruction SETNP_2
Groups:
0x80794a2: setnp byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x7f)
mem[addr] = value
mem[0x80794a2] = '\x0f'
mem[0x80794a3] = '\x9b'
mem[0x80794a4] = 'E'
mem[0x80794a5] = '\x00'
cpu.EIP = 0x80794a2
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x80794a2, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80794a3, 8)== ord('\x9b'))
condition = Operators.AND(condition, cpu.read_int(0x80794a4, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x80794a5, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x80794a6)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETNP_3_symbolic(self):
''' Instruction SETNP_3
Groups:
0x8070294: setnp cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x8070294] = '\x0f'
mem[0x8070295] = '\x9b'
mem[0x8070296] = '\xc1'
cpu.EIP = 0x8070294
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x1)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8070294, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8070295, 8)== ord('\x9b'))
condition = Operators.AND(condition, cpu.read_int(0x8070296, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x8070297)
condition = Operators.AND(condition, cpu.CL == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETNP_4_symbolic(self):
''' Instruction SETNP_4
Groups:
0x8070297: setnp byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x8070298] = '\x9b'
mem[0x8070299] = 'E'
mem[0x807029a] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
mem[0x8070297] = '\x0f'
cpu.EIP = 0x8070297
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8070298, 8)== ord('\x9b'))
condition = Operators.AND(condition, cpu.read_int(0x8070299, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x807029a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0x8070297, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0x807029b)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETNS_1_symbolic(self):
''' Instruction SETNS_1
Groups:
0x8070290: setns byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x8070290] = '\x0f'
mem[0x8070291] = '\x99'
mem[0x8070292] = 'E'
mem[0x8070293] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
cpu.EIP = 0x8070290
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8070290, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8070291, 8)== ord('\x99'))
condition = Operators.AND(condition, cpu.read_int(0x8070292, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x8070293, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.EIP == 0x8070294)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETNS_2_symbolic(self):
''' Instruction SETNS_2
Groups:
0x807028d: setns cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x807028d] = '\x0f'
mem[0x807028e] = '\x99'
mem[0x807028f] = '\xc1'
cpu.EIP = 0x807028d
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x1)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807028d, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x807028e, 8)== ord('\x99'))
condition = Operators.AND(condition, cpu.read_int(0x807028f, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x8070290)
condition = Operators.AND(condition, cpu.CL == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETO_1_symbolic(self):
''' Instruction SETO_1
Groups:
0x8065fb7: seto cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem[0x8065fb8] = '\x90'
mem[0x8065fb9] = '\xc1'
mem[0x8065fb7] = '\x0f'
cpu.EIP = 0x8065fb7
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8065fb8, 8)== ord('\x90'))
condition = Operators.AND(condition, cpu.read_int(0x8065fb9, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x8065fb7, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0x8065fba)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETO_2_symbolic(self):
''' Instruction SETO_2
Groups:
0x8065fba: seto byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8065fba] = '\x0f'
mem[0x8065fbb] = '\x90'
mem[0x8065fbc] = 'E'
mem[0x8065fbd] = '\x00'
cpu.EIP = 0x8065fba
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8065fba, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8065fbb, 8)== ord('\x90'))
condition = Operators.AND(condition, cpu.read_int(0x8065fbc, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x8065fbd, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8065fbe)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETP_1_symbolic(self):
''' Instruction SETP_1
Groups:
0x806b09d: setp cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0806b000, 0x1000, 'rwx')
mem[0x806b09d] = '\x0f'
mem[0x806b09e] = '\x9a'
mem[0x806b09f] = '\xc1'
cpu.EIP = 0x806b09d
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x806b09d, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x806b09e, 8)== ord('\x9a'))
condition = Operators.AND(condition, cpu.read_int(0x806b09f, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x806b0a0)
condition = Operators.AND(condition, cpu.CL == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETP_2_symbolic(self):
''' Instruction SETP_2
Groups:
0x8079481: setp byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
mem[0x8079481] = '\x0f'
mem[0x8079482] = '\x9a'
mem[0x8079483] = 'E'
mem[0x8079484] = '\x00'
cpu.EIP = 0x8079481
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0x8079481, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8079482, 8)== ord('\x9a'))
condition = Operators.AND(condition, cpu.read_int(0x8079483, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x8079484, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8079485)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETP_3_symbolic(self):
''' Instruction SETP_3
Groups:
0x807947e: setp cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079480] = '\xc1'
mem[0x807947e] = '\x0f'
mem[0x807947f] = '\x9a'
cpu.EIP = 0x807947e
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x1)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079480, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x807947e, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x807947f, 8)== ord('\x9a'))
condition = Operators.AND(condition, cpu.EIP == 0x8079481)
condition = Operators.AND(condition, cpu.CL == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETP_4_symbolic(self):
''' Instruction SETP_4
Groups:
0x806b0a0: setp byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0806b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x806b0a0] = '\x0f'
mem[0x806b0a1] = '\x9a'
mem[0x806b0a2] = 'E'
mem[0x806b0a3] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0x806b0a0
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x806b0a0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x806b0a1, 8)== ord('\x9a'))
condition = Operators.AND(condition, cpu.read_int(0x806b0a2, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x806b0a3, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.EIP == 0x806b0a4)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETS_1_symbolic(self):
''' Instruction SETS_1
Groups:
0x806b0a7: sets byte ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0806b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x806b0a8] = '\x98'
mem[0x806b0a9] = 'E'
mem[0x806b0aa] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
mem[0x806b0a7] = '\x0f'
cpu.EIP = 0x806b0a7
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x806b0a8, 8)== ord('\x98'))
condition = Operators.AND(condition, cpu.read_int(0x806b0a9, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x806b0aa, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x806b0a7, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0x806b0ab)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SETS_2_symbolic(self):
''' Instruction SETS_2
Groups:
0x806b0a4: sets cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0806b000, 0x1000, 'rwx')
mem[0x806b0a4] = '\x0f'
mem[0x806b0a5] = '\x98'
mem[0x806b0a6] = '\xc1'
cpu.EIP = 0x806b0a4
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x1)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x806b0a4, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x806b0a5, 8)== ord('\x98'))
condition = Operators.AND(condition, cpu.read_int(0x806b0a6, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x806b0a7)
condition = Operators.AND(condition, cpu.CL == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHLD_1_symbolic(self):
''' Instruction SHLD_1
Groups:
0x8059a5b: shld word ptr [ebp], dx, 2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x8059a60] = '\x02'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x3e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x30)
mem[addr] = value
mem[0x8059a5b] = 'f'
mem[0x8059a5c] = '\x0f'
mem[0x8059a5d] = '\xa4'
mem[0x8059a5e] = 'U'
mem[0x8059a5f] = '\x00'
cpu.EIP = 0x8059a5b
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.DX = cs.new_bitvec(16)
cs.add(cpu.DX == 0xc8f8)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8059a60, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\xfb'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0x8059a5b, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8059a5c, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8059a5d, 8)== ord('\xa4'))
condition = Operators.AND(condition, cpu.read_int(0x8059a5e, 8)== ord('U'))
condition = Operators.AND(condition, cpu.read_int(0x8059a5f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8059a61)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.DX == 0xc8f8)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHLD_2_symbolic(self):
''' Instruction SHLD_2
Groups:
0x8059a42: shld cx, dx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x8059a42] = 'f'
mem[0x8059a43] = '\x0f'
mem[0x8059a44] = '\xa5'
mem[0x8059a45] = '\xd1'
cpu.EIP = 0x8059a42
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x0)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.DX = cs.new_bitvec(16)
cs.add(cpu.DX == 0xc8f8)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x0)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8059a42, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8059a43, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8059a44, 8)== ord('\xa5'))
condition = Operators.AND(condition, cpu.read_int(0x8059a45, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.EIP == 0x8059a46)
condition = Operators.AND(condition, cpu.CX == 0x0)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.DX == 0xc8f8)
condition = Operators.AND(condition, cpu.CL == 0x0)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHLD_3_symbolic(self):
''' Instruction SHLD_3
Groups:
0x8059a52: shld cx, dx, 2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x8059a52] = 'f'
mem[0x8059a53] = '\x0f'
mem[0x8059a54] = '\xa4'
mem[0x8059a55] = '\xd1'
mem[0x8059a56] = '\x02'
cpu.EIP = 0x8059a52
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x0)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.DX = cs.new_bitvec(16)
cs.add(cpu.DX == 0xc8f8)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8059a52, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8059a53, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8059a54, 8)== ord('\xa4'))
condition = Operators.AND(condition, cpu.read_int(0x8059a55, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.read_int(0x8059a56, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.EIP == 0x8059a57)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.CX == 0x3)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.DX == 0xc8f8)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHLD_4_symbolic(self):
''' Instruction SHLD_4
Groups:
0x8059a57: shld ecx, edx, 2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x8059a58] = '\xa4'
mem[0x8059a59] = '\xd1'
mem[0x8059a5a] = '\x02'
mem[0x8059a57] = '\x0f'
cpu.EIP = 0x8059a57
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xc8f8)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x3)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8059a58, 8)== ord('\xa4'))
condition = Operators.AND(condition, cpu.read_int(0x8059a59, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.read_int(0x8059a5a, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.read_int(0x8059a57, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.EIP == 0x8059a5b)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EDX == 0xc8f8)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ECX == 0xc)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHLD_5_symbolic(self):
''' Instruction SHLD_5
Groups:
0x8059a61: shld dword ptr [ebp], edx, 2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0xfb)
mem[addr] = value
mem[0x8059a61] = '\x0f'
mem[0x8059a62] = '\xa4'
mem[0x8059a63] = 'U'
mem[0x8059a64] = '\x00'
mem[0x8059a65] = '\x02'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0xc0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x1e)
mem[addr] = value
cpu.EIP = 0x8059a61
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xc8f8)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\xec'))
condition = Operators.AND(condition, cpu.read_int(0x8059a61, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8059a62, 8)== ord('\xa4'))
condition = Operators.AND(condition, cpu.read_int(0x8059a63, 8)== ord('U'))
condition = Operators.AND(condition, cpu.read_int(0x8059a64, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8059a65, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('x'))
condition = Operators.AND(condition, cpu.EIP == 0x8059a66)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.EDX == 0xc8f8)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHLD_6_symbolic(self):
''' Instruction SHLD_6
Groups:
0x8059a49: shld word ptr [ebp], dx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x3e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x30)
mem[addr] = value
mem[0x8059a49] = 'f'
mem[0x8059a4a] = '\x0f'
mem[0x8059a4b] = '\xa5'
mem[0x8059a4c] = 'U'
mem[0x8059a4d] = '\x00'
cpu.EIP = 0x8059a49
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.DX = cs.new_bitvec(16)
cs.add(cpu.DX == 0xc8f8)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('>'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('0'))
condition = Operators.AND(condition, cpu.read_int(0x8059a49, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8059a4a, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8059a4b, 8)== ord('\xa5'))
condition = Operators.AND(condition, cpu.read_int(0x8059a4c, 8)== ord('U'))
condition = Operators.AND(condition, cpu.read_int(0x8059a4d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8059a4e)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.DX == 0xc8f8)
condition = Operators.AND(condition, cpu.CL == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHLD_7_symbolic(self):
''' Instruction SHLD_7
Groups:
0x8059a4e: shld dword ptr [ebp], edx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x3e)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x30)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x1e)
mem[addr] = value
mem[0x8059a51] = '\x00'
mem[0x8059a50] = 'U'
mem[0x8059a4e] = '\x0f'
mem[0x8059a4f] = '\xa5'
cpu.EIP = 0x8059a4e
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xc8f8)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('>'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('0'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x1e'))
condition = Operators.AND(condition, cpu.read_int(0x8059a51, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8059a50, 8)== ord('U'))
condition = Operators.AND(condition, cpu.read_int(0x8059a4e, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8059a4f, 8)== ord('\xa5'))
condition = Operators.AND(condition, cpu.EIP == 0x8059a52)
condition = Operators.AND(condition, cpu.EDX == 0xc8f8)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.CL == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHLD_8_symbolic(self):
''' Instruction SHLD_8
Groups:
0x8059a46: shld ecx, edx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x8059a48] = '\xd1'
mem[0x8059a46] = '\x0f'
mem[0x8059a47] = '\xa5'
cpu.EIP = 0x8059a46
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xc8f8)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x0)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8059a48, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.read_int(0x8059a46, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8059a47, 8)== ord('\xa5'))
condition = Operators.AND(condition, cpu.EIP == 0x8059a49)
condition = Operators.AND(condition, cpu.EDX == 0xc8f8)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.CL == 0x0)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.ECX == 0x0)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHL_1_symbolic(self):
''' Instruction SHL_1
Groups:
0xf7fe56a5: shl ecx, 5
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a5] = '\xc1'
mem[0xf7fe56a6] = '\xe1'
mem[0xf7fe56a7] = '\x05'
cpu.EIP = 0xf7fe56a5
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x2b618)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a5, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a6, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a7, 8)== ord('\x05'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56a8)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ECX == 0x56c300)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHL_10_symbolic(self):
''' Instruction SHL_10
Groups:
0xf7fe72a0: shl edx, 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72a0] = '\xc1'
mem[0xf7fe72a1] = '\xe2'
mem[0xf7fe72a2] = '\x04'
cpu.EIP = 0xf7fe72a0
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x2)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe72a0, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72a1, 8)== ord('\xe2'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72a2, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe72a3)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.EDX == 0x20)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHL_11_symbolic(self):
''' Instruction SHL_11
Groups:
0xf7fe56a5: shl ecx, 5
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a5] = '\xc1'
mem[0xf7fe56a6] = '\xe1'
mem[0xf7fe56a7] = '\x05'
cpu.EIP = 0xf7fe56a5
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x3245563d)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a5, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a6, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a7, 8)== ord('\x05'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56a8)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ECX == 0x48aac7a0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHL_12_symbolic(self):
''' Instruction SHL_12
Groups:
0xf7fe56a5: shl ecx, 5
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a5] = '\xc1'
mem[0xf7fe56a6] = '\xe1'
mem[0xf7fe56a7] = '\x05'
cpu.EIP = 0xf7fe56a5
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x5976cd)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a5, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a6, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a7, 8)== ord('\x05'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56a8)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ECX == 0xb2ed9a0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHL_13_symbolic(self):
''' Instruction SHL_13
Groups:
0xf7fe54e8: shl eax, 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e8] = '\xc1'
mem[0xf7fe54e9] = '\xe0'
mem[0xf7fe54ea] = '\x04'
cpu.EIP = 0xf7fe54e8
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x1a5)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e8, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e9, 8)== ord('\xe0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54ea, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe54eb)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x1a50)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHL_14_symbolic(self):
''' Instruction SHL_14
Groups:
0xf7fe56a5: shl ecx, 5
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a5] = '\xc1'
mem[0xf7fe56a6] = '\xe1'
mem[0xf7fe56a7] = '\x05'
cpu.EIP = 0xf7fe56a5
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x2152c1c6)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a5, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a6, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a7, 8)== ord('\x05'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56a8)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ECX == 0x2a5838c0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHL_15_symbolic(self):
''' Instruction SHL_15
Groups:
0xf7fe7210: shl ecx, 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7210] = '\xc1'
mem[0xf7fe7211] = '\xe1'
mem[0xf7fe7212] = '\x04'
cpu.EIP = 0xf7fe7210
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7210, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7211, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7212, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7213)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHL_16_symbolic(self):
''' Instruction SHL_16
Groups:
0xf7fe56a5: shl ecx, 5
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a5] = '\xc1'
mem[0xf7fe56a6] = '\xe1'
mem[0xf7fe56a7] = '\x05'
cpu.EIP = 0xf7fe56a5
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xb88a6aa)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a5, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a6, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a7, 8)== ord('\x05'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56a8)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ECX == 0x7114d540)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHL_17_symbolic(self):
''' Instruction SHL_17
Groups:
0xf7fe56a5: shl ecx, 5
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a5] = '\xc1'
mem[0xf7fe56a6] = '\xe1'
mem[0xf7fe56a7] = '\x05'
cpu.EIP = 0xf7fe56a5
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x91a1e0d1)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a5, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a6, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a7, 8)== ord('\x05'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56a8)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ECX == 0x343c1a20)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHL_18_symbolic(self):
''' Instruction SHL_18
Groups:
0xf7fe54e8: shl eax, 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54e8] = '\xc1'
mem[0xf7fe54e9] = '\xe0'
mem[0xf7fe54ea] = '\x04'
cpu.EIP = 0xf7fe54e8
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x20a)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e8, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54e9, 8)== ord('\xe0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54ea, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe54eb)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x20a0)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHL_19_symbolic(self):
''' Instruction SHL_19
Groups:
0xf7fe56a5: shl ecx, 5
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a5] = '\xc1'
mem[0xf7fe56a6] = '\xe1'
mem[0xf7fe56a7] = '\x05'
cpu.EIP = 0xf7fe56a5
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x7c92c8da)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a5, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a6, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a7, 8)== ord('\x05'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56a8)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == True)
