本文整理汇总了C++中AnalysisProcessor::assignmentSpreadTaintRegReg方法的典型用法代码示例。如果您正苦于以下问题:C++ AnalysisProcessor::assignmentSpreadTaintRegReg方法的具体用法?C++ AnalysisProcessor::assignmentSpreadTaintRegReg怎么用?C++ AnalysisProcessor::assignmentSpreadTaintRegReg使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类AnalysisProcessor的用法示例。
在下文中一共展示了AnalysisProcessor::assignmentSpreadTaintRegReg方法的14个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: reg
void SetnbeIRBuilder::reg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *cf, *zf;
auto reg = this->operands[0].getReg();
auto regSize = this->operands[0].getReg().getSize();
/* Create the SMT semantic */
cf = ap.buildSymbolicFlagOperand(ID_TMP_CF);
zf = ap.buildSymbolicFlagOperand(ID_TMP_ZF);
/* Finale expr */
expr = smt2lib::ite(
smt2lib::equal(
smt2lib::bvand(
smt2lib::bvnot(cf),
smt2lib::bvnot(zf)
),
smt2lib::bvtrue()),
smt2lib::bv(1, BYTE_SIZE_BIT),
smt2lib::bv(0, BYTE_SIZE_BIT));
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, reg, regSize);
/* Apply the taint via the concretization */
if (ap.getFlagValue(ID_TMP_CF) == 0 && ap.getFlagValue(ID_TMP_ZF) == 0) {
if (ap.isRegTainted(ID_TMP_CF) == TAINTED)
ap.assignmentSpreadTaintRegReg(se, reg, ID_TMP_CF);
else
ap.assignmentSpreadTaintRegReg(se, reg, ID_TMP_ZF);
}
}示例2: reg
void SetlIRBuilder::reg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, reg1e, sf, of;
uint64_t reg = this->operands[0].getValue();
uint64_t regSize = this->operands[0].getSize();
/* Create the flag SMT semantic */
sf << ap.buildSymbolicFlagOperand(ID_SF);
of << ap.buildSymbolicFlagOperand(ID_OF);
reg1e << ap.buildSymbolicRegOperand(reg, regSize);
/* Finale expr */
expr << smt2lib::ite(
smt2lib::equal(
smt2lib::bvxor(sf.str(), of.str()),
smt2lib::bvtrue()),
smt2lib::bv(1, BYTE_SIZE_BIT),
smt2lib::bv(0, BYTE_SIZE_BIT));
/* Create the symbolic element */
se = ap.createRegSE(inst, expr, reg, regSize);
/* Apply the taint via the concretization */
if (ap.getFlagValue(ID_SF) ^ ap.getFlagValue(ID_OF)) {
if (ap.isRegTainted(ID_SF) == TAINTED)
ap.assignmentSpreadTaintRegReg(se, reg, ID_SF);
else
ap.assignmentSpreadTaintRegReg(se, reg, ID_OF);
}
}示例3: reg
void SetleIRBuilder::reg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *sf, *of, *zf;
uint64 reg = this->operands[0].getValue();
uint64 regSize = this->operands[0].getSize();
/* Create the flag SMT semantic */
sf = ap.buildSymbolicFlagOperand(ID_SF);
of = ap.buildSymbolicFlagOperand(ID_OF);
zf = ap.buildSymbolicFlagOperand(ID_ZF);
/* Finale expr */
expr = smt2lib::ite(
smt2lib::equal(
smt2lib::bvor(smt2lib::bvxor(sf, of), zf),
smt2lib::bvtrue()),
smt2lib::bv(1, BYTE_SIZE_BIT),
smt2lib::bv(0, BYTE_SIZE_BIT));
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, reg, regSize);
/* Apply the taint via the concretization */
if (((ap.getFlagValue(ID_SF) ^ ap.getFlagValue(ID_OF)) | ap.getFlagValue(ID_ZF)) == 1) {
if (ap.isRegTainted(ID_SF) == TAINTED)
ap.assignmentSpreadTaintRegReg(se, reg, ID_SF);
else if (ap.isRegTainted(ID_OF) == TAINTED)
ap.assignmentSpreadTaintRegReg(se, reg, ID_OF);
else
ap.assignmentSpreadTaintRegReg(se, reg, ID_ZF);
}
}示例4: regReg
void CmovnsIRBuilder::regReg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, reg1e, reg2e, sf;
uint64_t reg1 = this->operands[0].getValue();
uint64_t reg2 = this->operands[1].getValue();
uint64_t size1 = this->operands[0].getSize();
uint64_t size2 = this->operands[1].getSize();
/* Create the SMT semantic */
sf << ap.buildSymbolicFlagOperand(ID_SF);
reg1e << ap.buildSymbolicRegOperand(reg1, size1);
reg2e << ap.buildSymbolicRegOperand(reg2, size2);
expr << smt2lib::ite(
smt2lib::equal(
sf.str(),
smt2lib::bvfalse()),
reg2e.str(),
reg1e.str());
/* Create the symbolic element */
se = ap.createRegSE(inst, expr, reg1, size1);
/* Apply the taint via the concretization */
if (ap.getFlagValue(ID_SF) == 0)
ap.assignmentSpreadTaintRegReg(se, reg1, reg2);
}示例5: reg
void SetzIRBuilder::reg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, reg1e, zf;
