本文整理汇总了C++中AnalysisProcessor::aluSpreadTaintRegReg方法的典型用法代码示例。如果您正苦于以下问题:C++ AnalysisProcessor::aluSpreadTaintRegReg方法的具体用法?C++ AnalysisProcessor::aluSpreadTaintRegReg怎么用?C++ AnalysisProcessor::aluSpreadTaintRegReg使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类AnalysisProcessor的用法示例。
在下文中一共展示了AnalysisProcessor::aluSpreadTaintRegReg方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: imm
void JleIRBuilder::imm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *sf, *of, *zf;
auto imm = this->operands[0].getImm().getValue();
/* Create the SMT semantic */
sf = ap.buildSymbolicFlagOperand(ID_TMP_SF);
of = ap.buildSymbolicFlagOperand(ID_TMP_OF);
zf = ap.buildSymbolicFlagOperand(ID_TMP_ZF);
/*
* Finale expr
* JLE: Jump if less or equal ((SF^OF | ZF) == 1).
* SMT: ( = (bvor (bvxor sf of) zf) TRUE)
*/
expr = smt2lib::ite(
smt2lib::equal(
smt2lib::bvor(smt2lib::bvxor(sf, of), zf),
smt2lib::bvtrue()
),
smt2lib::bv(imm, REG_SIZE_BIT),
smt2lib::bv(this->nextAddress, REG_SIZE_BIT));
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, ID_TMP_RIP, REG_SIZE, "RIP");
/* Apply the taint */
ap.aluSpreadTaintRegReg(se, ID_TMP_RIP, ID_TMP_SF);
ap.aluSpreadTaintRegReg(se, ID_TMP_RIP, ID_TMP_OF);
ap.aluSpreadTaintRegReg(se, ID_TMP_RIP, ID_TMP_ZF);
/* Add the constraint in the PathConstraints list */
ap.addPathConstraint(se->getID());
}示例2: regReg
void SubIRBuilder::regReg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *op1, *op2;
auto reg1 = this->operands[0].getReg();
auto reg2 = this->operands[1].getReg();
auto regSize1 = this->operands[0].getReg().getSize();
auto regSize2 = this->operands[1].getReg().getSize();
/* Create the SMT semantic */
op1 = ap.buildSymbolicRegOperand(reg1, regSize1);
op2 = ap.buildSymbolicRegOperand(reg2, regSize2);
// Final expr
expr = smt2lib::bvsub(op1, op2);
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, reg1, regSize1);
/* Apply the taint */
ap.aluSpreadTaintRegReg(se, reg1, reg2);
/* Add the symbolic flags expression to the current inst */
EflagsBuilder::af(inst, se, ap, regSize1, op1, op2);
EflagsBuilder::cfSub(inst, se, ap, regSize1, op1, op2);
EflagsBuilder::ofSub(inst, se, ap, regSize1, op1, op2);
EflagsBuilder::pf(inst, se, ap, regSize1);
EflagsBuilder::sf(inst, se, ap, regSize1);
EflagsBuilder::zf(inst, se, ap, regSize1);
}示例3: regReg
void AddIRBuilder::regReg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, op1, op2;
uint64_t reg1 = this->operands[0].getValue();
uint64_t reg2 = this->operands[1].getValue();
uint32_t regSize1 = this->operands[0].getSize();
uint32_t regSize2 = this->operands[1].getSize();
/* Create the SMT semantic */
op1 << ap.buildSymbolicRegOperand(reg1, regSize1);
op2 << ap.buildSymbolicRegOperand(reg2, regSize2);
// Final expr
expr << smt2lib::bvadd(op1.str(), op2.str());
/* Create the symbolic element */
se = ap.createRegSE(inst, expr, reg1, regSize1);
/* Apply the taint */
ap.aluSpreadTaintRegReg(se, reg1, reg2);
/* Add the symbolic flags element to the current inst */
EflagsBuilder::af(inst, se, ap, regSize1, op1, op2);
EflagsBuilder::cfAdd(inst, se, ap, op1);
EflagsBuilder::ofAdd(inst, se, ap, regSize1, op1, op2);
EflagsBuilder::pf(inst, se, ap);
EflagsBuilder::sf(inst, se, ap, regSize1);
EflagsBuilder::zf(inst, se, ap, regSize1);
}示例4: imm
void JnsIRBuilder::imm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *sf;