condition = Operators.AND(condition, cpu.ECX == 0x92591b40)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHL_2_symbolic(self):
''' Instruction SHL_2
Groups:
0xf7fe56a5: shl ecx, 5
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a5] = '\xc1'
mem[0xf7fe56a6] = '\xe1'
mem[0xf7fe56a7] = '\x05'
cpu.EIP = 0xf7fe56a5
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xeec095a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a5, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a6, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a7, 8)== ord('\x05'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56a8)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == True)
condition = Operators.AND(condition, cpu.ECX == 0xdd812b40)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHL_20_symbolic(self):
''' Instruction SHL_20
Groups:
0xf7fe56a5: shl ecx, 5
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a5] = '\xc1'
mem[0xf7fe56a6] = '\xe1'
mem[0xf7fe56a7] = '\x05'
cpu.EIP = 0xf7fe56a5
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xbc8e74ef)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a5, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a6, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a7, 8)== ord('\x05'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56a8)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == True)
condition = Operators.AND(condition, cpu.ECX == 0x91ce9de0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHL_21_symbolic(self):
''' Instruction SHL_21
Groups:
0xf7fe56a5: shl ecx, 5
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a5] = '\xc1'
mem[0xf7fe56a6] = '\xe1'
mem[0xf7fe56a7] = '\x05'
cpu.EIP = 0xf7fe56a5
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x4e5d1343)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a5, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a6, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a7, 8)== ord('\x05'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56a8)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == True)
condition = Operators.AND(condition, cpu.ECX == 0xcba26860)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHL_3_symbolic(self):
''' Instruction SHL_3
Groups:
0xf7fe56a5: shl ecx, 5
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a5] = '\xc1'
mem[0xf7fe56a6] = '\xe1'
mem[0xf7fe56a7] = '\x05'
cpu.EIP = 0xf7fe56a5
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xec71e1e0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a5, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a6, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a7, 8)== ord('\x05'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56a8)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == True)
condition = Operators.AND(condition, cpu.ECX == 0x8e3c3c00)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHL_4_symbolic(self):
''' Instruction SHL_4
Groups:
0xf7fe7210: shl ecx, 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7210] = '\xc1'
mem[0xf7fe7211] = '\xe1'
mem[0xf7fe7212] = '\x04'
cpu.EIP = 0xf7fe7210
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x536)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7210, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7211, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7212, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7213)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ECX == 0x5360)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHL_5_symbolic(self):
''' Instruction SHL_5
Groups:
0xf7fe56a5: shl ecx, 5
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a5] = '\xc1'
mem[0xf7fe56a6] = '\xe1'
mem[0xf7fe56a7] = '\x05'
cpu.EIP = 0xf7fe56a5
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xe1ef170b)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a5, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a6, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a7, 8)== ord('\x05'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56a8)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ECX == 0x3de2e160)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHL_6_symbolic(self):
''' Instruction SHL_6
Groups:
0xf7fe4d10: shl eax, 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4d10] = '\xc1'
mem[0xf7fe4d11] = '\xe0'
mem[0xf7fe4d12] = '\x04'
cpu.EIP = 0xf7fe4d10
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x2)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4d10, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4d11, 8)== ord('\xe0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4d12, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4d13)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x20)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHL_7_symbolic(self):
''' Instruction SHL_7
Groups:
0xf7fe56a5: shl ecx, 5
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a5] = '\xc1'
mem[0xf7fe56a6] = '\xe1'
mem[0xf7fe56a7] = '\x05'
cpu.EIP = 0xf7fe56a5
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x574b7271)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a5, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a6, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a7, 8)== ord('\x05'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56a8)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == True)
condition = Operators.AND(condition, cpu.ECX == 0xe96e4e20)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHL_8_symbolic(self):
''' Instruction SHL_8
Groups:
0xf7fe56a5: shl ecx, 5
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56a5] = '\xc1'
mem[0xf7fe56a6] = '\xe1'
mem[0xf7fe56a7] = '\x05'
cpu.EIP = 0xf7fe56a5
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x797078e1)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a5, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a6, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56a7, 8)== ord('\x05'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56a8)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ECX == 0x2e0f1c20)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHL_9_symbolic(self):
''' Instruction SHL_9
Groups:
0xf7fec3e0: shl edx, 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fec000, 0x1000, 'rwx')
mem[0xf7fec3e0] = '\xc1'
mem[0xf7fec3e1] = '\xe2'
mem[0xf7fec3e2] = '\x04'
cpu.EIP = 0xf7fec3e0
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x1a)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fec3e0, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec3e1, 8)== ord('\xe2'))
condition = Operators.AND(condition, cpu.read_int(0xf7fec3e2, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fec3e3)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EDX == 0x1a0)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHRD_1_symbolic(self):
''' Instruction SHRD_1
Groups:
0xf7fe9998: shrd eax, edx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9998] = '\x0f'
mem[0xf7fe9999] = '\xad'
mem[0xf7fe999a] = '\xd0'
cpu.EIP = 0xf7fe9998
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x4008000)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x9)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe9998, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9999, 8)== ord('\xad'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe999a, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe999b)
condition = Operators.AND(condition, cpu.EAX == 0x20040)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.CL == 0x9)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHRD_10_symbolic(self):
''' Instruction SHRD_10
Groups:
0xf7fe9998: shrd eax, edx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9998] = '\x0f'
mem[0xf7fe9999] = '\xad'
mem[0xf7fe999a] = '\xd0'
cpu.EIP = 0xf7fe9998
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x4008000)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x16)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe9998, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9999, 8)== ord('\xad'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe999a, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe999b)
condition = Operators.AND(condition, cpu.EAX == 0x10)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.CL == 0x16)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHRD_11_symbolic(self):
''' Instruction SHRD_11
Groups:
0xf7fe9be8: shrd eax, edx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9be8] = '\x0f'
mem[0xf7fe9be9] = '\xad'
mem[0xf7fe9bea] = '\xd0'
cpu.EIP = 0xf7fe9be8
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x4000000)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x18)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe9be8, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9be9, 8)== ord('\xad'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9bea, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe9beb)
condition = Operators.AND(condition, cpu.EAX == 0x4)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.CL == 0x18)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHRD_12_symbolic(self):
''' Instruction SHRD_12
Groups:
0xf7fe9be8: shrd eax, edx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9be8] = '\x0f'
mem[0xf7fe9be9] = '\xad'
mem[0xf7fe9bea] = '\xd0'
cpu.EIP = 0xf7fe9be8
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x4008000)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x5)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe9be8, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9be9, 8)== ord('\xad'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9bea, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe9beb)
condition = Operators.AND(condition, cpu.EAX == 0x200400)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.CL == 0x5)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHRD_13_symbolic(self):
''' Instruction SHRD_13
Groups:
0xf7fe9be8: shrd eax, edx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9be8] = '\x0f'
mem[0xf7fe9be9] = '\xad'
mem[0xf7fe9bea] = '\xd0'
cpu.EIP = 0xf7fe9be8
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x4008000)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0xd)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe9be8, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9be9, 8)== ord('\xad'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9bea, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe9beb)
condition = Operators.AND(condition, cpu.EAX == 0x2004)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.CL == 0xd)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHRD_14_symbolic(self):
''' Instruction SHRD_14
Groups:
0xf7fe9be8: shrd eax, edx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9be8] = '\x0f'
mem[0xf7fe9be9] = '\xad'
mem[0xf7fe9bea] = '\xd0'
cpu.EIP = 0xf7fe9be8
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x4000000)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x12)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe9be8, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9be9, 8)== ord('\xad'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9bea, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe9beb)
condition = Operators.AND(condition, cpu.EAX == 0x100)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.CL == 0x12)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHRD_15_symbolic(self):
''' Instruction SHRD_15
Groups:
0xf7fe9be8: shrd eax, edx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9be8] = '\x0f'
mem[0xf7fe9be9] = '\xad'
mem[0xf7fe9bea] = '\xd0'
cpu.EIP = 0xf7fe9be8
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x4000000)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x1a)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe9be8, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9be9, 8)== ord('\xad'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9bea, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe9beb)
condition = Operators.AND(condition, cpu.EAX == 0x1)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.CL == 0x1a)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHRD_16_symbolic(self):
''' Instruction SHRD_16
Groups:
0x805ba45: shrd dword ptr [ebp], edx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x805ba45] = '\x0f'
mem[0x805ba46] = '\xad'
mem[0x805ba47] = 'U'
mem[0x805ba48] = '\x00'
cpu.EIP = 0x805ba45
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x3ec)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805ba45, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x805ba46, 8)== ord('\xad'))
condition = Operators.AND(condition, cpu.read_int(0x805ba47, 8)== ord('U'))
condition = Operators.AND(condition, cpu.read_int(0x805ba48, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x805ba49)
condition = Operators.AND(condition, cpu.EDX == 0x3ec)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.CL == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHRD_17_symbolic(self):
''' Instruction SHRD_17
Groups:
0xf7fe9998: shrd eax, edx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9998] = '\x0f'
mem[0xf7fe9999] = '\xad'
mem[0xf7fe999a] = '\xd0'
cpu.EIP = 0xf7fe9998
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x4008000)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x11)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe9998, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9999, 8)== ord('\xad'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe999a, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe999b)
condition = Operators.AND(condition, cpu.EAX == 0x200)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.CL == 0x11)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHRD_18_symbolic(self):
''' Instruction SHRD_18
Groups:
0xf7fe9be8: shrd eax, edx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9be8] = '\x0f'
mem[0xf7fe9be9] = '\xad'
mem[0xf7fe9bea] = '\xd0'
cpu.EIP = 0xf7fe9be8
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x4008000)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x9)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe9be8, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9be9, 8)== ord('\xad'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9bea, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe9beb)
condition = Operators.AND(condition, cpu.EAX == 0x20040)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.CL == 0x9)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHRD_19_symbolic(self):
''' Instruction SHRD_19
Groups:
0xf7fe9998: shrd eax, edx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9998] = '\x0f'
mem[0xf7fe9999] = '\xad'
mem[0xf7fe999a] = '\xd0'
cpu.EIP = 0xf7fe9998
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x4008000)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0xc)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe9998, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9999, 8)== ord('\xad'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe999a, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe999b)
condition = Operators.AND(condition, cpu.EAX == 0x4008)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.CL == 0xc)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHRD_2_symbolic(self):
''' Instruction SHRD_2
Groups:
0xf7fe9998: shrd eax, edx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9998] = '\x0f'
mem[0xf7fe9999] = '\xad'
mem[0xf7fe999a] = '\xd0'
cpu.EIP = 0xf7fe9998
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x4008000)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0xe)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe9998, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9999, 8)== ord('\xad'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe999a, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe999b)
condition = Operators.AND(condition, cpu.EAX == 0x1002)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.CL == 0xe)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHRD_20_symbolic(self):
''' Instruction SHRD_20
Groups:
0xf7fe9be8: shrd eax, edx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9be8] = '\x0f'
mem[0xf7fe9be9] = '\xad'
mem[0xf7fe9bea] = '\xd0'
cpu.EIP = 0xf7fe9be8
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x4008000)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x8)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe9be8, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9be9, 8)== ord('\xad'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9bea, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe9beb)
condition = Operators.AND(condition, cpu.EAX == 0x40080)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.CL == 0x8)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHRD_21_symbolic(self):
''' Instruction SHRD_21
Groups:
0xf7fe9be8: shrd eax, edx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9be8] = '\x0f'
mem[0xf7fe9be9] = '\xad'
mem[0xf7fe9bea] = '\xd0'
cpu.EIP = 0xf7fe9be8
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x4000000)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x19)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe9be8, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9be9, 8)== ord('\xad'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9bea, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe9beb)
condition = Operators.AND(condition, cpu.EAX == 0x2)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.CL == 0x19)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHRD_3_symbolic(self):
''' Instruction SHRD_3
Groups:
0xf7fe9be8: shrd eax, edx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9be8] = '\x0f'
mem[0xf7fe9be9] = '\xad'
mem[0xf7fe9bea] = '\xd0'
cpu.EIP = 0xf7fe9be8
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x4000000)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x16)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe9be8, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9be9, 8)== ord('\xad'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9bea, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe9beb)
condition = Operators.AND(condition, cpu.EAX == 0x10)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.CL == 0x16)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHRD_4_symbolic(self):
''' Instruction SHRD_4
Groups:
0xf7fe9be8: shrd eax, edx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9be8] = '\x0f'
mem[0xf7fe9be9] = '\xad'
mem[0xf7fe9bea] = '\xd0'
cpu.EIP = 0xf7fe9be8
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x4000000)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x11)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe9be8, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9be9, 8)== ord('\xad'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9bea, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe9beb)
condition = Operators.AND(condition, cpu.EAX == 0x200)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.CL == 0x11)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHRD_5_symbolic(self):
''' Instruction SHRD_5
Groups:
0xf7fe9998: shrd eax, edx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9998] = '\x0f'
mem[0xf7fe9999] = '\xad'
mem[0xf7fe999a] = '\xd0'
cpu.EIP = 0xf7fe9998
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x4008000)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x19)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe9998, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9999, 8)== ord('\xad'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe999a, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe999b)
condition = Operators.AND(condition, cpu.EAX == 0x2)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.CL == 0x19)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHRD_6_symbolic(self):
''' Instruction SHRD_6
Groups:
0xf7fe9998: shrd eax, edx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9998] = '\x0f'
mem[0xf7fe9999] = '\xad'
mem[0xf7fe999a] = '\xd0'
cpu.EIP = 0xf7fe9998
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x4008000)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x8)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe9998, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9999, 8)== ord('\xad'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe999a, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe999b)
condition = Operators.AND(condition, cpu.EAX == 0x40080)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.CL == 0x8)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHRD_7_symbolic(self):
''' Instruction SHRD_7
Groups:
0xf7fe9be8: shrd eax, edx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9be8] = '\x0f'
mem[0xf7fe9be9] = '\xad'
mem[0xf7fe9bea] = '\xd0'
cpu.EIP = 0xf7fe9be8
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x4008000)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x7)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe9be8, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9be9, 8)== ord('\xad'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9bea, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe9beb)
condition = Operators.AND(condition, cpu.EAX == 0x80100)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.CL == 0x7)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHRD_8_symbolic(self):
''' Instruction SHRD_8
Groups:
0xf7fe9998: shrd eax, edx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9998] = '\x0f'
mem[0xf7fe9999] = '\xad'
mem[0xf7fe999a] = '\xd0'
cpu.EIP = 0xf7fe9998
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x4008000)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x7)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe9998, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9999, 8)== ord('\xad'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe999a, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe999b)
condition = Operators.AND(condition, cpu.EAX == 0x80100)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.CL == 0x7)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHRD_9_symbolic(self):
''' Instruction SHRD_9
Groups:
0xf7fe9998: shrd eax, edx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9998] = '\x0f'
mem[0xf7fe9999] = '\xad'
mem[0xf7fe999a] = '\xd0'
cpu.EIP = 0xf7fe9998
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x4008000)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x3)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe9998, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9999, 8)== ord('\xad'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe999a, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe999b)
condition = Operators.AND(condition, cpu.EAX == 0x801000)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.CL == 0x3)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHR_1_symbolic(self):
''' Instruction SHR_1
Groups:
0xf7fe4f34: shr edx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f34] = '\xd3'
mem[0xf7fe4f35] = '\xea'
cpu.EIP = 0xf7fe4f34
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0xde)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x20002000)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f34, 8)== ord('\xd3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f35, 8)== ord('\xea'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4f36)
condition = Operators.AND(condition, cpu.CL == 0xde)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHR_10_symbolic(self):
''' Instruction SHR_10
Groups:
0xf7fe9beb: shr edx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9beb] = '\xd3'
