maat::MemEngine class

❱   Base classes

class Serializable

Virtual interface that serializable classes must implement.

---

❱   Constructors, destructors, conversion operators

MemEngine(std::shared_ptr<VarContext> varctx = nullptr, size_t arch_bits = 64, std::shared_ptr<SnapshotManager<Snapshot>> snap = nullptr)

Create new memory engine.

---

❱   Public functions

void map(addr_t start, addr_t end, mem_flag_t mflags = mem_flag_rwx, const std::string& map_name = "")

Map memory from 'start' to 'end' (included), with permissions 'mflags'. Necessary segments are created in order to fill the map. The map is NOT initialised with zeros.

---

auto allocate(addr_t init_base, addr_t size, addr_t align, mem_flag_t flags, const std::string& name) -> addr_t

Allocate a new memory map of 'size' bytes. The map wills be aligned according to the 'align' value. Returns the start address of the map.

---

void unmap(addr_t start, addr_t end)

Unmap memory from 'start' to 'end'. Memory is NOT reset to zeros.

---

void new_segment(addr_t start, addr_t end, mem_flag_t flags = maat::mem_flag_rwx, const std::string& name = "", bool is_special_segment = false)

Create a new memory segment from addresses 'start' to 'end' (included)

---

auto allocate_segment(addr_t base_addr, addr_t size, addr_t align, mem_flag_t flags = maat::mem_flag_rwx, const std::string& name = "", bool is_special_segment = false) -> addr_t

Allocate new memory segment of 'size' bytes. The segment will be aligned according to the 'align' value.

---

void delete_segment(addr_t start)

Delete segment starting at address 'start'.

---

auto is_free(addr_t start, addr_t end) -> bool

Return 'true' if nothing is mapped between 'start' and 'end'.

---

void read(Value& res, addr_t addr, unsigned int nb_bytes, mem_alert_t* alert = nullptr, bool force_concrete_read = false)

Read 'nb_bytes' at address 'addr'.

---

void read_buffer(std::vector<Value>& res, const Value& addr, unsigned int nb_elems, unsigned int elem_size = 1)

Read a buffer in memory.

---

auto read_string(const Value& addr, unsigned int len = 0) -> std::string

Read a concrete string of length len from address addr. If len=0, it reads a C-style string and stops at the first null-byte. If addr is not concrete, the function raises a mem_exception.

---

void write(addr_t addr, const Value& value, mem_alert_t* alert = nullptr, bool ignore_mem_permissions = false, bool called_by_engine = false)

Write 'value' at address 'addr'.

---

void symbolic_ptr_write(Expr addr, const ValueSet& range, const Value& val, const Settings& settings, mem_alert_t* alert = nullptr, bool called_by_engine = false)

Write at a symbolic memory address. range is the range of possible values for addr

---

void symbolic_ptr_read(Value& res, Expr addr, const ValueSet& range, unsigned int nb_bytes, const Settings& settings)

Read at a symbolic memory address. range is the range of possible values for addr. Write result in 'res'.

---

auto read(addr_t addr, unsigned int nb_bytes, mem_alert_t* alert = nullptr, bool force_concrete_read = false) -> Value

Read 'nb_bytes' at address 'addr'.

---

auto read(const Value& addr, unsigned int nb_bytes, bool ignore_mem_permissions = false) -> Value

Read 'nb_bytes' at address 'addr'.

---

auto read(Expr addr, unsigned int nb_bytes) -> Expr

Read nb_bytes at address addr. If addr is not concrete, this function automatically performs a symbolic pointer read.

---

void write(const Value& addr, cst_t val, int nb_bytes, bool ignore_mem_permissions = false)

Write concrete value in memory.

---

void write(const Value& addr, const Value& value, bool ignore_mem_permissions = false)

Write 'value' at address 'addr'.

---

void write(addr_t addr, cst_t val, int nb_bytes, bool ignore_mem_permissions = false)

Write concrete value to memory.