uint64_t reg = this->operands[0].getValue();
uint64_t regSize = this->operands[0].getSize();
/* Create the SMT semantic */
zf << ap.buildSymbolicFlagOperand(ID_ZF);
reg1e << ap.buildSymbolicRegOperand(reg, regSize);
/* Finale expr */
expr << smt2lib::ite(
smt2lib::equal(
zf.str(),
smt2lib::bvtrue()),
smt2lib::bv(1, 8),
smt2lib::bv(0, 8));
/* Create the symbolic element */
se = ap.createRegSE(inst, expr, reg, regSize);
/* Apply the taint via the concretization */
if (ap.getFlagValue(ID_ZF) == 1)
ap.assignmentSpreadTaintRegReg(se, reg, ID_ZF);
}示例6: reg
void SetsIRBuilder::reg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *sf;
auto reg = this->operands[0].getReg().getTritonRegId();
auto regSize = this->operands[0].getReg().getSize();
/* Create the SMT semantic */
sf = ap.buildSymbolicFlagOperand(ID_SF);
/* Finale expr */
expr = smt2lib::ite(
smt2lib::equal(
sf,
smt2lib::bvtrue()),
smt2lib::bv(1, BYTE_SIZE_BIT),
smt2lib::bv(0, BYTE_SIZE_BIT));
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, reg, regSize);
/* Apply the taint via the concretization */
if (ap.getFlagValue(ID_SF) == 1)
ap.assignmentSpreadTaintRegReg(se, reg, ID_SF);
}示例7: regReg
void CmovlIRBuilder::regReg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *reg1e, *reg2e, *sf, *of;
auto reg1 = this->operands[0].getReg();
auto reg2 = this->operands[1].getReg();
auto regSize1 = this->operands[0].getReg().getSize();
auto regSize2 = this->operands[1].getReg().getSize();
/* Create the flag SMT semantic */
sf = ap.buildSymbolicFlagOperand(ID_TMP_SF);
of = ap.buildSymbolicFlagOperand(ID_TMP_OF);
reg1e = ap.buildSymbolicRegOperand(reg1, regSize1);
reg2e = ap.buildSymbolicRegOperand(reg2, regSize2);
expr = smt2lib::ite(
smt2lib::equal(
smt2lib::bvxor(sf, of),
smt2lib::bvtrue()),
reg2e,
reg1e);
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, reg1, regSize1);
/* Apply the taint via the concretization */
if (ap.getFlagValue(ID_TMP_SF) ^ ap.getFlagValue(ID_TMP_OF))
ap.assignmentSpreadTaintRegReg(se, reg1, reg2);
}示例8: none
void LeaveIRBuilder::none(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se1, *se2;
std::stringstream expr1, expr2;
uint64 readMem = this->operands[0].getValue(); // The src memory read
uint32 readSize = this->operands[0].getSize();
// RSP = RBP; -----------------------------
expr1 << ap.buildSymbolicRegOperand(ID_RBP, REG_SIZE);
/* Create the symbolic element */
se1 = ap.createRegSE(inst, expr1, ID_RSP, REG_SIZE);
/* Apply the taint */
ap.assignmentSpreadTaintRegReg(se1, ID_RSP, ID_RBP);
// RSP = RBP; -----------------------------
// RBP = Pop(); ---------------------------
expr2 << ap.buildSymbolicMemOperand(readMem, readSize);
/* Create the symbolic element */
se2 = ap.createRegSE(inst, expr2, ID_RBP, REG_SIZE);
/* Apply the taint */
ap.assignmentSpreadTaintRegMem(se2, ID_RBP, readMem, readSize);
// RBP = Pop(); ---------------------------
/* Add the symbolic element to the current inst */
alignStack(inst, ap, readSize);
}示例9: regReg
void CmovnbIRBuilder::regReg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *reg1e, *reg2e, *cf;
uint64 reg1 = this->operands[0].getValue();
uint64 reg2 = this->operands[1].getValue();
uint64 size1 = this->operands[0].getSize();
uint64 size2 = this->operands[1].getSize();
/* Create the SMT semantic */
cf = ap.buildSymbolicFlagOperand(ID_CF);
reg1e = ap.buildSymbolicRegOperand(reg1, size1);
reg2e = ap.buildSymbolicRegOperand(reg2, size2);
expr = smt2lib::ite(
smt2lib::equal(
cf,
smt2lib::bvfalse()),
reg2e,
reg1e);
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, reg1, size1);
/* Apply the taint via the concretization */
if (ap.getFlagValue(ID_CF) == 0)
ap.assignmentSpreadTaintRegReg(se, reg1, reg2);
}示例10: regMem
void LeaIRBuilder::regMem(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *dis2e, *base2e, *index2e, *scale2e;
auto reg = this->operands[0].getReg().getTritonRegId();