mem[0xf7fe9bec] = '\xea'
cpu.EIP = 0xf7fe9beb
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0xe)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe9beb, 8)== ord('\xd3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9bec, 8)== ord('\xea'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe9bed)
condition = Operators.AND(condition, cpu.CL == 0xe)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHR_11_symbolic(self):
''' Instruction SHR_11
Groups:
0xf7fe4f34: shr edx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f34] = '\xd3'
mem[0xf7fe4f35] = '\xea'
cpu.EIP = 0xf7fe4f34
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x71)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x20002000)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f34, 8)== ord('\xd3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f35, 8)== ord('\xea'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4f36)
condition = Operators.AND(condition, cpu.CL == 0x71)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EDX == 0x1000)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHR_12_symbolic(self):
''' Instruction SHR_12
Groups:
0xf7fe4f34: shr edx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f34] = '\xd3'
mem[0xf7fe4f35] = '\xea'
cpu.EIP = 0xf7fe4f34
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0xb6)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xc34cb81e)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f34, 8)== ord('\xd3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f35, 8)== ord('\xea'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4f36)
condition = Operators.AND(condition, cpu.CL == 0xb6)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.EDX == 0x30d)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHR_13_symbolic(self):
''' Instruction SHR_13
Groups:
0xf7fe4f38: shr eax, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f38] = '\xd3'
mem[0xf7fe4f39] = '\xe8'
cpu.EIP = 0xf7fe4f38
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x23)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x20002000)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f38, 8)== ord('\xd3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f39, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4f3a)
condition = Operators.AND(condition, cpu.CL == 0x23)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x4000400)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHR_14_symbolic(self):
''' Instruction SHR_14
Groups:
0xf7fe4f34: shr edx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f34] = '\xd3'
mem[0xf7fe4f35] = '\xea'
cpu.EIP = 0xf7fe4f34
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x5b)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x193220e0)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f34, 8)== ord('\xd3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f35, 8)== ord('\xea'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4f36)
condition = Operators.AND(condition, cpu.CL == 0x5b)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EDX == 0x3)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHR_15_symbolic(self):
''' Instruction SHR_15
Groups:
0xf7fe7203: shr ecx, 8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7203] = '\xc1'
mem[0xf7fe7204] = '\xe9'
mem[0xf7fe7205] = '\x08'
cpu.EIP = 0xf7fe7203
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x4ee06)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7203, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7204, 8)== ord('\xe9'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7205, 8)== ord('\x08'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7206)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ECX == 0x4ee)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHR_16_symbolic(self):
''' Instruction SHR_16
Groups:
0xf7fe4f38: shr eax, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f38] = '\xd3'
mem[0xf7fe4f39] = '\xe8'
cpu.EIP = 0xf7fe4f38
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x87)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x193220e0)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f38, 8)== ord('\xd3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f39, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4f3a)
condition = Operators.AND(condition, cpu.CL == 0x87)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.EAX == 0x326441)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHR_17_symbolic(self):
''' Instruction SHR_17
Groups:
0xf7fe4f38: shr eax, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f38] = '\xd3'
mem[0xf7fe4f39] = '\xe8'
cpu.EIP = 0xf7fe4f38
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0xcb)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x20002000)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f38, 8)== ord('\xd3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f39, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4f3a)
condition = Operators.AND(condition, cpu.CL == 0xcb)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x40004)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHR_18_symbolic(self):
''' Instruction SHR_18
Groups:
0x804834f: shr edx, 0x1f
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem[0x8048350] = '\xea'
mem[0x8048351] = '\x1f'
mem[0x804834f] = '\xc1'
cpu.EIP = 0x804834f
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8048350, 8)== ord('\xea'))
condition = Operators.AND(condition, cpu.read_int(0x8048351, 8)== ord('\x1f'))
condition = Operators.AND(condition, cpu.read_int(0x804834f, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x8048352)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHR_19_symbolic(self):
''' Instruction SHR_19
Groups:
0xf7ff4546: shr ecx, 1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff4546] = '\xd1'
mem[0xf7ff4547] = '\xe9'
cpu.EIP = 0xf7ff4546
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x2)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff4546, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff4547, 8)== ord('\xe9'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4548)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ECX == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHR_2_symbolic(self):
''' Instruction SHR_2
Groups:
0xf7fe4f38: shr eax, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f38] = '\xd3'
mem[0xf7fe4f39] = '\xe8'
cpu.EIP = 0xf7fe4f38
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x2)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x1000045e)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f38, 8)== ord('\xd3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f39, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4f3a)
condition = Operators.AND(condition, cpu.CL == 0x2)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.EAX == 0x4000117)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHR_20_symbolic(self):
''' Instruction SHR_20
Groups:
0xf7fe4f34: shr edx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f34] = '\xd3'
mem[0xf7fe4f35] = '\xea'
cpu.EIP = 0xf7fe4f34
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x3e)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x40024918)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f34, 8)== ord('\xd3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f35, 8)== ord('\xea'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4f36)
condition = Operators.AND(condition, cpu.CL == 0x3e)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.EDX == 0x1)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHR_21_symbolic(self):
''' Instruction SHR_21
Groups:
0xf7fe4e71: shr eax, 5
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4e71] = '\xc1'
mem[0xf7fe4e72] = '\xe8'
mem[0xf7fe4e73] = '\x05'
cpu.EIP = 0xf7fe4e71
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xdad66940)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4e71, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4e72, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4e73, 8)== ord('\x05'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4e74)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x6d6b34a)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHR_3_symbolic(self):
''' Instruction SHR_3
Groups:
0xf7fe4f38: shr eax, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f38] = '\xd3'
mem[0xf7fe4f39] = '\xe8'
cpu.EIP = 0xf7fe4f38
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x82)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x2034006)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f38, 8)== ord('\xd3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f39, 8)== ord('\xe8'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4f3a)
condition = Operators.AND(condition, cpu.CL == 0x82)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.EAX == 0x80d001)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHR_4_symbolic(self):
''' Instruction SHR_4
Groups:
0xf7fe4f34: shr edx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f34] = '\xd3'
mem[0xf7fe4f35] = '\xea'
cpu.EIP = 0xf7fe4f34
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x93)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x20002000)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f34, 8)== ord('\xd3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f35, 8)== ord('\xea'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4f36)
condition = Operators.AND(condition, cpu.CL == 0x93)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EDX == 0x400)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHR_5_symbolic(self):
''' Instruction SHR_5
Groups:
0xf7fe4f34: shr edx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f34] = '\xd3'
mem[0xf7fe4f35] = '\xea'
cpu.EIP = 0xf7fe4f34
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x4e)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x20002000)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f34, 8)== ord('\xd3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f35, 8)== ord('\xea'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4f36)
condition = Operators.AND(condition, cpu.CL == 0x4e)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EDX == 0x8000)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHR_6_symbolic(self):
''' Instruction SHR_6
Groups:
0xf7fe0b13: shr esi, 8
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe0000, 0x1000, 'rwx')
mem[0xf7fe0b13] = '\xc1'
mem[0xf7fe0b14] = '\xee'
mem[0xf7fe0b15] = '\x08'
cpu.EIP = 0xf7fe0b13
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0x607)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe0b13, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe0b14, 8)== ord('\xee'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe0b15, 8)== ord('\x08'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe0b16)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ESI == 0x6)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHR_7_symbolic(self):
''' Instruction SHR_7
Groups:
0xf7fe54cb: shr edx, 1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54cb] = '\xd1'
mem[0xf7fe54cc] = '\xea'
cpu.EIP = 0xf7fe54cb
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x1)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe54cb, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54cc, 8)== ord('\xea'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe54cd)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHR_8_symbolic(self):
''' Instruction SHR_8
Groups:
0xf7fe4fa4: shr dl, 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4fa4] = '\xc0'
mem[0xf7fe4fa5] = '\xea'
mem[0xf7fe4fa6] = '\x04'
cpu.EIP = 0xf7fe4fa4
cpu.DL = cs.new_bitvec(8)
cs.add(cpu.DL == 0x11)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4fa4, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4fa5, 8)== ord('\xea'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4fa6, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4fa7)
condition = Operators.AND(condition, cpu.DL == 0x1)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SHR_9_symbolic(self):
''' Instruction SHR_9
Groups:
0xf7fe4f2e: shr edx, cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f2e] = '\xd3'
mem[0xf7fe4f2f] = '\xea'
cpu.EIP = 0xf7fe4f2e
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x5)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xb23c806a)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f2e, 8)== ord('\xd3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f2f, 8)== ord('\xea'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4f30)
condition = Operators.AND(condition, cpu.CL == 0x5)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EDX == 0x591e403)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_STC_1_symbolic(self):
''' Instruction STC_1
Groups:
0x8079441: stc
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079441] = '\xf9'
cpu.EIP = 0x8079441
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079441, 8)== ord('\xf9'))
condition = Operators.AND(condition, cpu.EIP == 0x8079442)
condition = Operators.AND(condition, cpu.CF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_STD_1_symbolic(self):
''' Instruction STD_1
Groups:
0x8079387: std
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079387] = '\xfd'
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0x8079387
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079387, 8)== ord('\xfd'))
condition = Operators.AND(condition, cpu.DF == True)
condition = Operators.AND(condition, cpu.EIP == 0x8079388)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_STMXCSR_1_symbolic(self):
''' Instruction STMXCSR_1
Groups: sse1
0x80565d0: stmxcsr dword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08056000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x37)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x80565d0] = '\x0f'
mem[0x80565d1] = '\xae'
mem[0x80565d2] = ']'
mem[0x80565d3] = '\x00'
cpu.EIP = 0x80565d0
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x80'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x1f'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x80565d0, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x80565d1, 8)== ord('\xae'))
condition = Operators.AND(condition, cpu.read_int(0x80565d2, 8)== ord(']'))
condition = Operators.AND(condition, cpu.read_int(0x80565d3, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x80565d4)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_STOSB_1_symbolic(self):
''' Instruction STOSB_1
Groups:
0x8065f64: stosb byte ptr es:[edi], al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0x0807f000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0x807f042)
value = cs.new_bitvec(8)
cs.add(value == 0x1e)
mem[addr] = value
mem[0x8065f64] = '\xaa'
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0x8065f64
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x807f042)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0xeb)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807f042, 8)== ord('\xeb'))
condition = Operators.AND(condition, cpu.read_int(0x8065f64, 8)== ord('\xaa'))
condition = Operators.AND(condition, cpu.EIP == 0x8065f65)
condition = Operators.AND(condition, cpu.EDI == 0x807f043)
condition = Operators.AND(condition, cpu.AL == 0xeb)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_STOSD_1_symbolic(self):
''' Instruction STOSD_1
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14d20)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14d21)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14d22)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14d23)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14941)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14940)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14943)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14942)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x38)
cpu.EIP = 0xf7fed5cc
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7e14d20)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7e14940)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e14d20, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14d21, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14d22, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14d23, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14941, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14940, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14943, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cc, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cd, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14942, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fed5cc)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.EDI == 0xf7e14d24)
condition = Operators.AND(condition, cpu.ESI == 0xf7e14940)
condition = Operators.AND(condition, cpu.ECX == 0x37)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_STOSD_10_symbolic(self):
''' Instruction STOSD_10
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14b40)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14b41)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14b42)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14b43)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14941)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14940)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14943)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14942)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xb0)
cpu.EIP = 0xf7fed5cc
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7e14b40)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7e14940)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e14b40, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14b41, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14b42, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14b43, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14941, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14940, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14943, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cc, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cd, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14942, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fed5cc)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.EDI == 0xf7e14b44)
condition = Operators.AND(condition, cpu.ESI == 0xf7e14940)
condition = Operators.AND(condition, cpu.ECX == 0xaf)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_STOSD_11_symbolic(self):
''' Instruction STOSD_11
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14940)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14941)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14942)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14943)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14b14)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14b15)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14b16)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14b17)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xbb)
cpu.EIP = 0xf7fed5cc
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7e14b14)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7e14940)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e14940, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14941, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14942, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14943, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14b14, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14b15, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14b16, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14b17, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cc, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cd, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fed5cc)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.EDI == 0xf7e14b18)
condition = Operators.AND(condition, cpu.ESI == 0xf7e14940)
condition = Operators.AND(condition, cpu.ECX == 0xba)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_STOSD_12_symbolic(self):
''' Instruction STOSD_12
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14ca0)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14ca1)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14ca2)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14ca3)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14941)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14940)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14943)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14942)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x58)
cpu.EIP = 0xf7fed5cc
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7e14ca0)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7e14940)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e14ca0, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14ca1, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14ca2, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14ca3, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14941, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14940, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14943, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cc, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cd, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14942, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fed5cc)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.EDI == 0xf7e14ca4)
condition = Operators.AND(condition, cpu.ESI == 0xf7e14940)
condition = Operators.AND(condition, cpu.ECX == 0x57)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_STOSD_13_symbolic(self):
''' Instruction STOSD_13
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14940)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14941)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14942)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14943)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14a7c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14a7f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14a7e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14a7d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xe1)
cpu.EIP = 0xf7fed5cc
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7e14a7c)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7e14940)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e14940, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14941, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14942, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14943, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14a7c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14a7f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cc, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cd, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14a7e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14a7d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fed5cc)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.EDI == 0xf7e14a80)
condition = Operators.AND(condition, cpu.ESI == 0xf7e14940)
condition = Operators.AND(condition, cpu.ECX == 0xe0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_STOSD_14_symbolic(self):
''' Instruction STOSD_14
