Engine module

The main Maat engine interface for users.

❱ Namespaces

namespace maat::env: Simulation of the external environment in which a process is run.

class maat::callother::HandlerMap: A mapping between CALLOTHER occurences and their handler.
class maat::MaatEngine: The main engine class of the Maat framework. It is a wrapper around core components (lifter, memory engine, IR CPU, binary loader, environment simulation, etc) that enables to symbolically emulate a process.
struct maat::info::RegAccess: Struct holding information about a register access.
struct maat::info::MemAccess: Struct holding information about a memory access.
struct maat::info::Branch: Struct holding information about a regular or conditional branch operation.
class maat::info::Info: This class is used by the engine to make relevant information easily available to the user when it stops executing emulated code. The accessible information depends on the reason why the engine stopped. For instance if the engine encountered a breakpoint, the class will hold breakpoint related info, e.g register/memory that was read/written, path constraints that was encountered, etc.
class maat::PathManager: A class recording the constraints associated with the current execution path.
struct maat::SavedMemState: Struct used by snapshots to record previous contents of an overwritten memory area.
class maat::Settings: Tweakable settings and options for the engine.
class maat::Snapshot: Data container class used by the engine for snapshoting.
template<typename T> class maat::SnapshotManager: Wrapper class to manage a list of snapshots.

enum class Id { X86_RDTSC, X86_CPUID, X64_SYSCALL, X86_PMINUB, X86_INT, X86_LOCK, UNSUPPORTED }: Unique identifiers for CALLOTHER occurences in the IR.
enum class Stop { HOOK, SYMBOLIC_PC, SYMBOLIC_CODE, MISSING_FUNCTION, MISSING_SYSCALL, EXIT, INST_COUNT, ILLEGAL_INST, UNSUPPORTED_INST, ARITHMETIC_ERROR, ERROR, FATAL, NONE }

using handler_t = std::add_pointer<void(MaatEngine&, const ir::Inst&, ir::ProcessedInst&)>::type: A handler that executes a CALLOTHER occurence properly.
using abstract_mem_chunk_t = std::vector<std::pair<Expr, uint8_t>>: (Internal) Used to record writes on abstract memory
using symbolic_mem_snapshot_t = unsigned int: (Internal) Used for snapshoting symbolic memory engine

auto mnemonic_to_id(const std::string& mnemonic, Arch::Type arch) -> Id: Return the Id corresponding to the occurence of CALLOTHER in assembly instruction 'mnemonic'.
auto default_handler_map() -> HandlerMap: Return the default handler map for CALLOTHER occurences.
auto operator<<(std::ostream& os, const MemAccess& mem_access) -> std::ostream&: Print memory access info to a stream.
auto operator<<(std::ostream& os, const Branch& branch) -> std::ostream&: Print branch info to a stream.

Unique identifiers for CALLOTHER occurences in the IR.

Enumerators
X86_RDTSC	Load the timestamp counter in a register/temporary.
X86_CPUID	CPUID on X86/X64.
X64_SYSCALL	System call on X64.
X86_PMINUB	PMINUB on X86/X64.
X86_INT	INT on X86.
X86_LOCK	LOCK on X86/X64.
UNSUPPORTED

Reason while the engine stopped running code

Enumerators
HOOK	Event hook halted the engine.
SYMBOLIC_PC	Program counter is purely symbolic.
SYMBOLIC_CODE	Code to execute is purely symbolic.
MISSING_FUNCTION	Calling a function that is neither loaded nor emulated.
MISSING_SYSCALL	Performing a syscall that is not emulated.
EXIT	Program exited.
INST_COUNT	The maximum number of instructions to execute has been reached.
ILLEGAL_INST	The disassembler encountered an illegal instruction.
UNSUPPORTED_INST	The disassembler encountered an instruction that it can not lift.
ARITHMETIC_ERROR	Fatal arithmetic errors in the emulated code (like div by zero)
ERROR	An error was encountered in the emulated code.
FATAL	A fatal error occured internally within Maat (not the emulated process)
NONE