auto imm = this->operands[0].getImm().getValue();
/* Create the SMT semantic */
sf = ap.buildSymbolicFlagOperand(ID_TMP_SF);
/* Finale expr */
expr = smt2lib::ite(
smt2lib::equal(
sf,
smt2lib::bvfalse()),
smt2lib::bv(imm, REG_SIZE_BIT),
smt2lib::bv(this->nextAddress, REG_SIZE_BIT));
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, ID_TMP_RIP, REG_SIZE, "RIP");
/* Apply the taint */
ap.aluSpreadTaintRegReg(se, ID_TMP_RIP, ID_TMP_SF);
/* Add the constraint in the PathConstraints list */
ap.addPathConstraint(se->getID());
}示例5: regReg
void RolIRBuilder::regReg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *op1, *op2;
uint64 reg1 = this->operands[0].getValue();
uint32 regSize1 = this->operands[0].getSize();
/* Create the SMT semantic */
op1 = ap.buildSymbolicRegOperand(reg1, regSize1);
/*
* Note that SMT2-LIB doesn't support expression as rotate's value.
* The op2 must be the concretization's value.
*/
op2 = smt2lib::decimal(ap.getRegisterValue(ID_RCX) & 0xff); /* 0xff -> There is only CL available */
// Final expr
expr = smt2lib::bvrol(op2, op1);
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, reg1, regSize1);
/* Apply the taint */
ap.aluSpreadTaintRegReg(se, reg1, reg1);
/* Add the symbolic flags expression to the current inst */
EflagsBuilder::cfRol(inst, se, ap, op2);
EflagsBuilder::ofRol(inst, se, ap, regSize1, op2);
}示例6: regReg
void ShlIRBuilder::regReg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, op1, op2;
uint64 reg = this->operands[0].getValue();
uint32 regSize = this->operands[0].getSize();
/* Create the SMT semantic */
op1 << ap.buildSymbolicRegOperand(reg, regSize);
op2 << smt2lib::zx(ap.buildSymbolicRegOperand(ID_RCX, 1), (regSize - 1) * REG_SIZE);
/* Finale expr */
expr << smt2lib::bvshl(op1.str(), op2.str());
/* Create the symbolic element */
se = ap.createRegSE(inst, expr, reg, regSize);
/* Apply the taint */
ap.aluSpreadTaintRegReg(se, reg, reg);
/* Add the symbolic flags element to the current inst */
EflagsBuilder::cfShl(inst, se, ap, regSize, op1, op2);
EflagsBuilder::ofShl(inst, se, ap, regSize, op1, op2);
EflagsBuilder::pfShl(inst, se, ap, regSize, op2);
EflagsBuilder::sfShl(inst, se, ap, regSize, op2);
EflagsBuilder::zfShl(inst, se, ap, regSize, op2);
}示例7: regImm
void RolIRBuilder::regImm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *op1, *op2;
uint64 reg = this->operands[0].getValue();
uint64 imm = this->operands[1].getValue();
uint32 regSize = this->operands[0].getSize();
/* Create the SMT semantic */
op1 = ap.buildSymbolicRegOperand(reg, regSize);
/*
* Note that SMT2-LIB doesn't support expression as rotate's value.
* The op2 must be the concretization's value.
*/
op2 = smt2lib::decimal(imm);
/* Finale expr */
expr = smt2lib::bvrol(op2, op1);
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, reg, regSize);
/* Apply the taint */
ap.aluSpreadTaintRegReg(se, reg, reg);
/* Add the symbolic flags expression to the current inst */
EflagsBuilder::cfRol(inst, se, ap, op2);
EflagsBuilder::ofRol(inst, se, ap, regSize, op2);
}示例8: regReg
void RorIRBuilder::regReg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, op1, op2;
uint64 reg1 = this->operands[0].getValue();
uint32 regSize1 = this->operands[0].getSize();
/* Create the SMT semantic */
op1 << ap.buildSymbolicRegOperand(reg1, regSize1);
/*
* Note that SMT2-LIB doesn't support expression as rotate's value.