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14940)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14941)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14942)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14943)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14a31)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14a32)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14a30)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14a33)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf4)
cpu.EIP = 0xf7fed5cc
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7e14a30)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7e14940)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e14940, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14941, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14942, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14943, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14a31, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14a32, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14a30, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14a33, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cc, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cd, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fed5cc)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.EDI == 0xf7e14a34)
condition = Operators.AND(condition, cpu.ESI == 0xf7e14940)
condition = Operators.AND(condition, cpu.ECX == 0xf3)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_STOSD_15_symbolic(self):
''' Instruction STOSD_15
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14bc0)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14bc1)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14bc2)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14bc3)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14941)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14940)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14943)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14942)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x90)
cpu.EIP = 0xf7fed5cc
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7e14bc0)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7e14940)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e14bc0, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14bc1, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14bc2, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14bc3, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14941, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14940, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14943, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cc, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cd, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14942, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fed5cc)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.EDI == 0xf7e14bc4)
condition = Operators.AND(condition, cpu.ESI == 0xf7e14940)
condition = Operators.AND(condition, cpu.ECX == 0x8f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_STOSD_16_symbolic(self):
''' Instruction STOSD_16
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14940)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14941)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14942)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14943)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14a98)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14a99)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14a9a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14a9b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xda)
cpu.EIP = 0xf7fed5cc
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7e14a98)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7e14940)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e14940, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14941, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14942, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14943, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14a98, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14a99, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14a9a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14a9b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cc, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cd, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fed5cc)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.EDI == 0xf7e14a9c)
condition = Operators.AND(condition, cpu.ESI == 0xf7e14940)
condition = Operators.AND(condition, cpu.ECX == 0xd9)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_STOSD_17_symbolic(self):
''' Instruction STOSD_17
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14a20)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14a21)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14a22)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14a23)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14941)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14940)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14943)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14942)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf8)
cpu.EIP = 0xf7fed5cc
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7e14a20)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7e14940)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e14a20, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14a21, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14a22, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14a23, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14941, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14940, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14943, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cc, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cd, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14942, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fed5cc)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.EDI == 0xf7e14a24)
condition = Operators.AND(condition, cpu.ESI == 0xf7e14940)
condition = Operators.AND(condition, cpu.ECX == 0xf7)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_STOSD_18_symbolic(self):
''' Instruction STOSD_18
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14940)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14941)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14942)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14943)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14d48)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14d49)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14d4a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14d4b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x2e)
cpu.EIP = 0xf7fed5cc
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7e14d48)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7e14940)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e14940, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14941, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14942, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14943, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14d48, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14d49, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14d4a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14d4b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cc, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cd, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fed5cc)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.EDI == 0xf7e14d4c)
condition = Operators.AND(condition, cpu.ESI == 0xf7e14940)
condition = Operators.AND(condition, cpu.ECX == 0x2d)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_STOSD_19_symbolic(self):
''' Instruction STOSD_19
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14940)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14941)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14942)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14943)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14afc)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14aff)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14afe)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14afd)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xc1)
cpu.EIP = 0xf7fed5cc
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7e14afc)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7e14940)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e14940, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14941, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14942, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14943, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14afc, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14aff, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cc, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cd, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14afe, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14afd, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fed5cc)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.EDI == 0xf7e14b00)
condition = Operators.AND(condition, cpu.ESI == 0xf7e14940)
condition = Operators.AND(condition, cpu.ECX == 0xc0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_STOSD_2_symbolic(self):
''' Instruction STOSD_2
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14940)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14941)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14942)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14943)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14a24)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14a25)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14a26)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14a27)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf7)
cpu.EIP = 0xf7fed5cc
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7e14a24)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7e14940)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e14940, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14941, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14942, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14943, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14a24, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14a25, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14a26, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14a27, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cc, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cd, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fed5cc)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.EDI == 0xf7e14a28)
condition = Operators.AND(condition, cpu.ESI == 0xf7e14940)
condition = Operators.AND(condition, cpu.ECX == 0xf6)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_STOSD_20_symbolic(self):
''' Instruction STOSD_20
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14940)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14941)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14942)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14943)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14a64)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14a65)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14a66)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14a67)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xe7)
cpu.EIP = 0xf7fed5cc
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7e14a64)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7e14940)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e14940, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14941, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14942, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14943, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14a64, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14a65, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14a66, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14a67, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cc, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cd, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fed5cc)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.EDI == 0xf7e14a68)
condition = Operators.AND(condition, cpu.ESI == 0xf7e14940)
condition = Operators.AND(condition, cpu.ECX == 0xe6)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_STOSD_21_symbolic(self):
''' Instruction STOSD_21
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14940)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14941)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14942)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14943)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14cf4)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14cf5)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14cf6)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14cf7)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x43)
cpu.EIP = 0xf7fed5cc
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7e14cf4)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7e14940)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e14940, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14941, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14942, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14943, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14cf4, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14cf5, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14cf6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14cf7, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cc, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cd, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fed5cc)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.EDI == 0xf7e14cf8)
condition = Operators.AND(condition, cpu.ESI == 0xf7e14940)
condition = Operators.AND(condition, cpu.ECX == 0x42)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_STOSD_3_symbolic(self):
''' Instruction STOSD_3
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14940)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14941)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14942)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14943)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14abc)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14abf)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14abe)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14abd)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xd1)
cpu.EIP = 0xf7fed5cc
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7e14abc)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7e14940)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e14940, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14941, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14942, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14943, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14abc, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14abf, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cc, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cd, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14abe, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14abd, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fed5cc)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.EDI == 0xf7e14ac0)
condition = Operators.AND(condition, cpu.ESI == 0xf7e14940)
condition = Operators.AND(condition, cpu.ECX == 0xd0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_STOSD_4_symbolic(self):
''' Instruction STOSD_4
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14940)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14941)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14942)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14943)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14dc4)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14dc5)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14dc6)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14dc7)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf)
cpu.EIP = 0xf7fed5cc
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7e14dc4)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7e14940)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e14940, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14941, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14942, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14943, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14dc4, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14dc5, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14dc6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14dc7, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cc, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cd, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fed5cc)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.EDI == 0xf7e14dc8)
condition = Operators.AND(condition, cpu.ESI == 0xf7e14940)
condition = Operators.AND(condition, cpu.ECX == 0xe)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_STOSD_5_symbolic(self):
''' Instruction STOSD_5
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14940)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14941)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14942)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14943)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14c94)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14c95)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14c96)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14c97)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x5b)
cpu.EIP = 0xf7fed5cc
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7e14c94)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7e14940)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e14940, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14941, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14942, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14943, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14c94, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14c95, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14c96, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14c97, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cc, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cd, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fed5cc)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.EDI == 0xf7e14c98)
condition = Operators.AND(condition, cpu.ESI == 0xf7e14940)
condition = Operators.AND(condition, cpu.ECX == 0x5a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_STOSD_6_symbolic(self):
''' Instruction STOSD_6
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14940)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14941)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14942)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14943)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14ce4)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14ce5)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14ce6)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14ce7)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x47)
cpu.EIP = 0xf7fed5cc
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7e14ce4)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7e14940)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e14940, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14941, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14942, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14943, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14ce4, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14ce5, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14ce6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14ce7, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cc, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cd, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fed5cc)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.EDI == 0xf7e14ce8)
condition = Operators.AND(condition, cpu.ESI == 0xf7e14940)
condition = Operators.AND(condition, cpu.ECX == 0x46)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_STOSD_7_symbolic(self):
''' Instruction STOSD_7
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14940)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14941)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14942)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14943)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14cd4)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14cd5)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14cd6)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14cd7)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x4b)
cpu.EIP = 0xf7fed5cc
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7e14cd4)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7e14940)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e14940, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14941, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14942, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14943, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14cd4, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14cd5, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14cd6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14cd7, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cc, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cd, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fed5cc)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.EDI == 0xf7e14cd8)
condition = Operators.AND(condition, cpu.ESI == 0xf7e14940)
condition = Operators.AND(condition, cpu.ECX == 0x4a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_STOSD_8_symbolic(self):
''' Instruction STOSD_8
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14ce0)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14ce1)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14ce2)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14ce3)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14941)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14940)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14943)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14942)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x48)
cpu.EIP = 0xf7fed5cc
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7e14ce0)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7e14940)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e14ce0, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14ce1, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14ce2, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14ce3, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14941, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14940, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14943, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cc, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cd, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14942, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fed5cc)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.EDI == 0xf7e14ce4)
