maat namespace

Main namespace for Maat's API.

❱   Namespaces

namespace callother
Namespace regrouping classes and handlers to deal with the pcode CALLOTHER instruction.

namespace env
Simulation of the external environment in which a process is run.

namespace event
Namespace regrouping event related classes and types.

namespace info
Namespace regrouping classes and types used by the engine to provide various information to the user.

namespace ir
Intermediate Representation of machine code in Maat.

namespace loader
Functionalities to load executable files in Maat's engine.

namespace X64
Namespace for X86-64 specific definitions and classes.

namespace X86
Namespace for X86-32 specific definitions and classes.

❱   Classes

class Arch
Base class representing an architecture.

class callother_exception

class constraint_exception

class ConstraintObject
Constraint object representing constraints between symbolic expressions. This class should never be manipulated directly but used transparently through Constraint instances.

class env_exception

class event_exception

class ExprBinop
Binary operation.

class ExprConcat
Concatenation of two expressions.

class ExprCst
Constant expression.

class expression_exception

class ExprExtract
Bitfield extract.

class ExprITE
If-Then-Else expression.

class ExprObject

class ExprSimplifier

class ExprUnop
Unary operation.

class ExprVar
Abstract variable.

class generic_exception

class illegal_instruction_exception

class IntervalTree
Class used internally for symbolic memory management.

class ir_exception

class Lifter
The lifter is responsible for translating binary assembly code into Maat's IR.

class lifter_exception

class loader_exception

class Logger
Maat logger.

class MaatEngine
The main engine class of the Maat framework. It is a wrapper around core components (lifter, memory engine, IR CPU, binary loader, environment simulation, etc) that enables to symbolically emulate a process.

class MaatStats

class mem_exception

class MemAbstractBuffer

class MemConcreteBuffer

class MemEngine

class MemMap
A memory mapping.

class MemMapManager
Basic manager for page permissions.

class MemPageManager
Basic manager for page permissions.

class MemSegment

class MemStatusBitmap

class Number
Represents a constant value on an arbitrary number of bits.

class PageSet
A set of contiguous memory pages.

class PathManager
A class recording the constraints associated with the current execution path.

class ProcessInfo
This class contains information about a process.

class runtime_exception

struct SavedMemState
Struct used by snapshots to record previous contents of an overwritten memory area.

class serialize_exception

class Settings
Tweakable settings and options for the engine.

class SimpleInterval
Class used internally for symbolic memory management.

class Snapshot
Data container class used by the engine for snapshoting.

class snapshot_exception

template<typename T>
class SnapshotManager
Wrapper class to manage a list of snapshots.

class Symbol
A class representing a symbol.

class symbol_exception

class symbolic_exception

class SymbolicMemEngine
Dedicated memory engine handling the 'symbolic' memory state resulting from symbolic pointer writes.

class SymbolicMemWrite
Represents a symbolic pointer memory write.

class SymbolManager
Manager for all symbols in an engine.

class test_exception

class unsupported_instruction_exception

class Value

class ValueSet

class var_context_exception

class VarContext

❱   Enums

enum class CPUMode { X86, X64, A32, T32, A64, NONE }
CPU modes.

enum class ConstraintType { AND, OR, EQ, NEQ, LE, LT, ULE, ULT }
Different types of logical and arithmetic constraints.

enum class ExprType { VAR, MEM, EXTRACT, CONCAT, UNOP, BINOP, ITE, CST, NONE }
Different types of abstract expressions.

enum class ITECond: uint8_t { EQ, LT, LE, SLT, SLE, FEQ, FLT, FLE }

enum class Op: uint8_t { ADD =0, MUL, MULH, SMULL, SMULH, DIV, SDIV, NEG, AND, OR, XOR, SHL, SHR, SAR, MOD, SMOD, NOT, NONE }

enum class ExprStatus: uint8_t { CONCRETE, SYMBOLIC, CONCOLIC, NOT_COMPUTED }

enum class Taint: uint8_t { NOT_TAINTED = 0, TAINTED = 1, NOT_COMPUTED = 2 }

enum class Log { DEBUG = 0, INFO = 1, WARNING = 2, ERROR = 3, FATAL = 4 }
Log levels.