* The op2 must be the concretization's value.
*/
op2 << (ap.getRegisterValue(ID_RCX) & 0xff); /* 0xff -> There is only CL available */
// Final expr
expr << smt2lib::bvror(op1.str(), op2.str());
/* Create the symbolic element */
se = ap.createRegSE(inst, expr, reg1, regSize1);
/* Apply the taint */
ap.aluSpreadTaintRegReg(se, reg1, reg1);
/* Add the symbolic flags element to the current inst */
EflagsBuilder::cfRor(inst, se, ap, regSize1, op2);
EflagsBuilder::ofRor(inst, se, ap, regSize1, op2);
}示例9: regImm
void RorIRBuilder::regImm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, op1, op2;
uint64 reg = this->operands[0].getValue();
uint64 imm = this->operands[1].getValue();
uint32 regSize = this->operands[0].getSize();
/* Create the SMT semantic */
op1 << ap.buildSymbolicRegOperand(reg, regSize);
/*
* Note that SMT2-LIB doesn't support expression as rotate's value.
* The op2 must be the concretization's value.
*/
op2 << imm;
/* Finale expr */
expr << smt2lib::bvror(op1.str(), op2.str());
/* Create the symbolic element */
se = ap.createRegSE(inst, expr, reg, regSize);
/* Apply the taint */
ap.aluSpreadTaintRegReg(se, reg, reg);
/* Add the symbolic flags element to the current inst */
EflagsBuilder::cfRor(inst, se, ap, regSize, op2);
EflagsBuilder::ofRor(inst, se, ap, regSize, op2);
}示例10: regReg
void ShlIRBuilder::regReg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *op1, *op2;
auto reg = this->operands[0].getReg();
auto regSize = this->operands[0].getReg().getSize();
/* Create the SMT semantic */
op1 = ap.buildSymbolicRegOperand(reg, regSize);
/* op2 = 8 bits register (CL) */
op2 = smt2lib::zx((regSize - BYTE_SIZE) * REG_SIZE, ap.buildSymbolicRegOperand(ID_TMP_RCX, 1));
/* Finale expr */
expr = smt2lib::bvshl(op1, op2);
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, reg, regSize);
/* Apply the taint */
ap.aluSpreadTaintRegReg(se, reg, reg);
/* Add the symbolic flags expression to the current inst */
EflagsBuilder::cfShl(inst, se, ap, regSize, op1, op2);
EflagsBuilder::ofShl(inst, se, ap, regSize, op1, op2);
EflagsBuilder::pfShl(inst, se, ap, regSize, op2);
EflagsBuilder::sfShl(inst, se, ap, regSize, op2);
EflagsBuilder::zfShl(inst, se, ap, regSize, op2);
}示例11: reg
void NegIRBuilder::reg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *op1;
auto reg = this->operands[0].getReg();
auto regSize = this->operands[0].getReg().getSize();
/* Create the SMT semantic */
op1 = ap.buildSymbolicRegOperand(reg, regSize);
/* Finale expr */
expr = smt2lib::bvneg(op1);
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, reg, regSize);
/* Apply the taint */
ap.aluSpreadTaintRegReg(se, reg, reg);
/* Add the symbolic flags expression to the current inst */
EflagsBuilder::afNeg(inst, se, ap, regSize, op1);
EflagsBuilder::cfNeg(inst, se, ap, regSize, op1);
EflagsBuilder::ofNeg(inst, se, ap, regSize, op1);
EflagsBuilder::pf(inst, se, ap, regSize);
EflagsBuilder::sf(inst, se, ap, regSize);
EflagsBuilder::zf(inst, se, ap, regSize);
}示例12: reg
void NegIRBuilder::reg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, op1, cfExpr;
uint64_t reg = this->operands[0].getValue();
uint32_t regSize = this->operands[0].getSize();
/* Create the SMT semantic */
op1 << ap.buildSymbolicRegOperand(reg, regSize);
/* Finale expr */
expr << smt2lib::bvneg(op1.str());
/* Create the symbolic element */