condition = Operators.AND(condition, cpu.ESI == 0xf7e14940)
condition = Operators.AND(condition, cpu.ECX == 0x47)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_STOSD_9_symbolic(self):
''' Instruction STOSD_9
Groups:
0xf7fed5cc: rep stosd dword ptr es:[edi], eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e14000, 0x1000, 'rwx')
mem.mmap(0xf7fed000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14940)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14941)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14942)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14943)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14bb4)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14bb5)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14bb6)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7e14bb7)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fed5cc] = '\xf3'
mem[0xf7fed5cd] = '\xab'
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x93)
cpu.EIP = 0xf7fed5cc
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7e14bb4)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7e14940)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e14940, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14941, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14942, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14943, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14bb4, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14bb5, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14bb6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7e14bb7, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cc, 8)== ord('\xf3'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed5cd, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fed5cc)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.EDI == 0xf7e14bb8)
condition = Operators.AND(condition, cpu.ESI == 0xf7e14940)
condition = Operators.AND(condition, cpu.ECX == 0x92)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_STOSW_1_symbolic(self):
''' Instruction STOSW_1
Groups:
0x8065f65: stosw word ptr es:[edi], ax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0x0807f000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0x807f043)
value = cs.new_bitvec(8)
cs.add(value == 0xed)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0x807f044)
value = cs.new_bitvec(8)
cs.add(value == 0xed)
mem[addr] = value
mem[0x8065f65] = 'f'
mem[0x8065f66] = '\xab'
cpu.DF = cs.new_bool()
cs.add(cpu.DF == False)
cpu.EIP = 0x8065f65
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x807f043)
cpu.AX = cs.new_bitvec(16)
cs.add(cpu.AX == 0xffeb)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807f043, 8)== ord('\xeb'))
condition = Operators.AND(condition, cpu.read_int(0x807f044, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0x8065f65, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8065f66, 8)== ord('\xab'))
condition = Operators.AND(condition, cpu.EIP == 0x8065f67)
condition = Operators.AND(condition, cpu.EDI == 0x807f045)
condition = Operators.AND(condition, cpu.AX == 0xffeb)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SUB_1_symbolic(self):
''' Instruction SUB_1
Groups:
0xf7ff3ee0: sub edx, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ee0] = ')'
mem[0xf7ff3ee1] = '\xca'
cpu.EIP = 0xf7ff3ee0
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x67)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3ee0, 8)== ord(')'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3ee1, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3ee2)
condition = Operators.AND(condition, cpu.EDX == 0xffffff99)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.ECX == 0x67)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SUB_10_symbolic(self):
''' Instruction SUB_10
Groups:
0xf7ff3ee0: sub edx, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ee0] = ')'
mem[0xf7ff3ee1] = '\xca'
cpu.EIP = 0xf7ff3ee0
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x6362696c)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3ee0, 8)== ord(')'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3ee1, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3ee2)
condition = Operators.AND(condition, cpu.EDX == 0x9c9d9694)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.ECX == 0x6362696c)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SUB_11_symbolic(self):
''' Instruction SUB_11
Groups:
0x8065f3a: sub dword ptr [ebp], -1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x49)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0xfb)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0xf)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
mem[0x8065f3a] = '\x83'
mem[0x8065f3b] = 'm'
mem[0x8065f3c] = '\x00'
mem[0x8065f3d] = '\xff'
cpu.EIP = 0x8065f3a
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('J'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\xfb'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0x8065f3a, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0x8065f3b, 8)== ord('m'))
condition = Operators.AND(condition, cpu.read_int(0x8065f3c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8065f3d, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0x8065f3e)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SUB_12_symbolic(self):
''' Instruction SUB_12
Groups:
0xf7fe7300: sub esp, 0x14
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7300] = '\x83'
mem[0xf7fe7301] = '\xec'
mem[0xf7fe7302] = '\x14'
cpu.EIP = 0xf7fe7300
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd454)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7300, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7301, 8)== ord('\xec'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7302, 8)== ord('\x14'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7303)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.ESP == 0xffffd440)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SUB_13_symbolic(self):
''' Instruction SUB_13
Groups:
0xf7fe7300: sub esp, 0x14
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7300] = '\x83'
mem[0xf7fe7301] = '\xec'
mem[0xf7fe7302] = '\x14'
cpu.EIP = 0xf7fe7300
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd454)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7300, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7301, 8)== ord('\xec'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7302, 8)== ord('\x14'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7303)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.ESP == 0xffffd440)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SUB_14_symbolic(self):
''' Instruction SUB_14
Groups:
0xf7feae13: sub ebp, 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fea000, 0x1000, 'rwx')
mem[0xf7feae13] = '\x83'
mem[0xf7feae14] = '\xed'
mem[0xf7feae15] = '\x04'
cpu.EIP = 0xf7feae13
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0x8)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7feae13, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7feae14, 8)== ord('\xed'))
condition = Operators.AND(condition, cpu.read_int(0xf7feae15, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.EIP == 0xf7feae16)
condition = Operators.AND(condition, cpu.EBP == 0x4)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SUB_15_symbolic(self):
''' Instruction SUB_15
Groups:
0xf7fe7300: sub esp, 0x14
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7300] = '\x83'
mem[0xf7fe7301] = '\xec'
mem[0xf7fe7302] = '\x14'
cpu.EIP = 0xf7fe7300
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd454)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7300, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7301, 8)== ord('\xec'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7302, 8)== ord('\x14'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7303)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.ESP == 0xffffd440)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SUB_16_symbolic(self):
''' Instruction SUB_16
Groups:
0x8065f28: sub dword ptr [ebp], 4
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08065000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x4c)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x7c)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8065f28] = '\x83'
mem[0x8065f29] = 'm'
mem[0x8065f2a] = '\x00'
mem[0x8065f2b] = '\x04'
cpu.EIP = 0x8065f28
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('H'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('|'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8065f28, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0x8065f29, 8)== ord('m'))
condition = Operators.AND(condition, cpu.read_int(0x8065f2a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8065f2b, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.EIP == 0x8065f2c)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SUB_17_symbolic(self):
''' Instruction SUB_17
Groups:
0xf7fe4c88: sub esp, 0x2c
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4c88] = '\x83'
mem[0xf7fe4c89] = '\xec'
mem[0xf7fe4c8a] = ','
cpu.EIP = 0xf7fe4c88
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2dc)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4c88, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4c89, 8)== ord('\xec'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4c8a, 8)== ord(','))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4c8b)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2b0)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SUB_18_symbolic(self):
''' Instruction SUB_18
Groups:
0xf7fe4c88: sub esp, 0x2c
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4c88] = '\x83'
mem[0xf7fe4c89] = '\xec'
mem[0xf7fe4c8a] = ','
cpu.EIP = 0xf7fe4c88
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2dc)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4c88, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4c89, 8)== ord('\xec'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4c8a, 8)== ord(','))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4c8b)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2b0)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SUB_19_symbolic(self):
''' Instruction SUB_19
Groups:
0xf7eaa004: sub esp, 0x2c
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa004] = '\x83'
mem[0xf7eaa005] = '\xec'
mem[0xf7eaa006] = ','
cpu.EIP = 0xf7eaa004
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd5ac)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7eaa004, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa005, 8)== ord('\xec'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa006, 8)== ord(','))
condition = Operators.AND(condition, cpu.EIP == 0xf7eaa007)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.ESP == 0xffffd580)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SUB_2_symbolic(self):
''' Instruction SUB_2
Groups:
0xf7fe7300: sub esp, 0x14
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7300] = '\x83'
mem[0xf7fe7301] = '\xec'
mem[0xf7fe7302] = '\x14'
cpu.EIP = 0xf7fe7300
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd454)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7300, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7301, 8)== ord('\xec'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7302, 8)== ord('\x14'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7303)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.ESP == 0xffffd440)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SUB_20_symbolic(self):
''' Instruction SUB_20
Groups:
0xf7fe567b: sub esp, 0xac
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe5680] = '\x00'
mem[0xf7fe567b] = '\x81'
mem[0xf7fe567c] = '\xec'
mem[0xf7fe567d] = '\xac'
mem[0xf7fe567e] = '\x00'
mem[0xf7fe567f] = '\x00'
cpu.EIP = 0xf7fe567b
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd42c)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe5680, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe567b, 8)== ord('\x81'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe567c, 8)== ord('\xec'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe567d, 8)== ord('\xac'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe567e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe567f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe5681)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.ESP == 0xffffd380)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SUB_21_symbolic(self):
''' Instruction SUB_21
Groups:
0xf7ff0e38: sub edx, 3
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff0000, 0x1000, 'rwx')
mem[0xf7ff0e38] = '\x83'
mem[0xf7ff0e39] = '\xea'
mem[0xf7ff0e3a] = '\x03'
cpu.EIP = 0xf7ff0e38
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xe)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff0e38, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0e39, 8)== ord('\xea'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff0e3a, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff0e3b)
condition = Operators.AND(condition, cpu.EDX == 0xb)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SUB_3_symbolic(self):
''' Instruction SUB_3
Groups:
0xf7fe4e16: sub esp, 0x7c
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4e18] = '|'
mem[0xf7fe4e16] = '\x83'
mem[0xf7fe4e17] = '\xec'
cpu.EIP = 0xf7fe4e16
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd36c)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4e18, 8)== ord('|'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4e16, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4e17, 8)== ord('\xec'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4e19)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2f0)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SUB_4_symbolic(self):
''' Instruction SUB_4
Groups:
0xf7fe7437: sub eax, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7438] = '\xd0'
mem[0xf7fe7437] = ')'
cpu.EIP = 0xf7fe7437
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x10)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x4c)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7438, 8)== ord('\xd0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7437, 8)== ord(')'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7439)
condition = Operators.AND(condition, cpu.EAX == 0xffffffc4)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.EDX == 0x4c)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SUB_5_symbolic(self):
''' Instruction SUB_5
Groups:
0xf7fdccc9: sub esp, 0x20
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fdc000, 0x1000, 'rwx')
mem[0xf7fdccc9] = '\x83'
mem[0xf7fdccca] = '\xec'
mem[0xf7fdcccb] = ' '
cpu.EIP = 0xf7fdccc9
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd4f0)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fdccc9, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdccca, 8)== ord('\xec'))
condition = Operators.AND(condition, cpu.read_int(0xf7fdcccb, 8)== ord(' '))
condition = Operators.AND(condition, cpu.EIP == 0xf7fdcccc)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.ESP == 0xffffd4d0)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SUB_6_symbolic(self):
''' Instruction SUB_6
Groups:
0xf7fe7300: sub esp, 0x14
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7300] = '\x83'
mem[0xf7fe7301] = '\xec'
mem[0xf7fe7302] = '\x14'
cpu.EIP = 0xf7fe7300
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd454)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7300, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7301, 8)== ord('\xec'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7302, 8)== ord('\x14'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7303)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.ESP == 0xffffd440)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SUB_7_symbolic(self):
''' Instruction SUB_7
Groups:
0xf7eaa234: sub eax, 0xb9
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa238] = '\x00'
mem[0xf7eaa234] = '-'
mem[0xf7eaa235] = '\xb9'
mem[0xf7eaa236] = '\x00'
mem[0xf7eaa237] = '\x00'
cpu.EIP = 0xf7eaa234
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xbc)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7eaa238, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa234, 8)== ord('-'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa235, 8)== ord('\xb9'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa236, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa237, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7eaa239)
condition = Operators.AND(condition, cpu.EAX == 0x3)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SUB_8_symbolic(self):
''' Instruction SUB_8
Groups:
0xf7fe4e16: sub esp, 0x7c
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4e18] = '|'
mem[0xf7fe4e16] = '\x83'
mem[0xf7fe4e17] = '\xec'
cpu.EIP = 0xf7fe4e16
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd36c)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4e18, 8)== ord('|'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4e16, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4e17, 8)== ord('\xec'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4e19)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2f0)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_SUB_9_symbolic(self):
''' Instruction SUB_9
Groups:
0xf7ff1671: sub esp, 0x18
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff1000, 0x1000, 'rwx')
mem[0xf7ff1671] = '\x83'
mem[0xf7ff1672] = '\xec'
mem[0xf7ff1673] = '\x18'
cpu.EIP = 0xf7ff1671
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd3d8)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff1671, 8)== ord('\x83'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff1672, 8)== ord('\xec'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff1673, 8)== ord('\x18'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff1674)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.ESP == 0xffffd3c0)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_TEST_1_symbolic(self):
''' Instruction TEST_1
Groups:
0xf7fe4ec7: test byte ptr [esi + 0x195], 0x20
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fda000, 0x1000, 'rwx')
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4ec7] = '\xf6'
mem[0xf7fe4ec8] = '\x86'
mem[0xf7fe4ec9] = '\x95'
mem[0xf7fe4eca] = '\x01'
mem[0xf7fe4ecb] = '\x00'
mem[0xf7fe4ecc] = '\x00'
mem[0xf7fe4ecd] = ' '
addr = cs.new_bitvec(32)
cs.add(addr == 0xf7fda9ed)
value = cs.new_bitvec(8)
cs.add(value == 0x40)
mem[addr] = value
cpu.EIP = 0xf7fe4ec7
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7fda858)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4ec7, 8)== ord('\xf6'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4ec8, 8)== ord('\x86'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4ec9, 8)== ord('\x95'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4eca, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4ecb, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4ecc, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4ecd, 8)== ord(' '))
condition = Operators.AND(condition, cpu.read_int(0xf7fda9ed, 8)== ord('@'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4ece)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ESI == 0xf7fda858)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_TEST_10_symbolic(self):
''' Instruction TEST_10
Groups:
0xf7fe56af: test al, al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56b0] = '\xc0'
mem[0xf7fe56af] = '\x84'
cpu.EIP = 0xf7fe56af
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x5f)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe56b0, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56af, 8)== ord('\x84'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56b1)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.AL == 0x5f)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_TEST_11_symbolic(self):
''' Instruction TEST_11
Groups:
0xf7fe9ea0: test eax, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem[0xf7fe9ea0] = '\x85'
mem[0xf7fe9ea1] = '\xc0'
cpu.EIP = 0xf7fe9ea0
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x9)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe9ea0, 8)== ord('\x85'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9ea1, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe9ea2)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x9)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_TEST_12_symbolic(self):
''' Instruction TEST_12
Groups:
0xf7fe4eb3: test byte ptr [esp + 0x6c], 2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe4eb3] = '\xf6'
mem[0xf7fe4eb4] = 'D'
mem[0xf7fe4eb5] = '$'
mem[0xf7fe4eb6] = 'l'
mem[0xf7fe4eb7] = '\x02'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd35c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0xf7fe4eb3
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2f0)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4eb3, 8)== ord('\xf6'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4eb4, 8)== ord('D'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4eb5, 8)== ord('$'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4eb6, 8)== ord('l'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4eb7, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.read_int(0xffffd35c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4eb8)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2f0)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_TEST_13_symbolic(self):
''' Instruction TEST_13
Groups:
0xf7fe57d4: test edx, 0x804
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe57d4] = '\xf7'
mem[0xf7fe57d5] = '\xc2'
mem[0xf7fe57d6] = '\x04'
mem[0xf7fe57d7] = '\x08'
mem[0xf7fe57d8] = '\x00'
mem[0xf7fe57d9] = '\x00'
cpu.EIP = 0xf7fe57d4
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe57d4, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57d5, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57d6, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57d7, 8)== ord('\x08'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57d8, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57d9, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe57da)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_TEST_14_symbolic(self):
''' Instruction TEST_14
Groups:
0xf7fe56af: test al, al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56b0] = '\xc0'
mem[0xf7fe56af] = '\x84'
cpu.EIP = 0xf7fe56af
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x74)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe56b0, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56af, 8)== ord('\x84'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56b1)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.AL == 0x74)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_TEST_15_symbolic(self):
''' Instruction TEST_15
Groups:
0xf7ff3e70: test al, al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e70] = '\x84'
mem[0xf7ff3e71] = '\xc0'
cpu.EIP = 0xf7ff3e70