❱   Typedefs

using reg_t = uint16_t
Generic representation of a CPU register in Maat's engine.

using Constraint = std::shared_ptr<ConstraintObject>
Shared pointer to an constraint object. Constraints should be manipulated only through 'Constraint' instances. Unless used in Maat's core internals, the base class ConstraintObject and its child classes should never be used directly.

using offset_t = addr_t
Type used internally by Maat's memory engine.

using abstract_mem_chunk_t = std::vector<std::pair<Expr, uint8_t>>
(Internal) Used to record writes on abstract memory

using hash_t = uint32_t
Unique hash identifying an abstract expression object.

using cst_t = int64_t
Signed constant integer value.

using ucst_t = uint64_t
Unsigned constant integer value.

using fcst_t = double
Float constant value (double precision / 64 bits)

using addr_t = uint64_t
Concrete memory address.

using symbolic_mem_snapshot_t = unsigned int
(Internal) Used for snapshoting symbolic memory engine

❱   Functions

auto operator<<(std::ostream& os, const Constraint& constr) -> std::ostream&
Print a constraint to an out stream.

auto operator==(Expr left, Expr right) -> Constraint
Create equality constraint.

auto operator==(Expr left, cst_t right) -> Constraint
Create equality constraint.

auto operator==(cst_t left, Expr right) -> Constraint
Create equality constraint.

auto operator!=(Expr left, Expr right) -> Constraint
Create a not-equal constraint.

auto operator!=(Expr left, cst_t right) -> Constraint
Create a not-equal constraint.

auto operator!=(cst_t left, Expr right) -> Constraint
Create a not-equal constraint.

auto operator<=(Expr left, Expr right) -> Constraint
Create a signed less-or-equal constraint.

auto operator<=(Expr left, cst_t right) -> Constraint
Create a signed less-or-equal constraint.

auto operator<=(cst_t left, Expr right) -> Constraint
Create a signed less-or-equal constraint.

auto operator<(Expr left, Expr right) -> Constraint
Create a signed less-than constraint.

auto operator<(Expr left, cst_t right) -> Constraint
Create a signed less-than constraint.

auto operator<(cst_t left, Expr right) -> Constraint
Create a signed less-than constraint.

auto operator>=(Expr left, Expr right) -> Constraint
Create a signed greater or equal constraint.

auto operator>=(Expr left, cst_t right) -> Constraint
Create a signed greater or equal constraint.

auto operator>=(cst_t left, Expr right) -> Constraint
Create a signed greater or equal constraint.

auto operator>(Expr left, Expr right) -> Constraint
Create a signed greater-than constraint.

auto operator>(Expr left, cst_t right) -> Constraint
Create a signed greater-than constraint.

auto operator>(cst_t left, Expr right) -> Constraint
Create a signed greater-than constraint.

auto ULE(Expr left, Expr right) -> Constraint
Create an unsigned less or equal constraint.

auto ULE(Expr left, ucst_t right) -> Constraint
Create an unsigned less or equal constraint.

auto ULE(ucst_t left, Expr right) -> Constraint
Create an unsigned less or equal constraint.

auto ULT(Expr left, Expr right) -> Constraint
Create an unsigned less-than constraint.

auto ULT(Expr left, ucst_t right) -> Constraint
Create an unsigned less-than constraint.

auto ULT(ucst_t left, Expr right) -> Constraint
Create an unsigned less-than constraint.

auto operator&&(Constraint left, Constraint right) -> Constraint
Combine constraints (left AND right)

auto operator||(Constraint left, Constraint right) -> Constraint
Combine constraints (left OR right)

auto operator<(ExprType t1, ExprType t2) -> bool
Computes the priority of expression types. Used exclusively for expression canonization.

auto exprcst(size_t size, cst_t cst) -> Expr
Create new ExprCst instance.

auto exprcst(size_t size, std::string&& value, int base = 16) -> Expr
Create new ExprCst instance.

auto exprcst(const Number& value) -> Expr
Create a new ExprCst instance.

auto exprvar(size_t size, std::string name, Taint tainted = Taint::NOT_TAINTED) -> Expr
Create new ExprVar instance.

auto exprmem(size_t size, Expr addr, unsigned int access_count = 0xffffffff, Expr base = nullptr) -> Expr
Create new ExprMem instance.