se = ap.createRegSE(inst, expr, reg, regSize);
/* Apply the taint */
ap.aluSpreadTaintRegReg(se, reg, reg);
/* Add the symbolic flags element to the current inst */
EflagsBuilder::afNeg(inst, se, ap, regSize, op1);
EflagsBuilder::cfNeg(inst, se, ap, regSize, op1);
EflagsBuilder::ofNeg(inst, se, ap, regSize, op1);
EflagsBuilder::pf(inst, se, ap);
EflagsBuilder::sf(inst, se, ap, regSize);
EflagsBuilder::zf(inst, se, ap, regSize);
}示例13: regReg
void OrIRBuilder::regReg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *op1, *op2;
auto reg1 = this->operands[0].getReg();
auto reg2 = this->operands[1].getReg();
auto regSize1 = this->operands[0].getReg().getSize();
auto regSize2 = this->operands[1].getReg().getSize();
/* Create the SMT semantic */
op1 = ap.buildSymbolicRegOperand(reg1, regSize1);
op2 = ap.buildSymbolicRegOperand(reg2, regSize2);
/* Final expr */
expr = smt2lib::bvor(op1, op2);
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, reg1, regSize1);
/* Apply the taint */
ap.aluSpreadTaintRegReg(se, reg1, reg2);
/* Add the symbolic flags expression to the current inst */
EflagsBuilder::clearFlag(inst, ap, ID_TMP_CF, "Clears carry flag");
EflagsBuilder::clearFlag(inst, ap, ID_TMP_OF, "Clears overflow flag");
EflagsBuilder::pf(inst, se, ap, regSize1);
EflagsBuilder::sf(inst, se, ap, regSize1);
EflagsBuilder::zf(inst, se, ap, regSize1);
}示例14: regImm
void SarIRBuilder::regImm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *op1, *op2;
uint64 reg = this->operands[0].getValue();
uint64 imm = this->operands[1].getValue();
uint32 regSize = this->operands[0].getSize();
/* Create the SMT semantic */
op1 = ap.buildSymbolicRegOperand(reg, regSize);
op2 = smt2lib::bv(imm, regSize * REG_SIZE);
/* Finale expr */
expr = smt2lib::bvashr(op1, op2);
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, reg, regSize);
/* Apply the taint */
ap.aluSpreadTaintRegReg(se, reg, reg);
/* Add the symbolic flags expression to the current inst */
EflagsBuilder::cfSar(inst, se, ap, regSize, op1, op2);
EflagsBuilder::ofSar(inst, se, ap, regSize, op2);
EflagsBuilder::pfShl(inst, se, ap, regSize, op2); /* Same that shl */
EflagsBuilder::sfShl(inst, se, ap, regSize, op2); /* Same that shl */
EflagsBuilder::zfShl(inst, se, ap, regSize, op2); /* Same that shl */
}示例15: reg
void BswapIRBuilder::reg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *op1;
auto reg = this->operands[0].getReg().getTritonRegId();
auto regSize = this->operands[0].getReg().getSize();
/* Create the SMT semantic */
op1 = ap.buildSymbolicRegOperand(reg, regSize);
std::list<smt2lib::smtAstAbstractNode *> bytes;
switch (regSize) {
case QWORD_SIZE:
bytes.push_front(smt2lib::extract(63, 56, op1));
bytes.push_front(smt2lib::extract(55, 48, op1));
bytes.push_front(smt2lib::extract(47, 40, op1));
bytes.push_front(smt2lib::extract(39, 32, op1));
case DWORD_SIZE:
bytes.push_front(smt2lib::extract(31, 24, op1));
bytes.push_front(smt2lib::extract(23, 16, op1));
bytes.push_front(smt2lib::extract(15, 8, op1));
bytes.push_front(smt2lib::extract(7, 0, op1));
break;
default:
throw std::runtime_error("Error: BswapIRBuilder::reg() - Invalid register size");
}
/* Finale expr */
expr = smt2lib::concat(bytes);
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, reg, regSize);
/* Apply the taint */
ap.aluSpreadTaintRegReg(se, reg, reg);
}