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x4f)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e70, 8)== ord('\x84'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e71, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e72)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.AL == 0x4f)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_TEST_16_symbolic(self):
''' Instruction TEST_16
Groups:
0xf7fe56f3: test eax, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56f3] = '\x85'
mem[0xf7fe56f4] = '\xc0'
cpu.EIP = 0xf7fe56f3
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7ffda94)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe56f3, 8)== ord('\x85'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56f4, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56f5)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0xf7ffda94)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_TEST_17_symbolic(self):
''' Instruction TEST_17
Groups:
0xf7fe722e: test edi, edi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe722e] = '\x85'
mem[0xf7fe722f] = '\xff'
cpu.EIP = 0xf7fe722e
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x6)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe722e, 8)== ord('\x85'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe722f, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7230)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.EDI == 0x6)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_TEST_18_symbolic(self):
''' Instruction TEST_18
Groups:
0xf7fe56af: test al, al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56b0] = '\xc0'
mem[0xf7fe56af] = '\x84'
cpu.EIP = 0xf7fe56af
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x63)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe56b0, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56af, 8)== ord('\x84'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56b1)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.AL == 0x63)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_TEST_19_symbolic(self):
''' Instruction TEST_19
Groups:
0xf7fe56af: test al, al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56b0] = '\xc0'
mem[0xf7fe56af] = '\x84'
cpu.EIP = 0xf7fe56af
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x0)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe56b0, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56af, 8)== ord('\x84'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56b1)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.AL == 0x0)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_TEST_2_symbolic(self):
''' Instruction TEST_2
Groups:
0xf7fe56af: test al, al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe56b0] = '\xc0'
mem[0xf7fe56af] = '\x84'
cpu.EIP = 0xf7fe56af
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x70)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe56b0, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe56af, 8)== ord('\x84'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe56b1)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.AL == 0x70)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_TEST_20_symbolic(self):
''' Instruction TEST_20
Groups:
0xf7fe4cfa: test eax, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cfa] = '\x85'
mem[0xf7fe4cfb] = '\xc0'
cpu.EIP = 0xf7fe4cfa
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7e281c2)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cfa, 8)== ord('\x85'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cfb, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4cfc)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0xf7e281c2)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_TEST_21_symbolic(self):
''' Instruction TEST_21
Groups:
0xf7fe4cfa: test eax, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4cfa] = '\x85'
mem[0xf7fe4cfb] = '\xc0'
cpu.EIP = 0xf7fe4cfa
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7e281c2)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cfa, 8)== ord('\x85'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4cfb, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4cfc)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0xf7e281c2)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_TEST_3_symbolic(self):
''' Instruction TEST_3
Groups:
0xf7fe9e98: test dword ptr [ebp - 0x20], eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe9000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe9e98] = '\x85'
mem[0xf7fe9e99] = 'E'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd478)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd479)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0xf7fe9e9a] = '\xe0'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd47b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd47a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0xf7fe9e98
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffd498)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xa)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffd478, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xffffd479, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9e98, 8)== ord('\x85'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9e99, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe9e9a, 8)== ord('\xe0'))
condition = Operators.AND(condition, cpu.read_int(0xffffd47b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffd47a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe9e9b)
condition = Operators.AND(condition, cpu.EBP == 0xffffd498)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EAX == 0xa)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_TEST_4_symbolic(self):
''' Instruction TEST_4
Groups:
0xf7ff3e70: test al, al
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e70] = '\x84'
mem[0xf7ff3e71] = '\xc0'
cpu.EIP = 0xf7ff3e70
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.AL = cs.new_bitvec(8)
cs.add(cpu.AL == 0x5f)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e70, 8)== ord('\x84'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e71, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e72)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.AL == 0x5f)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_TEST_5_symbolic(self):
''' Instruction TEST_5
Groups:
0xf7fe4eb3: test byte ptr [esp + 0x6c], 2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem.mmap(0xffffd000, 0x1000, 'rwx')
mem[0xf7fe4eb3] = '\xf6'
mem[0xf7fe4eb4] = 'D'
mem[0xf7fe4eb5] = '$'
mem[0xf7fe4eb6] = 'l'
mem[0xf7fe4eb7] = '\x02'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffd35c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0xf7fe4eb3
cpu.ESP = cs.new_bitvec(32)
cs.add(cpu.ESP == 0xffffd2f0)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4eb3, 8)== ord('\xf6'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4eb4, 8)== ord('D'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4eb5, 8)== ord('$'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4eb6, 8)== ord('l'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4eb7, 8)== ord('\x02'))
condition = Operators.AND(condition, cpu.read_int(0xffffd35c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4eb8)
condition = Operators.AND(condition, cpu.ESP == 0xffffd2f0)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_TEST_6_symbolic(self):
''' Instruction TEST_6
Groups:
0xf7fe4f58: test eax, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe4000, 0x1000, 'rwx')
mem[0xf7fe4f58] = '\x85'
mem[0xf7fe4f59] = '\xc0'
cpu.EIP = 0xf7fe4f58
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f58, 8)== ord('\x85'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe4f59, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe4f5a)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_TEST_7_symbolic(self):
''' Instruction TEST_7
Groups:
0xf7fe72b7: test eax, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72b8] = '\xc0'
mem[0xf7fe72b7] = '\x85'
cpu.EIP = 0xf7fe72b7
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xd696910)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe72b8, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72b7, 8)== ord('\x85'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe72b9)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0xd696910)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_TEST_8_symbolic(self):
''' Instruction TEST_8
Groups:
0xf7fe57d4: test edx, 0x804
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe57d4] = '\xf7'
mem[0xf7fe57d5] = '\xc2'
mem[0xf7fe57d6] = '\x04'
mem[0xf7fe57d7] = '\x08'
mem[0xf7fe57d8] = '\x00'
mem[0xf7fe57d9] = '\x00'
cpu.EIP = 0xf7fe57d4
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x0)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe57d4, 8)== ord('\xf7'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57d5, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57d6, 8)== ord('\x04'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57d7, 8)== ord('\x08'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57d8, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe57d9, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe57da)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_TEST_9_symbolic(self):
''' Instruction TEST_9
Groups:
0xf7fe72b7: test eax, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe72b8] = '\xc0'
mem[0xf7fe72b7] = '\x85'
cpu.EIP = 0xf7fe72b7
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xd696910)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe72b8, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe72b7, 8)== ord('\x85'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe72b9)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0xd696910)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_VMOVAPS_1_symbolic(self):
''' Instruction VMOVAPS_1
Groups: avx
0x80795a2: vmovaps xmmword ptr [ebp], xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x3)
mem[addr] = value
mem[0x80795a2] = '\xc5'
mem[0x80795a3] = '\xf8'
mem[0x80795a4] = ')'
mem[0x80795a5] = 'M'
mem[0x80795a6] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb608)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb609)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0x80795a2
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb608, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb609, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x80795a2, 8)== ord('\xc5'))
condition = Operators.AND(condition, cpu.read_int(0x80795a3, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0x80795a4, 8)== ord(')'))
condition = Operators.AND(condition, cpu.read_int(0x80795a6, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x80795a5, 8)== ord('M'))
condition = Operators.AND(condition, cpu.EIP == 0x80795a7)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_VMOVAPS_2_symbolic(self):
''' Instruction VMOVAPS_2
Groups: avx
0x807959d: vmovaps xmm0, xmmword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x80795a0] = 'E'
mem[0x80795a1] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x3)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb608)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb609)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
mem[0x807959d] = '\xc5'
mem[0x807959e] = '\xf8'
mem[0x807959f] = '('
cpu.EIP = 0x807959d
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb608, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb609, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x80795a1, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x80795a0, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x807959d, 8)== ord('\xc5'))
condition = Operators.AND(condition, cpu.read_int(0x807959e, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0x807959f, 8)== ord('('))
condition = Operators.AND(condition, cpu.EIP == 0x80795a2)
condition = Operators.AND(condition, cpu.XMM0 == 0x301)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_VMOVAPS_3_symbolic(self):
''' Instruction VMOVAPS_3
Groups: avx
0x8079599: vmovaps xmm0, xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079599] = '\xc5'
mem[0x807959a] = '\xf8'
mem[0x807959b] = '('
mem[0x807959c] = '\xc1'
cpu.EIP = 0x8079599
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079599, 8)== ord('\xc5'))
condition = Operators.AND(condition, cpu.read_int(0x807959a, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0x807959b, 8)== ord('('))
condition = Operators.AND(condition, cpu.read_int(0x807959c, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x807959d)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_VMOVDQA_1_symbolic(self):
''' Instruction VMOVDQA_1
Groups: avx
0x804d626: vmovdqa xmmword ptr [ebp], xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x804d626] = '\xc5'
mem[0x804d627] = '\xf9'
mem[0x804d628] = '\x7f'
mem[0x804d629] = 'M'
mem[0x804d62a] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb608)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb609)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0x804d626
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb608, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb609, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804d628, 8)== ord('\x7f'))
condition = Operators.AND(condition, cpu.read_int(0x804d629, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x804d626, 8)== ord('\xc5'))
condition = Operators.AND(condition, cpu.read_int(0x804d627, 8)== ord('\xf9'))
condition = Operators.AND(condition, cpu.read_int(0x804d62a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x804d62b)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_VMOVDQA_2_symbolic(self):
''' Instruction VMOVDQA_2
Groups: avx
0x804d621: vmovdqa xmm0, xmmword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x804d621] = '\xc5'
mem[0x804d622] = '\xf9'
mem[0x804d623] = 'o'
mem[0x804d624] = 'E'
mem[0x804d625] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb608)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb609)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0x804d621
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb608, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb609, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804d623, 8)== ord('o'))
condition = Operators.AND(condition, cpu.read_int(0x804d622, 8)== ord('\xf9'))
condition = Operators.AND(condition, cpu.read_int(0x804d621, 8)== ord('\xc5'))
condition = Operators.AND(condition, cpu.read_int(0x804d624, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x804d625, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x804d626)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_VMOVDQA_3_symbolic(self):
''' Instruction VMOVDQA_3
Groups: avx
0x804d61d: vmovdqa xmm0, xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x804d620] = '\xc1'
mem[0x804d61d] = '\xc5'
mem[0x804d61e] = '\xf9'
mem[0x804d61f] = 'o'
cpu.EIP = 0x804d61d
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804d620, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x804d61d, 8)== ord('\xc5'))
condition = Operators.AND(condition, cpu.read_int(0x804d61e, 8)== ord('\xf9'))
condition = Operators.AND(condition, cpu.read_int(0x804d61f, 8)== ord('o'))
condition = Operators.AND(condition, cpu.EIP == 0x804d621)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_VMOVDQU_1_symbolic(self):
''' Instruction VMOVDQU_1
Groups: avx
0x804d661: vmovdqu xmm0, xmmword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x804d661] = '\xc5'
mem[0x804d662] = '\xfa'
mem[0x804d663] = 'o'
mem[0x804d664] = 'E'
mem[0x804d665] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb608)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb609)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0x804d661
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb608, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb609, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804d663, 8)== ord('o'))
condition = Operators.AND(condition, cpu.read_int(0x804d662, 8)== ord('\xfa'))
condition = Operators.AND(condition, cpu.read_int(0x804d661, 8)== ord('\xc5'))
condition = Operators.AND(condition, cpu.read_int(0x804d664, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x804d665, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x804d666)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_VMOVDQU_2_symbolic(self):
''' Instruction VMOVDQU_2
Groups: avx
0x804d666: vmovdqu xmmword ptr [ebp], xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x804d666] = '\xc5'
mem[0x804d667] = '\xfa'
mem[0x804d668] = '\x7f'
mem[0x804d669] = 'M'
mem[0x804d66a] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb608)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb609)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0x804d666
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb608, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb609, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804d668, 8)== ord('\x7f'))
condition = Operators.AND(condition, cpu.read_int(0x804d666, 8)== ord('\xc5'))
condition = Operators.AND(condition, cpu.read_int(0x804d667, 8)== ord('\xfa'))
condition = Operators.AND(condition, cpu.read_int(0x804d669, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x804d66a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x804d66b)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_VMOVDQU_3_symbolic(self):
''' Instruction VMOVDQU_3
Groups: avx
0x804d65d: vmovdqu xmm0, xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x804d660] = '\xc1'
mem[0x804d65d] = '\xc5'
mem[0x804d65e] = '\xfa'
mem[0x804d65f] = 'o'
cpu.EIP = 0x804d65d
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804d660, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x804d65d, 8)== ord('\xc5'))
condition = Operators.AND(condition, cpu.read_int(0x804d65e, 8)== ord('\xfa'))
condition = Operators.AND(condition, cpu.read_int(0x804d65f, 8)== ord('o'))
condition = Operators.AND(condition, cpu.EIP == 0x804d661)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_VMOVD_1_symbolic(self):
''' Instruction VMOVD_1
Groups: avx
0x8059850: vmovd dword ptr [ebp], xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8059854] = '\x00'
mem[0x8059853] = 'M'
mem[0x8059851] = '\xf9'
mem[0x8059850] = '\xc5'
mem[0x8059852] = '~'
cpu.EIP = 0x8059850
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8059854, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8059853, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x8059851, 8)== ord('\xf9'))
condition = Operators.AND(condition, cpu.read_int(0x8059850, 8)== ord('\xc5'))
condition = Operators.AND(condition, cpu.read_int(0x8059852, 8)== ord('~'))
condition = Operators.AND(condition, cpu.EIP == 0x8059855)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_VMOVD_2_symbolic(self):
''' Instruction VMOVD_2
Groups: avx
0x8059843: vmovd ecx, xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x8059843] = '\xc5'
mem[0x8059844] = '\xf9'
mem[0x8059845] = '~'
mem[0x8059846] = '\xc9'
cpu.EIP = 0x8059843
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xffffffff)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8059843, 8)== ord('\xc5'))
condition = Operators.AND(condition, cpu.read_int(0x8059844, 8)== ord('\xf9'))
condition = Operators.AND(condition, cpu.read_int(0x8059845, 8)== ord('~'))
condition = Operators.AND(condition, cpu.read_int(0x8059846, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.EIP == 0x8059847)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_VMOVD_3_symbolic(self):
''' Instruction VMOVD_3
Groups: avx
0x8059847: vmovd xmm0, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x8059848] = '\xf9'
mem[0x8059849] = 'n'
mem[0x805984a] = '\xc2'
mem[0x8059847] = '\xc5'
cpu.EIP = 0x8059847
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0xffffffff)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xffffc606)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8059848, 8)== ord('\xf9'))
condition = Operators.AND(condition, cpu.read_int(0x8059849, 8)== ord('n'))
condition = Operators.AND(condition, cpu.read_int(0x805984a, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.read_int(0x8059847, 8)== ord('\xc5'))
condition = Operators.AND(condition, cpu.EIP == 0x805984b)
condition = Operators.AND(condition, cpu.XMM0 == 0xffffc606)
condition = Operators.AND(condition, cpu.EDX == 0xffffc606)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_VMOVD_4_symbolic(self):
''' Instruction VMOVD_4
Groups: avx
0x805984b: vmovd xmm0, dword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x805984b] = '\xc5'
mem[0x805984c] = '\xf9'
mem[0x805984d] = 'n'
mem[0x805984e] = 'E'
mem[0x805984f] = '\x00'
cpu.EIP = 0x805984b
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0xffffc606)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805984b, 8)== ord('\xc5'))
condition = Operators.AND(condition, cpu.read_int(0x805984c, 8)== ord('\xf9'))
condition = Operators.AND(condition, cpu.read_int(0x805984d, 8)== ord('n'))
condition = Operators.AND(condition, cpu.read_int(0x805984e, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x805984f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8059850)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_VMOVQ_1_symbolic(self):
''' Instruction VMOVQ_1
Groups: avx
0x805667c: vmovq xmm0, xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08056000, 0x1000, 'rwx')
mem[0x805667c] = '\xc5'
mem[0x805667d] = '\xfa'
mem[0x805667e] = '~'
mem[0x805667f] = '\xc1'
cpu.EIP = 0x805667c
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0xffffffff0000000000000000)
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805667c, 8)== ord('\xc5'))
condition = Operators.AND(condition, cpu.read_int(0x805667d, 8)== ord('\xfa'))
condition = Operators.AND(condition, cpu.read_int(0x805667e, 8)== ord('~'))
condition = Operators.AND(condition, cpu.read_int(0x805667f, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x8056680)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_VMOVQ_2_symbolic(self):
''' Instruction VMOVQ_2
Groups: avx
0x8056680: vmovq xmm0, qword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08056000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x8056680] = '\xc5'
mem[0x8056681] = '\xfa'
mem[0x8056682] = '~'
mem[0x8056683] = 'E'
mem[0x8056684] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
cpu.EIP = 0x8056680
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8056680, 8)== ord('\xc5'))
condition = Operators.AND(condition, cpu.read_int(0x8056681, 8)== ord('\xfa'))
condition = Operators.AND(condition, cpu.read_int(0x8056682, 8)== ord('~'))
condition = Operators.AND(condition, cpu.read_int(0x8056683, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x8056684, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\xff'))
condition = Operators.AND(condition, cpu.EIP == 0x8056685)
condition = Operators.AND(condition, cpu.XMM0 == 0xffffffff)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_VMOVQ_3_symbolic(self):
''' Instruction VMOVQ_3
Groups: avx
0x8056685: vmovq qword ptr [ebp], xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08056000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0xff)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8056685] = '\xc5'
mem[0x8056686] = '\xf9'
mem[0x8056687] = '\xd6'
mem[0x8056688] = 'M'
mem[0x8056689] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0x8056685
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8056685, 8)== ord('\xc5'))
condition = Operators.AND(condition, cpu.read_int(0x8056686, 8)== ord('\xf9'))
condition = Operators.AND(condition, cpu.read_int(0x8056687, 8)== ord('\xd6'))
