[英]Using Python Z3 with QWORDs
I am new to z3py. 我是z3py的新手。
I am reverse engineering a code where I have two QWORDs stored in XMM registers. 我正在对一个代码进行逆向工程,我在XMM寄存器中存储了两个QWORD。
And there are different operations performed on it. 并且对其执行了不同的操作。
Let's say, I have to find 2 qwords, p1 and p2 given the following equations: 让我们说,我必须找到2个qwords,p1和p2给出以下等式:
x = p1 + p2
y = p1 ^ p2
if x == r1 and y == r2:
print p1, p2
Note: P1 and P2 are QWORDs which actually represent an 8 character ASCII string. 注意:P1和P2是QWORD,实际上代表一个8字符的ASCII字符串。 So, P1 is an array of 8 bytes where each byte corresponds to ASCII value of a printable character.
因此,P1是一个8字节的数组,其中每个字节对应于可打印字符的ASCII值。
I wrote the following code: 我写了以下代码:
#! /usr/bin/python
from z3 import *
s = Solver()
a = BitVec('a', 64)
b = BitVec('b', 64)
s.add(a + b == result1)
s.add(a ^ b == result2)
if s.check():
print(s.model())
Question: 题:
I think I should not be using BitVec in my case to represent the QWORDs since I know that each byte of the QWORD corresponds to a printable ASCII character. 我想我不应该在我的情况下使用BitVec来表示QWORD,因为我知道QWORD的每个字节对应一个可打印的ASCII字符。 So, how should I represent my inputs?
那么,我应该如何表达我的意见呢?
It's probably best to use a Python array of 4 8-bit values instead: 最好使用4个8位值的Python数组:
#! /usr/bin/python
from z3 import *
s = Solver()
A = [BitVec('a%s' % i, 8) for i in range(4)]
B = [BitVec('b%s' % i, 8) for i in range(4)]
s.add(A[0] <= 128)
s.add(A[0] + B[0] == 12)
s.add(A[1] + B[1] == 5)
s.add(A[2] ^ B[2] == 9)
s.add(A[3] >= 20)
if s.check() == sat:
print(s.model())
This prints: 这打印:
[a2 = 0,
b2 = 9,
a3 = 20,
b1 = 0,
a1 = 5,
b0 = 140,
a0 = 128]
This way you can add arbitrary constraints by using the array elements in a natural way. 这样,您可以通过自然方式使用数组元素来添加任意约束。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.