auto regSize = this->operands[0].getReg().getSize();
auto displacement = this->operands[1].getDisplacement().getValue();
auto baseReg = this->operands[1].getBaseReg().getTritonRegId();
auto indexReg = this->operands[1].getIndexReg().getTritonRegId();
auto memoryScale = this->operands[1].getMemoryScale().getValue();
/* Base register */
if (baseReg) {
/* If the base register is RIP, we must use nextAddress */
if (baseReg == ID_RIP)
base2e = smt2lib::bv(this->nextAddress, regSize * REG_SIZE);
else
base2e = ap.buildSymbolicRegOperand(baseReg, regSize);
}
else
base2e = smt2lib::bv(0, regSize * REG_SIZE);
/* Index register if it exists */
if (indexReg)
index2e = ap.buildSymbolicRegOperand(indexReg, regSize);
else
index2e = smt2lib::bv(0, regSize * REG_SIZE);
/* Displacement */
dis2e = smt2lib::bv(displacement, regSize * REG_SIZE);
/* Scale */
scale2e = smt2lib::bv(memoryScale, regSize * REG_SIZE);
/* final SMT expression */
/* Effective address = Displacement + BaseReg + IndexReg * Scale */
expr = smt2lib::bvadd(dis2e, smt2lib::bvadd(base2e, smt2lib::bvmul(index2e, scale2e)));
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, reg, regSize);
/* Apply the taint via the concretization */
if (ap.isRegTainted(baseReg) == TAINTED)
ap.assignmentSpreadTaintRegReg(se, reg, baseReg);
else
ap.assignmentSpreadTaintRegReg(se, reg, indexReg);
}示例11: regReg
void MovdqaIRBuilder::regReg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr;
auto reg1 = this->operands[0].getReg();
auto regSize1 = this->operands[0].getReg().getSize();
auto reg2 = this->operands[1].getReg();
auto regSize2 = this->operands[1].getReg().getSize();
/* Create the SMT semantic */
expr = ap.buildSymbolicRegOperand(reg2, regSize2);
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, reg1, regSize1);
/* Apply the taint */
ap.assignmentSpreadTaintRegReg(se, reg1, reg2);
}示例12: regReg
void MovIRBuilder::regReg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr;
uint64_t reg1 = this->operands[0].getValue();
uint64_t reg2 = this->operands[1].getValue();
uint64_t size1 = this->operands[0].getSize();
uint64_t size2 = this->operands[1].getSize();
/* Create the SMT semantic */
expr << ap.buildSymbolicRegOperand(reg2, size2);
/* Create the symbolic element */
se = ap.createRegSE(inst, expr, reg1, size1);
/* Apply the taint */
ap.assignmentSpreadTaintRegReg(se, reg1, reg2);
}示例13: regReg
void MovhlpsIRBuilder::regReg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *op1, *op2;
auto reg1 = this->operands[0].getReg();
auto regSize1 = this->operands[0].getReg().getSize();
auto reg2 = this->operands[1].getReg();
auto regSize2 = this->operands[1].getReg().getSize();
/* Create the SMT semantic */
op1 = ap.buildSymbolicRegOperand(reg1, regSize1);
op2 = ap.buildSymbolicRegOperand(reg2, regSize2);
/* Destination[0..63] = Source[64..127] */
expr = smt2lib::concat(
smt2lib::extract(127, 64, op1), /* Destination[64..127] unchanged */
smt2lib::extract(127, 64, op2) /* Destination[0..63] = Source[64..127]; */
);
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, reg1, regSize1);
/* Apply the taint */
ap.assignmentSpreadTaintRegReg(se, reg1, reg2);
}示例14: regReg
void MovlhpsIRBuilder::regReg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, op1, op2;
uint64_t reg1 = this->operands[0].getValue();
uint64_t regSize1 = this->operands[0].getSize();
uint64_t reg2 = this->operands[1].getValue();
uint64_t regSize2 = this->operands[1].getSize();
/* Create the SMT semantic */
op1 << ap.buildSymbolicRegOperand(reg1, regSize1);
op2 << ap.buildSymbolicRegOperand(reg2, regSize2);
/* Destination[64..127] = Source[0..63] */
expr << smt2lib::concat(
smt2lib::extract(63, 0, op2.str()), /* Destination[64..127] = Source[0..63] */
smt2lib::extract(63, 0, op1.str()) /* Destination[0..63] unchanged */
);
/* Create the symbolic element */
se = ap.createRegSE(inst, expr, reg1, regSize1);
/* Apply the taint */
ap.assignmentSpreadTaintRegReg(se, reg1, reg2);
}