condition = Operators.AND(condition, cpu.read_int(0x8056688, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x8056689, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x805668a)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_VMOVUPS_1_symbolic(self):
''' Instruction VMOVUPS_1
Groups: avx
0x8079442: vmovups xmm0, xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079442] = '\xc5'
mem[0x8079443] = '\xf8'
mem[0x8079444] = '\x10'
mem[0x8079445] = '\xc1'
cpu.EIP = 0x8079442
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x80f1fc00ffff80fe)
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079442, 8)== ord('\xc5'))
condition = Operators.AND(condition, cpu.read_int(0x8079443, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0x8079444, 8)== ord('\x10'))
condition = Operators.AND(condition, cpu.read_int(0x8079445, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x8079446)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_VMOVUPS_2_symbolic(self):
''' Instruction VMOVUPS_2
Groups: avx
0x8079446: vmovups xmm0, xmmword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8079446] = '\xc5'
mem[0x8079447] = '\xf8'
mem[0x8079448] = '\x10'
mem[0x8079449] = 'E'
mem[0x807944a] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb608)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb609)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0x8079446
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8079446, 8)== ord('\xc5'))
condition = Operators.AND(condition, cpu.read_int(0x8079447, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0x8079448, 8)== ord('\x10'))
condition = Operators.AND(condition, cpu.read_int(0x8079449, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x807944a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb608, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb609, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x807944b)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_VMOVUPS_3_symbolic(self):
''' Instruction VMOVUPS_3
Groups: avx
0x807944b: vmovups xmmword ptr [ebp], xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb608)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb609)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x807944b] = '\xc5'
mem[0x807944c] = '\xf8'
mem[0x807944d] = '\x11'
mem[0x807944e] = 'M'
mem[0x807944f] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0x807944b
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb608, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb609, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x807944b, 8)== ord('\xc5'))
condition = Operators.AND(condition, cpu.read_int(0x807944c, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0x807944d, 8)== ord('\x11'))
condition = Operators.AND(condition, cpu.read_int(0x807944e, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x807944f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8079450)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_VPSHUFB_1_symbolic(self):
''' Instruction VPSHUFB_1
Groups: avx
0x804d5bb: vpshufb xmm0, xmm1, xmm2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0804d000, 0x1000, 'rwx')
mem[0x804d5bb] = '\xc4'
mem[0x804d5bc] = '\xe2'
mem[0x804d5bd] = 'q'
mem[0x804d5be] = '\x00'
mem[0x804d5bf] = '\xc2'
cpu.XMM2 = cs.new_bitvec(128)
cs.add(cpu.XMM2 == 0x0)
cpu.EIP = 0x804d5bb
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x804d5bb, 8)== ord('\xc4'))
condition = Operators.AND(condition, cpu.read_int(0x804d5bc, 8)== ord('\xe2'))
condition = Operators.AND(condition, cpu.read_int(0x804d5bd, 8)== ord('q'))
condition = Operators.AND(condition, cpu.read_int(0x804d5be, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x804d5bf, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.XMM2 == 0x0)
condition = Operators.AND(condition, cpu.EIP == 0x804d5c0)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_VPTEST_1_symbolic(self):
''' Instruction VPTEST_1
Groups: avx
0x8079371: vptest xmm0, xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x8079371] = '\xc4'
mem[0x8079372] = '\xe2'
mem[0x8079373] = 'y'
mem[0x8079374] = '\x17'
mem[0x8079375] = '\xc1'
cpu.EIP = 0x8079371
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x80f1fc0000000101)
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8079371, 8)== ord('\xc4'))
condition = Operators.AND(condition, cpu.read_int(0x8079372, 8)== ord('\xe2'))
condition = Operators.AND(condition, cpu.read_int(0x8079373, 8)== ord('y'))
condition = Operators.AND(condition, cpu.read_int(0x8079374, 8)== ord('\x17'))
condition = Operators.AND(condition, cpu.read_int(0x8079375, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x8079376)
condition = Operators.AND(condition, cpu.XMM0 == 0x80f1fc0000000101)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_VPTEST_2_symbolic(self):
''' Instruction VPTEST_2
Groups: avx
0x8079376: vptest xmm0, xmmword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0xfc)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0xf1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x80)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb608)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb609)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8079376] = '\xc4'
mem[0x8079377] = '\xe2'
mem[0x8079378] = 'y'
mem[0x8079379] = '\x17'
mem[0x807937a] = 'E'
mem[0x807937b] = '\x00'
cpu.EIP = 0x8079376
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x80f1fc0000000101)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\xfc'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\xf1'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x80'))
condition = Operators.AND(condition, cpu.read_int(0xffffb608, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb609, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8079376, 8)== ord('\xc4'))
condition = Operators.AND(condition, cpu.read_int(0x8079377, 8)== ord('\xe2'))
condition = Operators.AND(condition, cpu.read_int(0x8079378, 8)== ord('y'))
condition = Operators.AND(condition, cpu.read_int(0x8079379, 8)== ord('\x17'))
condition = Operators.AND(condition, cpu.read_int(0x807937a, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x807937b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x807937c)
condition = Operators.AND(condition, cpu.XMM0 == 0x80f1fc0000000101)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_VPXOR_1_symbolic(self):
''' Instruction VPXOR_1
Groups: avx
0x807949b: vpxor xmm0, xmm1, xmm2
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x807949b] = '\xc5'
mem[0x807949c] = '\xf1'
mem[0x807949d] = '\xef'
mem[0x807949e] = '\xc2'
cpu.XMM2 = cs.new_bitvec(128)
cs.add(cpu.XMM2 == 0x0)
cpu.EIP = 0x807949b
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807949b, 8)== ord('\xc5'))
condition = Operators.AND(condition, cpu.read_int(0x807949c, 8)== ord('\xf1'))
condition = Operators.AND(condition, cpu.read_int(0x807949d, 8)== ord('\xef'))
condition = Operators.AND(condition, cpu.read_int(0x807949e, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.XMM2 == 0x0)
condition = Operators.AND(condition, cpu.EIP == 0x807949f)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_VZEROUPPER_1_symbolic(self):
''' Instruction VZEROUPPER_1
Groups: avx
0x807936d: vzeroupper
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08079000, 0x1000, 'rwx')
mem[0x807936d] = '\xc5'
mem[0x807936e] = '\xf8'
mem[0x807936f] = 'w'
cpu.EIP = 0x807936d
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x807936d, 8)== ord('\xc5'))
condition = Operators.AND(condition, cpu.read_int(0x807936e, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0x807936f, 8)== ord('w'))
condition = Operators.AND(condition, cpu.EIP == 0x8079370)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XADD_1_symbolic(self):
''' Instruction XADD_1
Groups:
0x805987c: xadd byte ptr [ebp], dl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0xfc)
mem[addr] = value
mem[0x805987c] = '\x0f'
mem[0x805987d] = '\xc0'
mem[0x805987e] = 'U'
mem[0x805987f] = '\x00'
cpu.EIP = 0x805987c
cpu.DL = cs.new_bitvec(8)
cs.add(cpu.DL == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\xfc'))
condition = Operators.AND(condition, cpu.read_int(0x805987c, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x805987d, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0x805987e, 8)== ord('U'))
condition = Operators.AND(condition, cpu.read_int(0x805987f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8059880)
condition = Operators.AND(condition, cpu.DL == 0xfc)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XADD_2_symbolic(self):
''' Instruction XADD_2
Groups:
0x8059885: xadd dword ptr [ebp], edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0xf8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0xc8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x8059885] = '\x0f'
mem[0x8059886] = '\xc1'
mem[0x8059887] = 'U'
mem[0x8059888] = '\x00'
cpu.EIP = 0x8059885
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xfc)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\xf4'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x8059885, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8059886, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x8059887, 8)== ord('U'))
condition = Operators.AND(condition, cpu.read_int(0x8059888, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x8059889)
condition = Operators.AND(condition, cpu.EDX == 0xc8f8)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XADD_3_symbolic(self):
''' Instruction XADD_3
Groups:
0x8059875: xadd cx, dx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x8059878] = '\xd1'
mem[0x8059875] = 'f'
mem[0x8059876] = '\x0f'
mem[0x8059877] = '\xc1'
cpu.EIP = 0x8059875
cpu.CX = cs.new_bitvec(16)
cs.add(cpu.CX == 0x3)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.DX = cs.new_bitvec(16)
cs.add(cpu.DX == 0xc6fd)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8059878, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.read_int(0x8059875, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8059876, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8059877, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x8059879)
condition = Operators.AND(condition, cpu.CX == 0xc700)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.DX == 0x3)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XADD_4_symbolic(self):
''' Instruction XADD_4
Groups:
0x8059880: xadd word ptr [ebp], dx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
mem[0x8059880] = 'f'
mem[0x8059881] = '\x0f'
mem[0x8059882] = '\xc1'
mem[0x8059883] = 'U'
mem[0x8059884] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0xfc)
mem[addr] = value
cpu.EIP = 0x8059880
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.DX = cs.new_bitvec(16)
cs.add(cpu.DX == 0xc7fc)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8059880, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x8059881, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8059882, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x8059883, 8)== ord('U'))
condition = Operators.AND(condition, cpu.read_int(0x8059884, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\xc8'))
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.EIP == 0x8059885)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.DX == 0xfc)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XADD_5_symbolic(self):
''' Instruction XADD_5
Groups:
0x8059872: xadd cl, dl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x8059872] = '\x0f'
mem[0x8059873] = '\xc0'
mem[0x8059874] = '\xd1'
cpu.EIP = 0x8059872
cpu.DL = cs.new_bitvec(8)
cs.add(cpu.DL == 0x6)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == False)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0xfd)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8059872, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8059873, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.read_int(0x8059874, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.EIP == 0x8059875)
condition = Operators.AND(condition, cpu.DL == 0xfd)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == True)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CL == 0x3)
condition = Operators.AND(condition, cpu.CF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XADD_6_symbolic(self):
''' Instruction XADD_6
Groups:
0x8059879: xadd ecx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08059000, 0x1000, 'rwx')
mem[0x8059879] = '\x0f'
mem[0x805987a] = '\xc1'
mem[0x805987b] = '\xd1'
cpu.EIP = 0x8059879
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xffff0003)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.AF = cs.new_bool()
cs.add(cpu.AF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xc700)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8059879, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x805987a, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.read_int(0x805987b, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.EIP == 0x805987c)
condition = Operators.AND(condition, cpu.EDX == 0xc700)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.AF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.ECX == 0xffffc703)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XCHG_1_symbolic(self):
''' Instruction XCHG_1
Groups:
0x805b983: xchg cl, dl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x805b983] = '\x86'
mem[0x805b984] = '\xd1'
cpu.EIP = 0x805b983
cpu.DL = cs.new_bitvec(8)
cs.add(cpu.DL == 0xf8)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0xc)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805b983, 8)== ord('\x86'))
condition = Operators.AND(condition, cpu.read_int(0x805b984, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.EIP == 0x805b985)
condition = Operators.AND(condition, cpu.DL == 0xc)
condition = Operators.AND(condition, cpu.CL == 0xf8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XCHG_10_symbolic(self):
''' Instruction XCHG_10
Groups:
0xf7eaa1dc: xchg edi, ebx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa1dc] = '\x87'
mem[0xf7eaa1dd] = '\xdf'
cpu.EIP = 0xf7eaa1dc
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x1)
cpu.EBX = cs.new_bitvec(32)
cs.add(cpu.EBX == 0xf7fc0000)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7eaa1dc, 8)== ord('\x87'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa1dd, 8)== ord('\xdf'))
condition = Operators.AND(condition, cpu.EIP == 0xf7eaa1de)
condition = Operators.AND(condition, cpu.EDI == 0xf7fc0000)
condition = Operators.AND(condition, cpu.EBX == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XCHG_11_symbolic(self):
''' Instruction XCHG_11
Groups:
0x805b98f: xchg ecx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem[0x805b990] = '\xd1'
mem[0x805b98f] = '\x87'
cpu.EIP = 0x805b98f
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xec)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x3f8)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x805b990, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.read_int(0x805b98f, 8)== ord('\x87'))
condition = Operators.AND(condition, cpu.EIP == 0x805b991)
condition = Operators.AND(condition, cpu.EDX == 0x3f8)
condition = Operators.AND(condition, cpu.ECX == 0xec)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XCHG_12_symbolic(self):
''' Instruction XCHG_12
Groups:
0xf7e2e752: xchg esi, ebx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e2e000, 0x1000, 'rwx')
mem[0xf7e2e752] = '\x87'
mem[0xf7e2e753] = '\xde'
cpu.EIP = 0xf7e2e752
cpu.EBX = cs.new_bitvec(32)
cs.add(cpu.EBX == 0xf7fc0000)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0x1c0003f)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e2e752, 8)== ord('\x87'))
condition = Operators.AND(condition, cpu.read_int(0xf7e2e753, 8)== ord('\xde'))
condition = Operators.AND(condition, cpu.EIP == 0xf7e2e754)
condition = Operators.AND(condition, cpu.EBX == 0x1c0003f)
condition = Operators.AND(condition, cpu.ESI == 0xf7fc0000)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XCHG_13_symbolic(self):
''' Instruction XCHG_13
Groups:
0xf7e2ee82: xchg ebp, ebx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e2e000, 0x1000, 'rwx')
mem[0xf7e2ee82] = '\x87'
mem[0xf7e2ee83] = '\xdd'
cpu.EIP = 0xf7e2ee82
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xf7fc0000)
cpu.EBX = cs.new_bitvec(32)
cs.add(cpu.EBX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e2ee82, 8)== ord('\x87'))
condition = Operators.AND(condition, cpu.read_int(0xf7e2ee83, 8)== ord('\xdd'))
condition = Operators.AND(condition, cpu.EIP == 0xf7e2ee84)
condition = Operators.AND(condition, cpu.EBP == 0x0)
condition = Operators.AND(condition, cpu.EBX == 0xf7fc0000)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XCHG_14_symbolic(self):
''' Instruction XCHG_14
Groups:
0x805b991: xchg dword ptr [ebp], ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0xc)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0xc8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0x3)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x78)
mem[addr] = value
mem[0x805b991] = '\x87'
mem[0x805b992] = 'M'
mem[0x805b993] = '\x00'
cpu.EIP = 0x805b991
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xec)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\xec'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0x805b991, 8)== ord('\x87'))
condition = Operators.AND(condition, cpu.read_int(0x805b992, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x805b993, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x805b994)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.ECX == 0x7803c80c)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XCHG_15_symbolic(self):
''' Instruction XCHG_15
Groups:
0xf7ff36f4: xchg ebx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff36f4] = '\x87'
mem[0xf7ff36f5] = '\xd3'
cpu.EIP = 0xf7ff36f4
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x3)
cpu.EBX = cs.new_bitvec(32)
cs.add(cpu.EBX == 0xf7ffd000)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff36f4, 8)== ord('\x87'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff36f5, 8)== ord('\xd3'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff36f6)
condition = Operators.AND(condition, cpu.EDX == 0xf7ffd000)
condition = Operators.AND(condition, cpu.EBX == 0x3)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XCHG_16_symbolic(self):
''' Instruction XCHG_16
Groups:
0x805b997: xchg word ptr [ebp], dx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0xf8)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
mem[0x805b997] = 'f'
mem[0x805b998] = '\x87'
mem[0x805b999] = 'U'
mem[0x805b99a] = '\x00'
cpu.EIP = 0x805b997
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.DX = cs.new_bitvec(16)
cs.add(cpu.DX == 0x3ec)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\xec'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x03'))
condition = Operators.AND(condition, cpu.read_int(0x805b997, 8)== ord('f'))
condition = Operators.AND(condition, cpu.read_int(0x805b998, 8)== ord('\x87'))
condition = Operators.AND(condition, cpu.read_int(0x805b999, 8)== ord('U'))
condition = Operators.AND(condition, cpu.read_int(0x805b99a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x805b99b)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.DX == 0xf8)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XCHG_17_symbolic(self):
''' Instruction XCHG_17
Groups:
0x805b985: xchg byte ptr [ebp], cl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x0805b000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0xec)
mem[addr] = value
mem[0x805b985] = '\x86'
mem[0x805b986] = 'M'
mem[0x805b987] = '\x00'
cpu.EIP = 0x805b985
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0xf8)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\xf8'))
condition = Operators.AND(condition, cpu.read_int(0x805b985, 8)== ord('\x86'))
condition = Operators.AND(condition, cpu.read_int(0x805b986, 8)== ord('M'))
condition = Operators.AND(condition, cpu.read_int(0x805b987, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x805b988)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
condition = Operators.AND(condition, cpu.CL == 0xec)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XCHG_18_symbolic(self):
''' Instruction XCHG_18
Groups:
0xf7e2e756: xchg esi, ebx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e2e000, 0x1000, 'rwx')
mem[0xf7e2e756] = '\x87'
mem[0xf7e2e757] = '\xde'
cpu.EIP = 0xf7e2e756
cpu.EBX = cs.new_bitvec(32)
cs.add(cpu.EBX == 0x1c0003f)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7fc0000)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e2e756, 8)== ord('\x87'))
condition = Operators.AND(condition, cpu.read_int(0xf7e2e757, 8)== ord('\xde'))
condition = Operators.AND(condition, cpu.EIP == 0xf7e2e758)
condition = Operators.AND(condition, cpu.EBX == 0xf7fc0000)
condition = Operators.AND(condition, cpu.ESI == 0x1c0003f)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XCHG_19_symbolic(self):
''' Instruction XCHG_19
Groups: not64bitmode
0xf7ff454e: xchg eax, edi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff454e] = '\x97'
cpu.EIP = 0xf7ff454e
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7e148fc)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7e14014)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff454e, 8)== ord('\x97'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff454f)
condition = Operators.AND(condition, cpu.EDI == 0xf7e14014)
condition = Operators.AND(condition, cpu.EAX == 0xf7e148fc)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XCHG_2_symbolic(self):
''' Instruction XCHG_2
Groups:
0xf7eaa3c0: xchg ebp, ebx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa3c0] = '\x87'
mem[0xf7eaa3c1] = '\xdd'
cpu.EIP = 0xf7eaa3c0
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0x1)
cpu.EBX = cs.new_bitvec(32)
cs.add(cpu.EBX == 0xf7fc0000)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7eaa3c0, 8)== ord('\x87'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa3c1, 8)== ord('\xdd'))
condition = Operators.AND(condition, cpu.EIP == 0xf7eaa3c2)
condition = Operators.AND(condition, cpu.EBP == 0xf7fc0000)
condition = Operators.AND(condition, cpu.EBX == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XCHG_20_symbolic(self):
''' Instruction XCHG_20
Groups:
0xf7eaa19a: xchg ebp, ebx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa19a] = '\x87'
mem[0xf7eaa19b] = '\xdd'
cpu.EIP = 0xf7eaa19a
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xc2)
cpu.EBX = cs.new_bitvec(32)
cs.add(cpu.EBX == 0xf7fc0000)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7eaa19a, 8)== ord('\x87'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa19b, 8)== ord('\xdd'))
condition = Operators.AND(condition, cpu.EIP == 0xf7eaa19c)
condition = Operators.AND(condition, cpu.EBP == 0xf7fc0000)
condition = Operators.AND(condition, cpu.EBX == 0xc2)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XCHG_21_symbolic(self):
''' Instruction XCHG_21
Groups: not64bitmode
0xf7ff454e: xchg eax, edi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff454e] = '\x97'
cpu.EIP = 0xf7ff454e
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7fdaaee)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7fdaad0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff454e, 8)== ord('\x97'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff454f)
condition = Operators.AND(condition, cpu.EDI == 0xf7fdaad0)