auto exprmem(size_t size, Expr addr, unsigned int access_count, Expr base, ValueSet& addr_value_set) -> Expr
Create new ExprMem instance.

auto extract(Expr arg, unsigned long higher, unsigned long lower) -> Expr
Create new ExprExtract instance.

auto extract(Expr arg, Expr higher, Expr lower) -> Expr
Create new ExprExtract instance.

auto concat(Expr upper, Expr lower) -> Expr
Create new ExprConcat instance.

auto ITE(Expr cond_left, ITECond cond_op, Expr cond_right, Expr if_true, Expr if_false) -> Expr
Create new ExprITE instance.

auto operator+(Expr left, Expr right) -> Expr
Add two expressions.

auto operator+(Expr left, cst_t right) -> Expr
Add two expressions.

auto operator+(cst_t left, Expr right) -> Expr
Add two expressions.

auto operator-(Expr left, Expr right) -> Expr
Subtract two expressions.

auto operator-(Expr left, cst_t right) -> Expr
Subtract two expressions.

auto operator-(cst_t left, Expr right) -> Expr
Subtract two expressions.

auto operator*(Expr left, Expr right) -> Expr
Unsigned multiply two expressions (lower bits of result)

auto operator*(Expr left, cst_t right) -> Expr
Unsigned multiply two expressions (lower bits of result)

auto operator*(cst_t left, Expr right) -> Expr
Unsigned multiply two expressions (lower bits of result)

auto operator/(Expr left, Expr right) -> Expr
Unsigned divide two expressions.

auto operator/(Expr left, cst_t right) -> Expr
Unsigned divide two expressions.

auto operator/(cst_t left, Expr right) -> Expr
Unsigned divide two expressions.

auto operator&(Expr left, Expr right) -> Expr
Logical and between two expressions.

auto operator&(Expr left, cst_t right) -> Expr
Logical and between two expressions.

auto operator&(cst_t left, Expr right) -> Expr
Logical and between two expressions.

auto operator|(Expr left, Expr right) -> Expr
Logical or between two expressions.

auto operator|(Expr left, cst_t right) -> Expr
Logical or between two expressions.

auto operator|(cst_t left, Expr right) -> Expr
Logical or between two expressions.

auto operator^(Expr left, Expr right) -> Expr
Logical xor between two expressions.

auto operator^(Expr left, cst_t right) -> Expr
Logical xor between two expressions.

auto operator^(cst_t left, Expr right) -> Expr
Logical xor between two expressions.

auto operator%(Expr val, Expr mod) -> Expr
Unsigned modulo of two expressions.

auto operator%(Expr val, cst_t mod) -> Expr
Unsigned modulo of two expressions.

auto operator%(cst_t val, Expr mod) -> Expr
Unsigned modulo of two expressions.

auto operator<<(Expr val, Expr shift) -> Expr
Shift an expression to the left.

auto operator<<(Expr val, cst_t shift) -> Expr
Shift an expression to the left.

auto operator<<(cst_t val, Expr shift) -> Expr
Shift an expression to the left.

auto operator>>(Expr val, Expr shift) -> Expr
Shift an expression to the right.

auto operator>>(Expr val, cst_t shift) -> Expr
Shift an expression to the right.

auto operator>>(cst_t val, Expr shift) -> Expr
Shift an expression to the right.

auto sar(Expr arg, Expr shift) -> Expr
Arithmetic shift an expression to the right.

auto sar(Expr arg, cst_t shift) -> Expr
Arithmetic shift an expression to the right.

auto sar(cst_t arg, Expr shift) -> Expr
Arithmetic shift an expression to the right.

auto sdiv(Expr left, Expr right) -> Expr
Signed divide two expressions.

auto sdiv(Expr left, cst_t right) -> Expr
Signed divide two expressions.

auto sdiv(cst_t left, Expr right) -> Expr
Signed divide two expressions.

auto smod(Expr val, Expr mod) -> Expr
Signed modulo between two expressions.

auto smod(Expr val, cst_t mod) -> Expr
Signed modulo between two expressions.

auto smod(cst_t val, Expr mod) -> Expr
Signed modulo between two expressions.

