Memory class
Interface representing memory. Mainly used to model the virtual address space when emulating binaries.
❱ Methods
map(int start, int end, PERM flags = PERM.RWX , str name = "")
Map a memory region. The requested region to map is force-aligned to the memory defaut page size (0x1000).
For instance map(0xfff, 0x1001, ...) will actually map addresses from 0x0 up to 0x1fff.
| Parameters | |
|---|---|
| start | Start address of the map (included) |
| end | End address of the map (included) |
| flags | Memory permissions of the map |
| name | (Optional) Name of the map |
Value read( Value addr, int size)
Similar to Memory.read() with an abstract address. If the address is not concrete, the method performs a symbolic pointer read
list[ Value ] read_buffer( Value addr, int nb_elems, int elem_size=1)
Similar to Memory.read_buffer() with an abstract address. Doesn't work for fully symbolic addresses
write(Union[int, Value ] addr, int val, int size, bool ignore_flags=False)
Write concrete value in memory
| Parameters | |
|---|---|
| addr | Address where to write. If the address is purely symbolic, performs a symbolic pointer write |
| val | Value to write in memory |
| size | Size in bytes of the value to write |
| ignore_flags | If True, don't check for PERM.W access flag |
write(Union[int, Value ] addr, bytes buffer [, int len, bool ignore_flags=False ])
Write a concrete bytes buffer in memory
| Parameters | |
|---|---|
| addr | Address where to write the bytes. This function doesn't support fully symbolic addresses, so if addr is an Value object it must be concretizable. |
| buffer | Bytes to write in memory |
| len | (Optional) If specified, only write the first len bytes of buffer. If not specified, write the whole buffer |
| ignore_flags | If True, don't check for PERM.W access flag |
str make_symbolic(int addr, int nb_elems, int elem_size, str name)
Make memory content purely symbolic. The method creates a new set of nb_elems purely symbolic variables of size elem_size bytes. The variables are named according to the name parameter. If name="myvar" then the created variables are named "myvar_0", "myvar_1", etc. If the requested name isn't available, another name will be automatically selected (for example "myvar1" instead of "myvar", then the created variables are "myvar1_0", "myvar1_1", etc). In any case, the method returns the choosen base name of the created symbolic variables
| Parameters | |
|---|---|
| addr | Start address of memory content to make concolic |
| nb_elems | Number of abstract variables to create |
| elem_size | Individual size in bytes of abstract variables to create |
| name | Prefered base name for the created abstract variables |
str make_concolic(int addr, int nb_elems, int elem_size, str name)
Make memory content concolic. The method creates a new set of nb_elems abstract variables of size elem_size bytes. It follows the same naming strategy than Memory.make_symbolic() for the variables. The current concrete values present in memory are automatically bound to the new variables in the engine's VarContext (so the created variables are not purely symbolic and can still be concretized). The method returns the base name of the created symbolic variables
| Parameters | |
|---|---|
| addr | Start address of memory content to make concolic |
| nb_elems | Number of abstract variables to create |
| elem_size | Individual size in bytes of abstract variables to create |
| name | Prefered base name for the created abstract variables |