https://triton-library.github.io/

cmake -DPYTHON_INCLUDE_DIR=/opt/homebrew/Cellar/python@3.9/3.9.13_1/Frameworks/Python.framework/Headers -DPYTHON_LIBRARY=/opt/homebrew/Cellar/python@3.9/3.9.13_1/Frameworks/Python.framework/Versions/3.9/lib/libpython3.9.dylib ..

ld: cannot link directly with dylib/framework, your binary is not an allowed client of /Library/Developer/CommandLineTools/SDKs/MacOSX12.1.sdk/usr/lib/libpython.tbd for architecture arm64

set(PYTHON_INCLUDE_DIRS "/opt/homebrew/Cellar/[email protected]/3.9.13_1/Frameworks/Python.framework/Headers")set(PYTHON_LIBRARYS "/opt/homebrew/Cellar/[email protected]/3.9.13_1/Frameworks/Python.framework/Versions/3.9/lib/libpython3.9.dylib")
set(CMAKE_C_FLAGS "-lpython3.9")set(CMAKE_CXX_FLAGS "-lpython3.9")

sudo rm -rf /Library/Developer/CommandLineToolsxcode-select --installbrew install Boostcmake  -G "Xcode" .. -DCMAKE_C_COMPILER=/usr/bin/clang  -DCMAKE_CXX_COMPILER=/usr/bin/clang++

#!/usr/bin/env python3## -*- coding: utf-8 -*-#### Output####  $ python3 ir.py##  400000: mov rax, qword ptr [rip + 0x13b8]##          ref!0 = (concat ((_ extract 7 0) (_ bv0 8)) ((_ extract 7 0) (_ bv49 8)) ((_ extract 7 0) (_ bv0 8)) ((_ extract 7 0) (_ bv50 8)) ((_ extract 7 0) (_ bv0 8)) ((_ extract 7 0) (_ bv51 8)) ((_ extract 7 0) (_ bv0 8)) ((_ extract 7 0) (_ bv52 8))) ; MOV operation##          ref!1 = (_ bv4194311 64) ; Program Counter####  400007: lea rsi, qword ptr [rbx + rax*8]##          ref!2 = (bvadd (_ bv0 64) (bvadd (_ bv67890 64) (bvmul ((_ extract 63 0) ref!0) (_ bv8 64)))) ; LEA operation##          ref!3 = (_ bv4194315 64) ; Program Counter####  40000b: lea rsi, dword ptr [ebx + eax*8 + 0xa]##          ref!4 = ((_ zero_extend 32) (bvadd (_ bv10 32) (bvadd (_ bv67890 32) (bvmul ((_ extract 31 0) ref!0) (_ bv8 32))))) ; LEA operation##          ref!5 = (_ bv4194321 64) ; Program Counter####  400011: pmovmskb edx, xmm1##          ref!6 = ((_ zero_extend 32) ((_ zero_extend 16) (concat ((_ extract 127 127) (_ bv0 128)) ((_ extract 119 119) (_ bv0 128)) ((_ extract 111 111) (_ bv0 128)) ((_ extract 103 103) (_ bv0 128)) ((_ extract 95 95) (_ bv0 128)) ((_ extract 87 87) (_ bv0 128)) ((_ extract 79 79) (_ bv0 128)) ((_ extract 71 71) (_ bv0 128)) ((_ extract 63 63) (_ bv0 128)) ((_ extract 55 55) (_ bv0 128)) ((_ extract 47 47) (_ bv0 128)) ((_ extract 39 39) (_ bv0 128)) ((_ extract 31 31) (_ bv0 128)) ((_ extract 23 23) (_ bv0 128)) ((_ extract 15 15) (_ bv0 128)) ((_ extract 7 7) (_ bv0 128))))) ; PMOVMSKB operation##          ref!7 = (_ bv4194325 64) ; Program Counter####  400015: mov eax, edx##          ref!8 = ((_ zero_extend 32) ((_ extract 31 0) ref!6)) ; MOV operation##          ref!9 = (_ bv4194327 64) ; Program Counter####  400017: xor ah, 0x99##          ref!10 = (concat ((_ extract 63 16) ((_ extract 63 0) ref!8)) (concat (bvxor ((_ extract 15 8) ref!8) (_ bv153 8)) ((_ extract 7 0) ((_ extract 63 0) ref!8)))) ; XOR operation##          ref!11 = (_ bv0 1) ; Clears carry flag##          ref!12 = (_ bv0 1) ; Clears overflow flag##          ref!13 = (bvxor (bvxor (bvxor (bvxor (bvxor (bvxor (bvxor (bvxor (_ bv1 1) ((_ extract 0 0) (bvlshr ((_ extract 15 8) ref!10) (_ bv0 8)))) ((_ extract 0 0) (bvlshr ((_ extract 15 8) ref!10) (_ bv1 8)))) ((_ extract 0 0) (bvlshr ((_ extract 15 8) ref!10) (_ bv2 8)))) ((_ extract 0 0) (bvlshr ((_ extract 15 8) ref!10) (_ bv3 8)))) ((_ extract 0 0) (bvlshr ((_ extract 15 8) ref!10) (_ bv4 8)))) ((_ extract 0 0) (bvlshr ((_ extract 15 8) ref!10) (_ bv5 8)))) ((_ extract 0 0) (bvlshr ((_ extract 15 8) ref!10) (_ bv6 8)))) ((_ extract 0 0) (bvlshr ((_ extract 15 8) ref!10) (_ bv7 8)))) ; Parity flag##          ref!14 = ((_ extract 15 15) ref!10) ; Sign flag##          ref!15 = (ite (= ((_ extract 15 8) ref!10) (_ bv0 8)) (_ bv1 1) (_ bv0 1)) ; Zero flag##          ref!16 = (_ bv4194330 64) ; Program Counter##
from __future__ import print_functionfrom triton     import TritonContext, ARCH, Instruction, REG, MemoryAccess
import sys

