maat.MaatEngine class

The main engine class of the Maat framework. It is a wrapper around core components (lifter, memory engine, IR CPU, binary loader, environment simulation, etc) that enables to symbolically emulate a process.

❱ Constructors

MaatEngine( ARCH arch [, OS os ])

Create a new engine

Parameters
arch	The architecture to emulate
os	(Optional) The operating system to emulate

❱ Attributes

CPU cpu: Emulated CPU
Memory mem: Memory of the emulated process
VarContext vars: Context for abstract (concolic) variables
EventManager hooks: Event hooks manager
Info info: Contextual information set by the engine for the user
Settings settings: Tweakable settings of the engine
PathManager path: Manager for symbolic path constraints
ProcessInfo process: Contextual about the emulated process (PID, ...)
EnvEmulator env: Emulated environment (syscalls, filesystem, etc)

❱ Methods

STOP run([ int max_insts ])

Run the emulated process. Returns a STOP value indicating why the engine stopped

Parameters
max_insts	(Optional) Maximum number of instructions to emulate before stopping. If omitted, run until the emulated process exits or another event stops execution

STOP run_from(int addr [, int max_insts])

Similar to MaatEngine.run() but sets the program counter to addr before running

int take_snapshot()

Take a snapshot and returns the snapshot ID as an int

restore_snapshot([ int snapshot_id, bool remove=False ])

Restore a snapshot

Parameters
snapshot_id	(Optional) ID of the snapshot to restore. If omitted, restore the latest snapshot
remove	(Optional) If True, delete the snapshot after restoring it

load( str binary, BIN type, int base=0x0, list[Union[bytes,list[ Value ]]] args=[], dict[str,str] envp={}, list[str] libdirs=[], list[str] ignore_libs=[], dict[str,str] virtual_fs={}, bool load_interp=True )

Load an executable binary in the engine

Parameters
binary	Binary to load
type	Executable format of the binary
base	(Optional) Base address where to relocate the binary if position-independent
args	(Optional) Command line arguments with whom to invoke the binary. A command lineargument can be either concrete `bytes` or an abstract list of single-byte `Value`
envp	(Optional) Environment variables for the emulated process
libdirs	(Optional) List of library directories to search to load the binary dependencies
ignore_libs	(Optional) List of libraries not to load even though they are listed as dependencies. This parameter is ignored when load_interp is set to `True`
virtual_fs	(Optional) Location of loaded binaries and libraries in the emulated filesystem. This parameter maps the object(s) filenames to their path(s) in the virtual filesystem, eg: `{ "libc.so.6": "/usr/lib" }`
load_interp	(Optional) If set to `True`, load and emulate the interpreter and let it load the binary and dependencies by itself. The interpreter binary must be found in one of the libdirs directories. If the interpreter is missing, Maat loads the binary and dependencies manually