MaatEngine class
The main engine class of the Maat framework. It is a wrapper around core components (lifter, memory engine, IR CPU, binary loader, environment simulation, etc) that enables to symbolically emulate a process.
Contents
❱ Base classes
- class Serializable
- Virtual interface that serializable classes must implement.
❱ Constructors, destructors, conversion operators
-
MaatEngine(Arch::
Type arch, env:: OS os = env::OS::NONE) - Instanciate an engine for architecture 'arch' and operating system 'os'.
- ~MaatEngine() defaulted virtual
- Destructor.
❱ Public functions
-
auto run(int max_inst = 0) -> info::
Stop - Continue executing from the current state. Execute at most 'max_inst' before stopping.
-
auto run_from(addr_
t addr, unsigned int max_inst = 0) -> info:: Stop - Set the instruction pointer to address 'addr' and start executing from there. Execute at most 'max_inst' before stopping.
-
auto run_inst(addr_
t addr, uint8_t* raw_inst, size_t raw_instr_size) -> info:: Stop - Lift and execute a single instruction located at virtual address 'addr', 'raw_inst' points to the raw assembly of the instruction to be lifted.
- void terminate_process(Value status)
- Terminate the process emulated by the engine.
- auto take_snapshot() -> snapshot_t
- Take a snapshot of the current engine state.
- void restore_snapshot(snapshot_t snapshot, bool remove = false)
- Restore the engine state to 'snapshot'. If remove is true, the snapshot is removed after being restored.
- void restore_last_snapshot(bool remove = false)
- Restore the engine state to the lastest snapshot. If remove is true, the snapshot is removed after being restored.
- auto nb_snapshots() -> int
- Return the current number of active snapshots.
-
void load(const std::string& binary,
loader::
Format type, addr_ t base, const std::vector<loader:: CmdlineArg>& args, const loader:: environ_t& envp, const std::unordered_map<std::string, std::string>& virtual_fs, const std::list<std::string>& libdirs, const std::list<std::string>& ignore_libs, bool load_interp = true) - Load an executable.
- auto refine_value_set(Expr e) -> ValueSet
- Return a solver-refined value set for expression e. The refined value set takes into account potential path constraints.
-
auto get_inst_asm(addr_
t addr) -> const std::string& - Return the assembly string for instruction at address 'addr'.
-
auto class_uid() const -> serial::
uid_t virtual - Return the class uid (see ClassId enum)
-
void dump(serial::
Serializer& s) const virtual -
void load(serial::
Deserializer& d) virtual
❱ Public variables
❱ Function documentation
void maat::
Load an executable.
| Parameters | |
|---|---|
| binary | Path of the executable file to load |
| type | Executable format of the file to load |
| base | Base address where to load the binary (used for relocatable binaries and position independent code) |
| args | Command line arguments with whom to invoke the loaded executable |
| envp | |
| virtual_fs | Location of loaded binaries and libraries in the emulated filesystem. Maps the object(s) filenames to their path(s) in the virtual filesystem, eg: { "libc.so.6": "/usr/lib" } |
| libdirs | Directories where to search for shared objects the binary might depend on |
| ignore_libs | List of libraries to NOT load even though the binary lists them as dependencies. This option has no effect when 'load_interp' is 'true' |
| load_interp | If set to True, load and emulate the interpreter and let it load the binary and dependencies by itself. The interpreter binary must be found in one of the 'libdirs' directories. If the interpreter is missing, Maat loads the binary and dependencies manually |
void maat::
Serialize the engine state
This serializes the whole engine state except:
- Event hooks
- Internal expression simplifier
- Logger
- Library emulation callbacks
- Callother callbacks
In order to keep those members (especially the event hooks), it is necessary to deserialize the engine in place using the same object instance that was serialized.
void maat::
Deserialize a state into the engine
See notes in 'MaatEngine::