code = [    (0x400000, b"\x48\x8b\x05\xb8\x13\x00\x00"), # mov        rax, QWORD PTR [rip+0x13b8]    (0x400007, b"\x48\x8d\x34\xc3"),             # lea        rsi, [rbx+rax*8]    (0x40000b, b"\x67\x48\x8D\x74\xC3\x0A"),     # lea        rsi, [ebx+eax*8+0xa]    (0x400011, b"\x66\x0F\xD7\xD1"),             # pmovmskb   edx, xmm1    (0x400015, b"\x89\xd0"),                     # mov        eax, edx    (0x400017, b"\x80\xf4\x99"),                 # xor        ah, 0x99    (0x40001a, b"\xC5\xFD\x6F\xCA"),             # vmovdqa    ymm1, ymm2]


if __name__ == '__main__':
    Triton = TritonContext()    Triton.setArchitecture(ARCH.X86_64)
    for (addr, opcode) in code:        # Build an instruction        inst = Instruction()
        # Setup opcode        inst.setOpcode(opcode)
        # Setup Address        inst.setAddress(addr)
        # Process everything        Triton.processing(inst)
        # Display instruction        print(inst)
        # Display symbolic expressions        for expr in inst.getSymbolicExpressions():            print('\t', expr)
        print()
    sys.exit(0)

# Triton视频教程## Triton介绍与环境搭建* 1.课程介绍* 2.学习必备条件* 3.Triton编译与安装* 4.简单使用与源码框架了解* 5.实现一个最简单的my_qemu(kvm)* 6.xcode调试环境搭建* 7.python运行环境问题(Mac)* 8.第一个Triton简单程序(cpp)* 9.第二个Triton简单程序(python)* 10.shellcode模拟执行## 模拟x86_64架构* 11.模拟单个参数函数与获取返回值* 12.模拟多个参数函数* 13.模拟获取全局变量函数* 14.外部符合libc库函数调用模拟* 15.模拟多个函数调用链* 16.复杂结体参数传递### 模拟常用算法(x86_64)* 17.Triton模拟base64编码* 18.Triton模拟aes算法* 19.Triton模拟rc4算法* 20.Triton模拟des算法* 21.Triton其它算法模拟思路### 跟unicorn对比* 22.模拟执行对比unicorn* 23.设计构架对比unicorn* 24.hook指令对比unicorn* 25.事件回调对比unicorn* 26.高级话题对比unicorn## arm64架构模拟* 27.arm64函数参数与返回值模拟* 28.arm64模拟多个参数函数* 29.arm64模拟获取全局变量函数* 30.arm64构架中的算法模拟* 31.android中模拟与JNI交互* 32.JNI模拟call java函数## 高级部分  * 33.可执行文件加载* 34.hook库函数(libc) * 35.符号执行介绍* 39.符号执行简单案例* 40.符号执行-代码约束* 41.符号执行-状态约束* 42.符号化寄存器* 43.符号化寄存器* 44.符号化栈上的值* 45.符号化内存* 46.符号化动态内存* 47.符号化文件内容* 48.符号执行-内存约束* 49.符号执行-函数地址hook* 50.符号执行-函数名称hook* 51.符号执行-scanf函数hook* 52.符号执行-静态库函数hook* 53.符号执行-动态库函数hook* 54.混合符号执行* 55.符号执行-任意地址读* 56.符号执行-任意地址写* 57.符号执行-任意地址跳转* 36.污点分析介绍* 58.污点分析案例* 59.Triton反混淆