condition = Operators.AND(condition, cpu.EAX == 0xf7fdaaee)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XCHG_3_symbolic(self):
''' Instruction XCHG_3
Groups: not64bitmode
0xf7ff454e: xchg eax, edi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff454e] = '\x97'
cpu.EIP = 0xf7ff454e
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7ffdf43)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xffffd410)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff454e, 8)== ord('\x97'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff454f)
condition = Operators.AND(condition, cpu.EDI == 0xffffd410)
condition = Operators.AND(condition, cpu.EAX == 0xf7ffdf43)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XCHG_4_symbolic(self):
''' Instruction XCHG_4
Groups:
0xf7ff36fd: xchg ebx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff36fd] = '\x87'
mem[0xf7ff36fe] = '\xd3'
cpu.EIP = 0xf7ff36fd
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf7ffd000)
cpu.EBX = cs.new_bitvec(32)
cs.add(cpu.EBX == 0x3)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff36fd, 8)== ord('\x87'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff36fe, 8)== ord('\xd3'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff36ff)
condition = Operators.AND(condition, cpu.EDX == 0x3)
condition = Operators.AND(condition, cpu.EBX == 0xf7ffd000)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XCHG_5_symbolic(self):
''' Instruction XCHG_5
Groups:
0xf7e2e752: xchg esi, ebx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e2e000, 0x1000, 'rwx')
mem[0xf7e2e752] = '\x87'
mem[0xf7e2e753] = '\xde'
cpu.EIP = 0xf7e2e752
cpu.EBX = cs.new_bitvec(32)
cs.add(cpu.EBX == 0xf7fc0000)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0x1c0003f)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e2e752, 8)== ord('\x87'))
condition = Operators.AND(condition, cpu.read_int(0xf7e2e753, 8)== ord('\xde'))
condition = Operators.AND(condition, cpu.EIP == 0xf7e2e754)
condition = Operators.AND(condition, cpu.EBX == 0x1c0003f)
condition = Operators.AND(condition, cpu.ESI == 0xf7fc0000)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XCHG_6_symbolic(self):
''' Instruction XCHG_6
Groups:
0xf7eaa1dc: xchg edi, ebx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa1dc] = '\x87'
mem[0xf7eaa1dd] = '\xdf'
cpu.EIP = 0xf7eaa1dc
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x0)
cpu.EBX = cs.new_bitvec(32)
cs.add(cpu.EBX == 0xf7fc0000)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7eaa1dc, 8)== ord('\x87'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa1dd, 8)== ord('\xdf'))
condition = Operators.AND(condition, cpu.EIP == 0xf7eaa1de)
condition = Operators.AND(condition, cpu.EDI == 0xf7fc0000)
condition = Operators.AND(condition, cpu.EBX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XCHG_7_symbolic(self):
''' Instruction XCHG_7
Groups:
0xf7eaa1dc: xchg edi, ebx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa1dc] = '\x87'
mem[0xf7eaa1dd] = '\xdf'
cpu.EIP = 0xf7eaa1dc
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x1)
cpu.EBX = cs.new_bitvec(32)
cs.add(cpu.EBX == 0xf7fc0000)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7eaa1dc, 8)== ord('\x87'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa1dd, 8)== ord('\xdf'))
condition = Operators.AND(condition, cpu.EIP == 0xf7eaa1de)
condition = Operators.AND(condition, cpu.EDI == 0xf7fc0000)
condition = Operators.AND(condition, cpu.EBX == 0x1)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XCHG_8_symbolic(self):
''' Instruction XCHG_8
Groups:
0xf7eaa1e0: xchg edi, ebx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa1e0] = '\x87'
mem[0xf7eaa1e1] = '\xdf'
cpu.EIP = 0xf7eaa1e0
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7fc0000)
cpu.EBX = cs.new_bitvec(32)
cs.add(cpu.EBX == 0x1c0003f)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7eaa1e0, 8)== ord('\x87'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa1e1, 8)== ord('\xdf'))
condition = Operators.AND(condition, cpu.EIP == 0xf7eaa1e2)
condition = Operators.AND(condition, cpu.EDI == 0x1c0003f)
condition = Operators.AND(condition, cpu.EBX == 0xf7fc0000)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XCHG_9_symbolic(self):
''' Instruction XCHG_9
Groups: not64bitmode
0xf7ff454e: xchg eax, edi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff454e] = '\x97'
cpu.EIP = 0xf7ff454e
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0xf7ffdf5a)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7ff5e9a)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff454e, 8)== ord('\x97'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff454f)
condition = Operators.AND(condition, cpu.EDI == 0xf7ff5e9a)
condition = Operators.AND(condition, cpu.EAX == 0xf7ffdf5a)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XORPS_1_symbolic(self):
''' Instruction XORPS_1
Groups: sse1
0x8070288: xorps xmm0, xmmword ptr [ebp]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem.mmap(0xffffb000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb600)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb601)
value = cs.new_bitvec(8)
cs.add(value == 0x85)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb602)
value = cs.new_bitvec(8)
cs.add(value == 0xe1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb603)
value = cs.new_bitvec(8)
cs.add(value == 0x1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb604)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb605)
value = cs.new_bitvec(8)
cs.add(value == 0xfc)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb606)
value = cs.new_bitvec(8)
cs.add(value == 0xf1)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb607)
value = cs.new_bitvec(8)
cs.add(value == 0x80)
mem[addr] = value
mem[0x8070288] = '\x0f'
mem[0x8070289] = 'W'
mem[0x807028a] = 'E'
mem[0x807028b] = '\x00'
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60c)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60d)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60b)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60f)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb608)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60e)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb609)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
addr = cs.new_bitvec(32)
cs.add(addr == 0xffffb60a)
value = cs.new_bitvec(8)
cs.add(value == 0x0)
mem[addr] = value
cpu.EIP = 0x8070288
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.EBP = cs.new_bitvec(32)
cs.add(cpu.EBP == 0xffffb600)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xffffb600, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xffffb601, 8)== ord('\x85'))
condition = Operators.AND(condition, cpu.read_int(0xffffb602, 8)== ord('\xe1'))
condition = Operators.AND(condition, cpu.read_int(0xffffb603, 8)== ord('\x01'))
condition = Operators.AND(condition, cpu.read_int(0xffffb604, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb605, 8)== ord('\xfc'))
condition = Operators.AND(condition, cpu.read_int(0xffffb606, 8)== ord('\xf1'))
condition = Operators.AND(condition, cpu.read_int(0xffffb607, 8)== ord('\x80'))
condition = Operators.AND(condition, cpu.read_int(0x8070288, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8070289, 8)== ord('W'))
condition = Operators.AND(condition, cpu.read_int(0x807028a, 8)== ord('E'))
condition = Operators.AND(condition, cpu.read_int(0x807028b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60c, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60d, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60e, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60f, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb608, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb609, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60a, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.read_int(0xffffb60b, 8)== ord('\x00'))
condition = Operators.AND(condition, cpu.EIP == 0x807028c)
condition = Operators.AND(condition, cpu.XMM0 == 0x80f1fc0001e18501)
condition = Operators.AND(condition, cpu.EBP == 0xffffb600)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XORPS_2_symbolic(self):
''' Instruction XORPS_2
Groups: sse1
0x8070285: xorps xmm0, xmm1
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08070000, 0x1000, 'rwx')
mem[0x8070285] = '\x0f'
mem[0x8070286] = 'W'
mem[0x8070287] = '\xc1'
cpu.EIP = 0x8070285
cpu.XMM0 = cs.new_bitvec(128)
cs.add(cpu.XMM0 == 0x0)
cpu.XMM1 = cs.new_bitvec(128)
cs.add(cpu.XMM1 == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x8070285, 8)== ord('\x0f'))
condition = Operators.AND(condition, cpu.read_int(0x8070286, 8)== ord('W'))
condition = Operators.AND(condition, cpu.read_int(0x8070287, 8)== ord('\xc1'))
condition = Operators.AND(condition, cpu.EIP == 0x8070288)
condition = Operators.AND(condition, cpu.XMM0 == 0x0)
condition = Operators.AND(condition, cpu.XMM1 == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XOR_1_symbolic(self):
''' Instruction XOR_1
Groups:
0xf7e901e6: xor edx, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e90000, 0x1000, 'rwx')
mem[0xf7e901e6] = '1'
mem[0xf7e901e7] = '\xca'
cpu.EIP = 0xf7e901e6
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x6c65662f)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x2f2f2f2f)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e901e6, 8)== ord('1'))
condition = Operators.AND(condition, cpu.read_int(0xf7e901e7, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0xf7e901e8)
condition = Operators.AND(condition, cpu.EDX == 0x434a4900)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.ECX == 0x2f2f2f2f)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XOR_10_symbolic(self):
''' Instruction XOR_10
Groups:
0xf7fe54c9: xor edx, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54c9] = '1'
mem[0xf7fe54ca] = '\xc2'
cpu.EIP = 0xf7fe54c9
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xf54162e5)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf54162e4)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe54c9, 8)== ord('1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54ca, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe54cb)
condition = Operators.AND(condition, cpu.EDX == 0x1)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.EAX == 0xf54162e4)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XOR_11_symbolic(self):
''' Instruction XOR_11
Groups:
0xf7ff3f05: xor edx, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3f05] = '1'
mem[0xf7ff3f06] = '\xca'
cpu.EIP = 0xf7ff3f05
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x8cd19a8b)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x722d6473)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3f05, 8)== ord('1'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3f06, 8)== ord('\xca'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3f07)
condition = Operators.AND(condition, cpu.EDX == 0xfefcfef8)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.ECX == 0x722d6473)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == True)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XOR_12_symbolic(self):
''' Instruction XOR_12
Groups:
0xf7fe7288: xor eax, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7288] = '1'
mem[0xf7fe7289] = '\xc0'
cpu.EIP = 0xf7fe7288
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xffffff00)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7288, 8)== ord('1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7289, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe728a)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XOR_13_symbolic(self):
''' Instruction XOR_13
Groups:
0xf7fe54c9: xor edx, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54c9] = '1'
mem[0xf7fe54ca] = '\xc2'
cpu.EIP = 0xf7fe54c9
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x7ab03cab)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x77faeee0)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe54c9, 8)== ord('1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54ca, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe54cb)
condition = Operators.AND(condition, cpu.EDX == 0xd4ad24b)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EAX == 0x77faeee0)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XOR_14_symbolic(self):
''' Instruction XOR_14
Groups:
0xf7febc53: xor eax, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7feb000, 0x1000, 'rwx')
mem[0xf7febc53] = '1'
mem[0xf7febc54] = '\xc0'
cpu.EIP = 0xf7febc53
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x1)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7febc53, 8)== ord('1'))
condition = Operators.AND(condition, cpu.read_int(0xf7febc54, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7febc55)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XOR_15_symbolic(self):
''' Instruction XOR_15
Groups:
0xf7fe7288: xor eax, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7288] = '1'
mem[0xf7fe7289] = '\xc0'
cpu.EIP = 0xf7fe7288
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xffffff01)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7288, 8)== ord('1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7289, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe728a)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XOR_16_symbolic(self):
''' Instruction XOR_16
Groups:
0xf7fe7288: xor eax, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7288] = '1'
mem[0xf7fe7289] = '\xc0'
cpu.EIP = 0xf7fe7288
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xffffff00)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7288, 8)== ord('1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7289, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe728a)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XOR_17_symbolic(self):
''' Instruction XOR_17
Groups:
0xf7fe54c9: xor edx, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe54c9] = '1'
mem[0xf7fe54ca] = '\xc2'
cpu.EIP = 0xf7fe54c9
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0xa1338653)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xa1338652)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe54c9, 8)== ord('1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe54ca, 8)== ord('\xc2'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe54cb)
condition = Operators.AND(condition, cpu.EDX == 0x1)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.EAX == 0xa1338652)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XOR_18_symbolic(self):
''' Instruction XOR_18
Groups:
0xf7febc53: xor eax, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7feb000, 0x1000, 'rwx')
mem[0xf7febc53] = '1'
mem[0xf7febc54] = '\xc0'
cpu.EIP = 0xf7febc53
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xffffffff)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7febc53, 8)== ord('1'))
condition = Operators.AND(condition, cpu.read_int(0xf7febc54, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7febc55)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XOR_19_symbolic(self):
''' Instruction XOR_19
Groups:
0xf7eaa0f5: xor eax, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa0f5] = '1'
mem[0xf7eaa0f6] = '\xc0'
cpu.EIP = 0xf7eaa0f5
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x0)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7eaa0f5, 8)== ord('1'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa0f6, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7eaa0f7)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XOR_2_symbolic(self):
''' Instruction XOR_2
Groups:
0xf7fe7f50: xor ecx, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe7000, 0x1000, 'rwx')
mem[0xf7fe7f50] = '1'
mem[0xf7fe7f51] = '\xc9'
cpu.EIP = 0xf7fe7f50
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf7e1e800)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe7f50, 8)== ord('1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe7f51, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe7f52)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XOR_20_symbolic(self):
''' Instruction XOR_20
Groups:
0xf7fed69c: xor eax, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fed000, 0x1000, 'rwx')
mem[0xf7fed69c] = '1'
mem[0xf7fed69d] = '\xc0'
cpu.EIP = 0xf7fed69c
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7e14000)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fed69c, 8)== ord('1'))
condition = Operators.AND(condition, cpu.read_int(0xf7fed69d, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fed69e)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XOR_21_symbolic(self):
''' Instruction XOR_21
Groups:
0xf7e901d7: xor edi, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7e90000, 0x1000, 'rwx')
mem[0xf7e901d8] = '\xd7'
mem[0xf7e901d7] = '1'
cpu.EIP = 0xf7e901d7
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x6c65662f)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.EDI = cs.new_bitvec(32)
cs.add(cpu.EDI == 0x6b64652e)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7e901d8, 8)== ord('\xd7'))
condition = Operators.AND(condition, cpu.read_int(0xf7e901d7, 8)== ord('1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7e901d9)
condition = Operators.AND(condition, cpu.EDX == 0x6c65662f)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.EDI == 0x7010301)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XOR_3_symbolic(self):
''' Instruction XOR_3
Groups:
0xf7ff45fe: xor ecx, esi
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff4000, 0x1000, 'rwx')
mem[0xf7ff45fe] = '1'
mem[0xf7ff45ff] = '\xf1'
cpu.EIP = 0xf7ff45fe
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0xf7fdab08)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.ESI = cs.new_bitvec(32)
cs.add(cpu.ESI == 0xf7fdab18)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff45fe, 8)== ord('1'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff45ff, 8)== ord('\xf1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff4600)
condition = Operators.AND(condition, cpu.PF == False)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.ECX == 0x10)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.ESI == 0xf7fdab18)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XOR_4_symbolic(self):
''' Instruction XOR_4
Groups:
0xf7ff3ccc: xor cl, dl
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ccc] = '0'
mem[0xf7ff3ccd] = '\xd1'
cpu.EIP = 0xf7ff3ccc
cpu.DL = cs.new_bitvec(8)
cs.add(cpu.DL == 0x24)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x48)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3ccc, 8)== ord('0'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3ccd, 8)== ord('\xd1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3cce)
condition = Operators.AND(condition, cpu.DL == 0x24)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.CL == 0x6c)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XOR_5_symbolic(self):
''' Instruction XOR_5
Groups:
0xf7ff3e74: xor eax, eax
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3e74] = '1'
mem[0xf7ff3e75] = '\xc0'
cpu.EIP = 0xf7ff3e74
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0xf7e28000)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e74, 8)== ord('1'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3e75, 8)== ord('\xc0'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3e76)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.EAX == 0x0)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XOR_6_symbolic(self):
''' Instruction XOR_6
Groups:
0xf7ff3cc4: xor cl, byte ptr [eax]
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0x08048000, 0x1000, 'rwx')
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
addr = cs.new_bitvec(32)
cs.add(addr == 0x80481e9)
value = cs.new_bitvec(8)
cs.add(value == 0x6c)
mem[addr] = value
mem[0xf7ff3cc4] = '2'
mem[0xf7ff3cc5] = '\x08'
cpu.EIP = 0xf7ff3cc4
cpu.EAX = cs.new_bitvec(32)
cs.add(cpu.EAX == 0x80481e9)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.CL = cs.new_bitvec(8)
cs.add(cpu.CL == 0x24)
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0x80481e9, 8)== ord('l'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3cc4, 8)== ord('2'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3cc5, 8)== ord('\x08'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3cc6)
condition = Operators.AND(condition, cpu.EAX == 0x80481e9)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.CL == 0x48)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == False)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XOR_7_symbolic(self):
''' Instruction XOR_7
Groups:
0xf7fe5487: xor edx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7fe5000, 0x1000, 'rwx')
mem[0xf7fe5488] = '\xd2'
mem[0xf7fe5487] = '1'
cpu.EIP = 0xf7fe5487
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == False)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x1)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7fe5488, 8)== ord('\xd2'))
condition = Operators.AND(condition, cpu.read_int(0xf7fe5487, 8)== ord('1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7fe5489)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XOR_8_symbolic(self):
''' Instruction XOR_8
Groups:
0xf7ff3ebf: xor edx, edx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7ff3000, 0x1000, 'rwx')
mem[0xf7ff3ec0] = '\xd2'
mem[0xf7ff3ebf] = '1'
cpu.EIP = 0xf7ff3ebf
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == False)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.EDX = cs.new_bitvec(32)
cs.add(cpu.EDX == 0x3)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == True)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7ff3ec0, 8)== ord('\xd2'))
condition = Operators.AND(condition, cpu.read_int(0xf7ff3ebf, 8)== ord('1'))
condition = Operators.AND(condition, cpu.EIP == 0xf7ff3ec1)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.EDX == 0x0)
condition = Operators.AND(condition, cpu.SF == False)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
def test_XOR_9_symbolic(self):
''' Instruction XOR_9
Groups:
0xf7eaa198: xor ecx, ecx
'''
cs = ConstraintSet()
mem = SMemory32(cs)
cpu = I386Cpu(mem)
mem.mmap(0xf7eaa000, 0x1000, 'rwx')
mem[0xf7eaa198] = '1'
mem[0xf7eaa199] = '\xc9'
cpu.EIP = 0xf7eaa198
cpu.OF = cs.new_bool()
cs.add(cpu.OF == False)
cpu.ZF = cs.new_bool()
cs.add(cpu.ZF == True)
cpu.CF = cs.new_bool()
cs.add(cpu.CF == False)
cpu.PF = cs.new_bool()
cs.add(cpu.PF == True)
cpu.SF = cs.new_bool()
cs.add(cpu.SF == False)
cpu.ECX = cs.new_bitvec(32)
cs.add(cpu.ECX == 0x0)
done = False
while not done:
try:
cpu.execute()
done = True
except ConcretizeRegister as e:
symbol = getattr(cpu, e.reg_name)
values = solver.get_all_values(cs, symbol)
self.assertEqual(len(values), 1)
setattr(cpu, e.reg_name, values[0])
condition = True
condition = Operators.AND(condition, cpu.read_int(0xf7eaa198, 8)== ord('1'))
condition = Operators.AND(condition, cpu.read_int(0xf7eaa199, 8)== ord('\xc9'))
condition = Operators.AND(condition, cpu.EIP == 0xf7eaa19a)
condition = Operators.AND(condition, cpu.OF == False)
condition = Operators.AND(condition, cpu.ZF == True)
condition = Operators.AND(condition, cpu.CF == False)
condition = Operators.AND(condition, cpu.PF == True)
condition = Operators.AND(condition, cpu.SF == False)
condition = Operators.AND(condition, cpu.ECX == 0x0)
with cs as temp_cs:
temp_cs.add(condition)
self.assertTrue(solver.check(temp_cs))
with cs as temp_cs:
temp_cs.add(condition == False)
self.assertFalse(solver.check(temp_cs))
if __name__ == '__main__':
unittest.main()