auto mulh(Expr left, Expr right) -> Expr
Unsigned multiply two expressions (higher bits of result)

auto mulh(Expr left, cst_t right) -> Expr
Unsigned multiply two expressions (higher bits of result)

auto mulh(cst_t left, Expr right) -> Expr
Unsigned multiply two expressions (higher bits of result)

auto smull(Expr left, Expr right) -> Expr
Signed multiply two expressions (lower bits of result)

auto smull(Expr left, cst_t right) -> Expr
Signed multiply two expressions (lower bits of result)

auto smull(cst_t left, Expr right) -> Expr
Signed multiply two expressions (lower bits of result)

auto smulh(Expr left, Expr right) -> Expr
Signed multiply two expressions (higher bits of result)

auto smulh(Expr left, cst_t right) -> Expr
Signed multiply two expressions (higher bits of result)

auto smulh(cst_t left, Expr right) -> Expr
Signed multiply two expressions (higher bits of result)

auto operator~(Expr arg) -> Expr
Negate an expression.

auto operator-(Expr arg) -> Expr
Logical invert an expression.

auto operator<<(std::ostream& os, Expr e) -> std::ostream&
Print an expression in a stream.

auto __attribute__((always_inline)) overwrite_expr_bits(Expr old_expr -> Expr
Returns the expression resulting from overwriting the bits higher_bit to higher_bit-new_expr.size()+1 with the expression 'new_expr'. WARNING: 'new_expr' is expected to be small enough to overwrite 'old_expr' from the specified bit, no check for potential overflow is performed.

auto reserved_memory(MemEngine& mem) -> addr_t
This helper function returns the start address of a segment of size 0x1000 with RW permission named "Reserved". This segment is used internally to emulate some instructions/syscalls. If the segment doesn't yet exist it is created.

auto NewDefaultExprSimplifier() -> std::shared_ptr<ExprSimplifier>
Instanciate a new expression simplifier that uses all of Maat's built-in simplifier functions.

auto es_constant_folding(Expr e) -> Expr
Constant folding simplifier function.

auto es_neutral_elements(Expr e) -> Expr
Neutral elements simplifier function.

auto es_absorbing_elements(Expr e) -> Expr
Absorbing elements simplifier function.

auto es_arithmetic_properties(Expr e) -> Expr
Arithmetic simplification function.

auto es_involution(Expr e) -> Expr
Involution simplifier function.

auto es_extract_patterns(Expr e) -> Expr
Simplifier function for 'Extract' expressions.

auto es_basic_transform(Expr e) -> Expr
simplifier function

auto es_logical_properties(Expr e) -> Expr
Logical properties simplifier function.

auto es_concat_patterns(Expr e) -> Expr
Simplifier function for 'Concat' expressions.

auto es_basic_ite(Expr e) -> Expr
Simplifier function on If-Then-Else expressions.

auto es_arithmetic_factorize(Expr e) -> Expr
Factorization simplifier function.

auto es_generic_factorize(Expr e) -> Expr
Generic factorization simplifier function.

auto es_deep_associative(Expr e, ExprSimplifier& simp) -> Expr
Simplifier for repeated associative operation.

auto operator+(const Value& left, const Value& right) -> Value
Add two values.

auto operator+(const Value& left, cst_t right) -> Value
Add two values.

auto operator+(cst_t left, const Value& right) -> Value
Add two values.

auto operator-(const Value& left, const Value& right) -> Value
Subtract two values.

auto operator-(const Value& left, cst_t right) -> Value
Subtract two values.

auto operator-(cst_t left, const Value& right) -> Value
Subtract two values.

auto operator*(const Value& left, const Value& right) -> Value
Multiply two values.

auto operator*(const Value& left, cst_t right) -> Value
Multiply two values.

auto operator*(cst_t left, const Value& right) -> Value
Multiply two values.

auto operator/(const Value& left, const Value& right) -> Value
Unsigned divide two values.

auto operator/(const Value& left, cst_t right) -> Value
Unisgned divide two values.

auto operator/(cst_t left, const Value& right) -> Value
Unisigned divide two values.

auto operator&(const Value& left, const Value& right) -> Value
Logical AND between two values.

auto operator&(const Value& left, cst_t right) -> Value
Logical AND between two values.