---

auto read_buffer(const Value& addr, unsigned int nb_elems, unsigned int elem_size = 1) -> std::vector<Value>

Read a buffer in memory.

---

auto read_buffer(addr_t addr, unsigned int nb_elems, unsigned int elem_size = 1) -> std::vector<Value>

Read a buffer of 'nb_elems' elements of size 'elem_size' from address 'addr'.

---

void read_buffer(std::vector<Value>& buffer, addr_t addr, unsigned int nb_elems, unsigned int elem_size = 1)

Read a buffer of 'nb_elems' elements of size 'elem_size' from address 'addr' and writes each element as an abstract expression in the vector 'res'.

---

auto read_string(addr_t addr, unsigned int len = 0) -> std::string

Read a concrete string of length 'len' from address 'addr'. If len=0, it reads a C-style string and stops at the first null-byte.

---

void write_buffer(const Value& addr, uint8_t* src, int nb_bytes, bool ignore_mem_permissions = false)

Write concrete buffer in memory.

---

void write_buffer(const Value& addr, const std::vector<Value>& src, bool ignore_mem_permissions = false)

Write abstract buffer in memory.

---

void write_buffer(addr_t addr, uint8_t* src, int nb_bytes, bool ignore_mem_permissions = false)

Write a concrete buffer in memory.

---

void write_buffer(addr_t addr, const std::vector<Value>& src, bool ignore_mem_permissions = false)

Write an abstract buffer in memory.

---

auto make_symbolic(addr_t addr, unsigned int nb_elems, unsigned int elem_size, const std::string& basename) -> std::string

Make a buffer purely symbolic, return the symbolic name of the buffer.

---

auto make_concolic(addr_t addr, unsigned int nb_elems, unsigned int elem_size, const std::string& basename) -> std::string

Make a buffer concolic, return the symbolic name of the buffer.

---

auto make_tainted(addr_t addr, unsigned int nb_elems, unsigned int elem_size, const std::string& basename = "") -> std::string

Make a buffer tainted. If 'name' is specified, the buffer is made concolic then tainted, otherwise the memory contents are tainted without being transformed into symbolic variables.

---

auto abstract_snapshot(addr_t addr, int nb_bytes) -> abstract_mem_chunk_t

Take snapshot of abstract memory for nb_bytes from 'addr'.

---

auto concrete_snapshot(addr_t addr, int nb_bytes) -> cst_t

Take snapshot of concrete memory for nb_bytes from 'addr' (nb_bytes must be inferior or equal to 8)

---

auto raw_mem_at(addr_t addr) -> uint8_t*

Returns a raw pointer to the raw concrete memory buffer at address 'addr'. If the address isn't mapped, throws an exception.

---

void check_status(addr_t start, addr_t end, bool& is_symbolic, bool& is_tainted)

Check memory status between start and end (included): is it symbolic/concrete/tainted ? If at least one byte is symbolic, set is_symbolic It at least one byte is tainted, set is_tainted.

---

auto _get_pending_x_mem_overwrites() -> std::list<mem_access_t>&

Get the list of pending executable memory overwrites that happened (to be used by the engine only)

---

void _clear_pending_x_mem_overwrites()

Clear the list of pending executable memory overwrites (to be used by the engine only)

---

auto class_uid() const -> uid_t virtual

Return the class uid (see ClassId enum)

---

void dump(serial::Serializer&) const virtual

Dump the object contents in a serializer stream.

---

void load(serial::Deserializer&) virtual

Restore an object from a deserializer stream.

---

❱   Protected functions

auto has_segment_containing(addr_t start, addr_t end) -> bool

Return 'true' if there is a MemSegment that overlaps with [start:end].

---

❱   Friends

auto operator<<(std::ostream& os, MemEngine& mem) -> std::ostream&

Print the memory engine to a stream.

---

❱   Function documentation