trailofbits · nkaretnikov · Feb 17, 2018 · Feb 17, 2018 · Feb 21, 2018 · Feb 21, 2018
@@ -4,7 +4,7 @@ os:
   - linux
 language: python
 python:
-  - 3.6.5
+  - 3.6.6
 
 stages:
   - prepare
@@ -14,7 +14,7 @@ stages:
 env:
   global:
     - CC_TEST_REPORTER_ID=db72f1ed59628c16eb0c00cbcd629c4c71f68aa1892ef42d18c7c2b8326f460a
-    - JOB_COUNT=2 # Two jobs generate test coverage
+    - JOB_COUNT=3 # Three jobs generate test coverage: ethereum, native, and other
     - PYTHONWARNINGS="default::ResourceWarning" # Enable ResourceWarnings
   matrix:
     - TEST_TYPE=examples
@@ -30,8 +30,8 @@ branches:
 cache:
   pip: true
   directories:
-  - $HOME/virtualenv/python3.6.5/lib/python3.6/site-packages
-  - $HOME/virtualenv/python3.6.5/bin/
+  - $HOME/virtualenv/python3.6.6/lib/python3.6/site-packages
+  - $HOME/virtualenv/python3.6.6/bin/
 
 jobs:
   include:
@@ -45,7 +45,7 @@ jobs:
       script:
         - true
       after_script:
-        - aws s3 sync "s3://manticore-testdata/coverage/$TRAVIS_COMMIT" coverage/ 
+        - aws s3 sync "s3://manticore-testdata/coverage/$TRAVIS_COMMIT" coverage/
         - ./cc-test-reporter sum-coverage --output - --parts $JOB_COUNT coverage/codeclimate.*.json | ./cc-test-reporter upload-coverage --input -
 
 install:
@@ -57,4 +57,3 @@ script:
 after_success:
   - ./cc-test-reporter format-coverage -t coverage.py -o "coverage/codeclimate.$TEST_TYPE.json"
   - aws s3 sync coverage/ "s3://manticore-testdata/coverage/$TRAVIS_COMMIT"
-
@@ -0,0 +1,28 @@
+// gcc -g -static -o basic basic.c
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+int main(int argc, char* argv[], char* envp[]){
+    unsigned int cmd;
+
+    if (read(0, &cmd, sizeof(cmd)) != sizeof(cmd))
+    {
+        printf("Error reading stdin!");
+        exit(-1);
+    }
+
+    if (cmd > 0x41)
+    {
+        printf("Message: It is greater than 0x41\n");
+    }
+    else 
+    {
+        printf("Message: It is less than or equal to 0x41\n");
+    }
+
+return 0;
+}
+
+
@@ -0,0 +1,71 @@
+#!/usr/bin/env python3
+
+import os
+import struct
+import sys
+
+from manticore.native import Manticore
+
+# Examples:
+# printf "\x41\x00\x00\x00" | PYTHONPATH=. ./examples/script/aarch64/basic.py
+# printf "++\x00\x00"       | PYTHONPATH=. ./examples/script/aarch64/basic.py
+# printf "++++"             | PYTHONPATH=. ./examples/script/aarch64/basic.py
+# printf "ffffff"           | PYTHONPATH=. ./examples/script/aarch64/basic.py
+
+DIR = os.path.dirname(__file__)
+FILE = os.path.join(DIR, 'basic')
+STDIN = sys.stdin.readline()
+
+# Avoid writing anything to 'STDIN' here.  Do it in the 'init' hook as that's
+# more flexible.
+m = Manticore(FILE, concrete_start='', stdin_size=0)
+
+
+@m.init
+def init(state):
+    state.platform.input.write(state.symbolicate_buffer(STDIN, label='STDIN'))
+
+
+# Hook the 'if' case.
+@m.hook(0x4006bc)
+def hook_if(state):
+    print('hook if')
+    state.abandon()
+
+
+# Hook the 'else' case.
+@m.hook(0x4006cc)
+def hook_else(state):
+    print('hook else')
+    # See how the constraints are affected by input.
+    print_constraints(state, 6)
+
+    w0 = state.cpu.W0
+
+    if isinstance(w0, int):  # concrete
+        print(hex(w0))
+    else:
+        print(w0)            # symbolic
+
+    solved = state.solve_one(w0)
+    print(struct.pack("<I", solved))
+
+
+# Hook 'puts' in the 'else' case.
+@m.hook(0x4006d4)
+def hook_puts(state):
+    print('hook puts')
+    cpu = state.cpu
+    print(cpu.read_string(cpu.X0))
+
+
+def print_constraints(state, nlines):
+    i = 0
+    for c in str(state.constraints).split('\n'):
+        if i >= nlines:
+            break
+        print(c)
+        i += 1
+
+
+m.run()
@@ -0,0 +1,50 @@
+#!/usr/bin/env python3
+
+import os
+
+from manticore.native import Manticore
+
+# Modified 'count_instructions.py' to demonstrate execution of a
+# statically-linked "Hello, world!" AArch64 binary.
+
+DIR = os.path.dirname(__file__)
+FILE = os.path.join(DIR, 'hello42')
+
+if __name__ == '__main__':
+    m = Manticore(FILE)
+
+    with m.locked_context() as context:
+        context['count'] = 0
+
+    @m.hook(None)
+    def explore(state):
+        with m.locked_context() as context:
+            context['count'] += 1
+
+            if state.cpu.PC == 0x406f10:  # puts
+                s = state.cpu.read_string(state.cpu.X0)
+                assert s == 'hello'
+                print(f'puts argument: {s}')
+
+            elif state.cpu.PC == 0x40706c:  # puts result
+                result = state.cpu.X0
+                assert result >= 0
+                print(f'puts result: {result}')
+
+            elif state.cpu.PC == 0x415e50:  # exit
+                status = state.cpu.X0
+                syscall = state.cpu.X8
+                assert syscall == 94  # sys_exit_group
+                print(f'exit status: {status}')
+
+    def execute_instruction(self, insn, msg):
+        print(f'{msg}: 0x{insn.address:x}: {insn.mnemonic} {insn.op_str}')
+
+    m.subscribe('will_execute_instruction', lambda self, state, pc, insn:
+                execute_instruction(self, insn, 'next'))
+    m.subscribe('did_execute_instruction', lambda self, state, last_pc, pc, insn:
+                execute_instruction(self, insn, 'done'))
+
+    m.run(procs=1)
+
+    print(f"Executed {m.context['count']} instructions")
@@ -0,0 +1,8 @@
+// gcc -g -static -o hello42 hello42.c
+#include <stdio.h>
+
+int main()
+{
+  puts("hello");
+  return 42;
+}