`int3.codegen`

class int3.codegen.mutation_engine.MutationEngine(triple: Triple, raw_asm: bytes, bad_bytes: bytes)

Engine for managing code mutation passes applied to machine code.

clean() → CodeSegment: Attempt to clean bad bytes from the machine code wrapped by this engine.

class int3.codegen.code_generator.AsmGadget(text: str, bytes: bytes): An assembly gadget.

class int3.codegen.code_generator.CodeGenerator(arch: Architecture)

Common interface for emitting architecture-specific assembly.

compute_pc(result: RegType) → AsmGadget: Compute the program counter for the instruction following this gadget.

f(value: RegType | ImmType) → str: Format a register or immediate into a Keystone-consumable form.

class int3.codegen.code_segment.CodeSegment(triple: Triple, raw_asm: bytes, bad_bytes: bytes)

A side effect aware series of instructions.

static from_asm(triple: Triple, asm: str, bad_bytes: bytes = b'') → CodeSegment: Factory method to create an instance from raw machine code.

property is_clean: bool: Whether this segment doesn’t contain bad bytes.

make_clean_imm(bit_size: int | None = None) → int: Create an immediate value that won’t contain bad bytes when assembled.

property raw: bytes: Raw machine code for this segment.

scratch_regs_for_size(bit_size: int) → tuple[RegisterDef, ...]: Find candidate scratch registers for a given bit width.

class int3.codegen.passes.abc.InstructionMutationPass(segment: 'CodeSegment', bad_bytes: bytes)

choose(seq: Iterable[bytes]) → tuple[Instruction, ...]: Choose the shortest clean candidate byte sequence.

is_dirty(data: bytes) → bool: Return whether the byte sequence contains bad bytes.

abstractmethod mutate(insn: Instruction) → tuple[Instruction, ...]

Apply a mutation to an input instruction, producing equivalent instruction(s).

Returned sequences of instructions may include bad bytes, but will be skipped by the mutation engine.

abstractmethod should_mutate(insn: Instruction) → bool: Determine whether a mutation should fire.

to_instructions(data: bytes) → tuple[Instruction, ...]: Convert a byte sequence to Instruction instances.

class int3.codegen.passes.instruction_passes.AddSyscallOperandInstructionPass(segment: CodeSegment, bad_bytes: bytes)

Add an operand to a syscall instruction.

For example, the naked syscall instruction on Mips assembles to 0000000c, containing null bytes. The addition of an immediate operand encodes the immediate in the place of these null bytes.

mutate(insn: Instruction) → tuple[Instruction, ...]: Replace the syscall immediate operand.

should_mutate(insn: Instruction) → bool: Mutate syscall instructions.

class int3.codegen.passes.instruction_passes.FactorImmediateInstructionPass(segment: CodeSegment, bad_bytes: bytes)

Reconstruct an immediate operand across factored operations.

mutate(insn: Instruction) → tuple[Instruction, ...]: Factor immediate values into multiple instructions.

should_mutate(insn: Instruction) → bool: Mutate instructions that have reg and imm operands.

class int3.codegen.passes.instruction_passes.MoveSmallImmediateInstructionPass(segment: CodeSegment, bad_bytes: bytes)

Mutate small immediates into a series of increments.

mutate(insn: Instruction) → tuple[Instruction, ...]: Convert immediate values into a series of increments.

should_mutate(insn: Instruction) → bool: Mutate instructions with small immediate values.

int3.codegen

`int3.codegen`