auto operator&(cst_t left, const Value& right) -> Value
Logical AND between two values.

auto operator|(const Value& left, const Value& right) -> Value
Logical OR between two values.

auto operator|(const Value& left, cst_t right) -> Value
Logical OR between two values.

auto operator|(cst_t left, const Value& right) -> Value
Logical OR between two values.

auto operator^(const Value& left, const Value& right) -> Value
Logical XOR between two values.

auto operator^(const Value& left, cst_t right) -> Value
Logical XOR between two values.

auto operator^(cst_t left, const Value& right) -> Value
Logical XOR between two values.

auto operator%(const Value& left, const Value& right) -> Value
Unsigned modulo.

auto operator%(const Value& left, cst_t right) -> Value
Unsigned modulo.

auto operator%(cst_t left, const Value& right) -> Value
Unsigned modulo.

auto operator>>(const Value& left, const Value& right) -> Value
Logical shift right.

auto operator>>(const Value& left, cst_t right) -> Value
Logical shift right.

auto operator>>(cst_t left, const Value& right) -> Value
Logical shift right.

auto operator<<(const Value& left, const Value& right) -> Value
Logical shift left.

auto operator<<(const Value& left, cst_t right) -> Value
Logical shift left.

auto operator<<(cst_t left, const Value& right) -> Value
Logical shift left.

auto sar(const Value& arg, const Value& shift) -> Value
Arithmetic shift right.

auto sar(const Value& arg, cst_t shift) -> Value
Arithmetic shift right.

auto sar(cst_t arg, const Value& shift) -> Value
Arithmetic shift right.

auto sdiv(const Value& left, const Value& right) -> Value
Signed divide two values.

auto sdiv(const Value& left, cst_t right) -> Value
Signed divide two values.

auto sdiv(cst_t left, const Value& right) -> Value
Signed divide two values.

auto smod(const Value& val, const Value& mod) -> Value
Signed modulo.

auto smod(const Value& val, cst_t mod) -> Value
Signed modulo.

auto smod(cst_t val, const Value& mod) -> Value
Signed modulo.

auto operator~(const Value& arg) -> Value
Negate an expression.

auto operator-(const Value& arg) -> Value
Logical invert an expression.

auto extract(const Value& arg, unsigned long higher, unsigned long lower) -> Value
Extract bitfield from value.

auto concat(const Value& upper, const Value& lower) -> Value
Concatenate two values.

auto operator==(const Value& left, const Value& right) -> Constraint
Equality constraint.

auto operator==(const Value& left, cst_t right) -> Constraint
Equality constraint.

auto operator==(cst_t left, const Value& right) -> Constraint
Equality constraint.

auto operator!=(const Value& left, const Value& right) -> Constraint
Not-equal constraint.

auto operator!=(const Value& left, cst_t right) -> Constraint
Not-equal constraint.

auto operator!=(cst_t left, const Value& right) -> Constraint
Not-equal constraint.

auto operator<(const Value& left, const Value& right) -> Constraint
Less-than constraint.

auto operator<(const Value& left, cst_t right) -> Constraint
Less-than constraint.

auto operator<(cst_t left, const Value& right) -> Constraint
Less-than constraint.

auto operator<=(const Value& left, const Value& right) -> Constraint
Less-or-equal constraint.

auto operator<=(const Value& left, cst_t right) -> Constraint
Less-or-equal constraint.

auto operator<=(cst_t left, const Value& right) -> Constraint
Less-or-equal constraint.

auto operator>(const Value& left, const Value& right) -> Constraint
Greater-than constraint.

auto operator>(const Value& left, cst_t right) -> Constraint
Greater-than constraint.

auto operator>(cst_t left, const Value& right) -> Constraint
Greater-than constraint.

auto operator>=(const Value& left, const Value& right) -> Constraint
Greater-or-equal constraint.

auto operator>=(const Value& left, cst_t right) -> Constraint
Greater-or-equal constraint.

auto operator>=(cst_t left, const Value& right) -> Constraint
Greater-or-equal constraint.

❱   Enum documentation

enum class maat::Log

Log levels.

Enumerators
DEBUG

Debug.

INFO

Info.

WARNING

Warnings.

ERROR

Errors.

FATAL