avatar2.targets package

Submodules

avatar2.targets.dummy_target module

class avatar2.targets.dummy_target.DummyTarget(name, avatar)

Bases: avatar2.targets.target.Target

This is a Dummy target that can be used for testing purposes. It simulates a device that randomly reads from forwarded memory ranges and triggers breakpoints.

cont()
get_status()
init()
read_memory(*args, **kwargs)
remove_breakpoint(breakpoint)
sendResponse(id, value, success)
set_breakpoint(line, hardware=False, temporary=False, regex=False, condition=None, ignore_count=0, thread=0)
shutdown()
stop()
write_memory(addr, size, val)

avatar2.targets.gdb_target module

class avatar2.targets.gdb_target.GDBTarget(name, avatar, gdb_executable='gdb', gdb_additional_args=[], gdb_port=3333, gdb_serial_device='/dev/ttyACM0', gdb_serial_baud_rate=38400, gdb_serial_parity='none', serial=False)

Bases: avatar2.targets.target.Target

init()

avatar2.targets.openocd_target module

class avatar2.targets.openocd_target.OpenOCDTarget(name, avatar, executable='openocd', openocd_script=None, additional_args=[], telnet_port=4444, gdb_executable='gdb', gdb_additional_args=[], gdb_port=3333)

Bases: avatar2.targets.target.Target

init()

avatar2.targets.panda_target module

class avatar2.targets.panda_target.PandaTarget(name, avatar, executable='qemu-system-', cpu_model=None, firmware=None, gdb_executable='gdb', gdb_port=3333, additional_args=[], gdb_additional_args=[], qmp_port=3334, entry_address=0)

Bases: avatar2.targets.qemu_target.QemuTarget

begin_record(record_name)

Starts recording the execution in PANDA

Parameters:record_name – The name of the record file
begin_replay(replay_name)

Starts replaying a captured replay

Parameters:replay_name – The name of the file to be replayed
end_record()

Stops recording the execution in PANDA

end_replay()

Stops a current ongoing replay

init(*args, **kwargs)
list_plugins()

Lists the laoded PANDA plugins

Returns:a list with the loaded panda_plugins
load_plugin(plugin_name, plugin_args=None, file_name=None)

Loads a PANDA plugin

Parameters:
  • plugin_name – The name of the plugin to be loaded
  • plugin_args – Arguments to be passed to the plugin, aseperated by commas
  • file_name – Absolute path to the plugin shared object file, in case that the default one should not be used
unload_plugin(plugin_name)

Unloads a PANDA plugin

Parameters:plugin_name – The name of the plugin to be unloaded
Returns:True if the requested plugin was present

avatar2.targets.qemu_target module

class avatar2.targets.qemu_target.QemuTarget(name, avatar, executable='qemu-system-', cpu_model=None, firmware=None, gdb_executable='gdb', gdb_port=3333, additional_args=[], gdb_additional_args=[], qmp_port=3334, entry_address=0)

Bases: avatar2.targets.target.Target

QEMU_CONFIG_FILE = 'conf.json'
assemble_cmd_line()
generate_configuration()

Generates the configuration passed to avatar-qemus configurable machine

init()

Spawns a Qemu process and connects to it

shutdown()

avatar2.targets.target module

class avatar2.targets.target.Target(name, avatar)

Bases: object

The Target object is one of Avatars core concept, as Avatar orchestrate different targets. While the generic target has no implementation, it provides an insight over all the functions a Target MUST implement

cont()

Continues the execution of the target :returns: True on success

get_status()

Returns useful information about the target as a dict.

init()

Initializes the target to start the analyses

read_memory(address, size, words=1, raw=False)

Reading from memory of the target

Parameters:
  • address – The address to read from
  • size – The size of a read word
  • words – The amount of words to read (default: 1)
  • raw – Whether the read memory is returned unprocessed
Returns:

The read memory
read_register(register)

Reading a register from the target

Parameters:register – The name of the register
Returns:The actual value read from the register
remove_breakpoint(bkptno)

Deletes a breakpoint

rm(address, size, words=1, raw=False)

Reading from memory of the target

Parameters:
  • address – The address to read from
  • size – The size of a read word
  • words – The amount of words to read (default: 1)
  • raw – Whether the read memory is returned unprocessed
Returns:

The read memory
rr(register)

Reading a register from the target

Parameters:register – The name of the register
Returns:The actual value read from the register
set_breakpoint(line, hardware=False, temporary=False, regex=False, condition=None, ignore_count=0, thread=0)

Inserts a breakpoint

Parameters:
  • hardware (bool) – Hardware breakpoint
  • tempory (bool) – Tempory breakpoint
  • regex (str) – If set, inserts breakpoints matching the regex
  • condition (str) – If set, inserts a breakpoint with the condition
  • ignore_count (int) – Amount of times the bp should be ignored
  • thread (int) – Threadno in which this breakpoints should be added
set_watchpoint(variable, write=True, read=False)

Inserts a watchpoint

Parameters:
  • variable – The name of a variable or an address to watch
  • write (bool) – Write watchpoint
  • read (bool) – Read watchpoint
shutdown()

Shutdowns the target

step()

Steps one instruction

stop()

Stops the execution of the target

update_state(state)
wait()
wm(address, size, value, num_words=1, raw=False)

Writing to memory of the target

Parameters:
  • address – The address from where the memory-write should start
  • size – The size of the memory write
  • value – The actual value written to memory
  • num_words – The amount of words to read
  • raw – Specifies whether to write in raw or word mode
Returns:

True on success else False
wr(register, value)

Writing a register to the target

Parameters:
  • register – The name of the register
  • value – The actual value written to the register
write_memory(address, size, value, num_words=1, raw=False)

Writing to memory of the target

Parameters:
  • address – The address from where the memory-write should start
  • size – The size of the memory write
  • value – The actual value written to memory
  • num_words – The amount of words to read
  • raw – Specifies whether to write in raw or word mode
Returns:

True on success else False
write_register(register, value)

Writing a register to the target

Parameters:
  • register – The name of the register
  • value – The actual value written to the register
class avatar2.targets.target.TargetStates

Bases: enum.Enum

A simple Enum for the different states a target can be in.

CREATED = 1
EXITED = 32
INITIALIZED = 2
RUNNING = 8
STOPPED = 4
SYNCHING = 16
avatar2.targets.target.action_valid_decorator_factory(state, protocol)

This decorator factory is used to generate decorators which verify that requested actions on a target, such as step(), stop(), read_register(), write_register() and so on are actually executable.

Parameters:
  • state (An entry of the Enum TargetStates) – The required state of the Target
  • protocol (str) – The protocol required to execute the action.

Module contents