本文整理汇总了C++中AnalysisProcessor::assignmentSpreadTaintExprReg方法的典型用法代码示例。如果您正苦于以下问题:C++ AnalysisProcessor::assignmentSpreadTaintExprReg方法的具体用法?C++ AnalysisProcessor::assignmentSpreadTaintExprReg怎么用?C++ AnalysisProcessor::assignmentSpreadTaintExprReg使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类AnalysisProcessor的用法示例。
在下文中一共展示了AnalysisProcessor::assignmentSpreadTaintExprReg方法的5个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: regImm
void TestIRBuilder::regImm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, op1, op2;
uint64 reg = this->operands[0].getValue();
uint64 imm = this->operands[1].getValue();
uint32 regSize = this->operands[0].getSize();
/* Create the SMT semantic */
op1 << ap.buildSymbolicRegOperand(reg, regSize);
op2 << smt2lib::bv(imm, regSize * REG_SIZE);
/* Finale expr */
expr << smt2lib::bvand(op1.str(), op2.str());
/* Create the symbolic element */
se = ap.createSE(inst, expr);
/* Apply the taint */
ap.assignmentSpreadTaintExprReg(se, reg);
/* Add the symbolic flags element to the current inst */
EflagsBuilder::clearFlag(inst, ap, ID_CF, "Clears carry flag");
EflagsBuilder::clearFlag(inst, ap, ID_OF, "Clears overflow flag");
EflagsBuilder::pf(inst, se, ap);
EflagsBuilder::sf(inst, se, ap, regSize);
EflagsBuilder::zf(inst, se, ap, regSize);
}示例2: regImm
void TestIRBuilder::regImm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *op1, *op2;
auto reg = this->operands[0].getReg();
auto imm = this->operands[1].getImm().getValue();
auto regSize = this->operands[0].getReg().getSize();
/* Create the SMT semantic */
op1 = ap.buildSymbolicRegOperand(reg, regSize);
op2 = smt2lib::bv(imm, regSize * REG_SIZE);
/* Finale expr */
expr = smt2lib::bvand(op1, op2);
/* Create the symbolic expression */
se = ap.createSE(inst, expr);
/* Apply the taint */
ap.assignmentSpreadTaintExprReg(se, reg);
/* Add the symbolic flags expression to the current inst */
EflagsBuilder::clearFlag(inst, ap, ID_TMP_CF, "Clears carry flag");
EflagsBuilder::clearFlag(inst, ap, ID_TMP_OF, "Clears overflow flag");
EflagsBuilder::pf(inst, se, ap, regSize);
EflagsBuilder::sf(inst, se, ap, regSize);
EflagsBuilder::zf(inst, se, ap, regSize);
}示例3: regImm
void CmpIRBuilder::regImm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *op1, *op2;
uint64 reg = this->operands[0].getValue();
uint64 imm = this->operands[1].getValue();
uint32 regSize = this->operands[0].getSize();
/* Create the SMT semantic */
op1 = ap.buildSymbolicRegOperand(reg, regSize);
op2 = smt2lib::bv(imm, regSize * REG_SIZE);
/* Finale expr */
expr = smt2lib::bvsub(op1, op2);
/* Create the symbolic expression */
se = ap.createSE(inst, expr, "Temporary Compare");
/* Apply the taint */
ap.assignmentSpreadTaintExprReg(se, reg);
/* Add the symbolic flags expression to the current inst */
EflagsBuilder::af(inst, se, ap, regSize, op1, op2);
EflagsBuilder::cfSub(inst, se, ap, op1, op2);
EflagsBuilder::ofSub(inst, se, ap, regSize, op1, op2);
EflagsBuilder::pf(inst, se, ap, regSize);
EflagsBuilder::sf(inst, se, ap, regSize);
EflagsBuilder::zf(inst, se, ap, regSize);
}示例4: regImm
void RcrIRBuilder::regImm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se1, *se2;
smt2lib::smtAstAbstractNode *expr, *op1, *op2, *cf, *res;
uint64 reg = this->operands[0].getValue();
uint64 imm = this->operands[1].getValue();
uint32 regSize = this->operands[0].getSize();
/* Create the SMT semantic */
cf = ap.buildSymbolicFlagOperand(ID_CF);
op1 = ap.buildSymbolicRegOperand(reg, regSize);
/*
* Note that SMT2-LIB doesn't support expression as rotate's value.
* The op2 must be the concretization's value.
*/
op2 = smt2lib::decimal(imm);
/* Rcl expression */
expr = smt2lib::bvror(
op2,
smt2lib::concat(cf, op1)
);
/* Temporary extended expression */
se1 = ap.createSE(inst, expr, "Temporary Extended Expression");
/* Apply the taint */
ap.assignmentSpreadTaintExprReg(se1, reg);
/* Result expression */
res = smt2lib::extract((regSize * REG_SIZE) - 1, 0, expr);
/* Create the symbolic expression for the result */
se2 = ap.createRegSE(inst, res, reg, regSize);
/* Apply the taint */
ap.aluSpreadTaintRegReg(se2, reg, reg);
/* Add the symbolic flags expression to the current inst */
EflagsBuilder::cfRcl(inst, se1, ap, regSize, op2); /* Same as RCL */
EflagsBuilder::ofRor(inst, se2, ap, regSize, op2); /* Same as ROR */
}示例5: regReg
void RclIRBuilder::regReg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se1, *se2;
smt2lib::smtAstAbstractNode *expr, *op1, *op2, *cf, *res;
auto reg1 = this->operands[0].getReg();
auto regSize1 = this->operands[0].getReg().getSize();
/* Create the SMT semantic */
cf = ap.buildSymbolicFlagOperand(ID_TMP_CF);
op1 = ap.buildSymbolicRegOperand(reg1, regSize1);
/*
* Note that SMT2-LIB doesn't support expression as rotate's value.
* The op2 must be the concretization's value.
*/
op2 = smt2lib::decimal(ap.getRegisterValue(ID_TMP_RCX) & 0xff); /* 0xff -> There is only CL available */
/* Rcl expression */
expr = smt2lib::bvrol(
op2,
smt2lib::concat(cf, op1)
);
/* Temporary extended expression */
se1 = ap.createSE(inst, expr, "Temporary Extended Expression");
/* Apply the taint */
ap.assignmentSpreadTaintExprReg(se1, reg1);
/* Result expression */
res = smt2lib::extract((regSize1 * REG_SIZE) - 1, 0, expr);
/* Create the symbolic expression */
se2 = ap.createRegSE(inst, res, reg1, regSize1);
/* Apply the taint */
ap.aluSpreadTaintRegReg(se2, reg1, reg1);
/* Add the symbolic flags expression to the current inst */
EflagsBuilder::cfRcl(inst, se1, ap, regSize1, op2);
EflagsBuilder::ofRol(inst, se2, ap, regSize1, op2); /* Same as ROL */
}