本文整理汇总了C++中AnalysisProcessor::buildSymbolicFlagOperand方法的典型用法代码示例。如果您正苦于以下问题:C++ AnalysisProcessor::buildSymbolicFlagOperand方法的具体用法?C++ AnalysisProcessor::buildSymbolicFlagOperand怎么用?C++ AnalysisProcessor::buildSymbolicFlagOperand使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类AnalysisProcessor的用法示例。
在下文中一共展示了AnalysisProcessor::buildSymbolicFlagOperand方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: mem
void SetnleIRBuilder::mem(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, mem1e, sf, of, zf;
uint64 mem = this->operands[0].getValue();
uint64 memSize = this->operands[0].getSize();
/* Create the flag SMT semantic */
sf << ap.buildSymbolicFlagOperand(ID_SF);
of << ap.buildSymbolicFlagOperand(ID_OF);
zf << ap.buildSymbolicFlagOperand(ID_ZF);
mem1e << ap.buildSymbolicMemOperand(mem, memSize);
/* Finale expr */
expr << smt2lib::ite(
smt2lib::equal(
smt2lib::bvor(smt2lib::bvxor(sf.str(), of.str()), zf.str()),
smt2lib::bvfalse()),
smt2lib::bv(1, BYTE_SIZE_BIT),
smt2lib::bv(0, BYTE_SIZE_BIT));
/* Create the symbolic element */
se = ap.createMemSE(inst, expr, mem, memSize);
/* Apply the taint via the concretization */
if (((ap.getFlagValue(ID_SF) ^ ap.getFlagValue(ID_OF)) | ap.getFlagValue(ID_ZF)) == 0) {
if (ap.isRegTainted(ID_SF) == TAINTED)
ap.assignmentSpreadTaintMemReg(se, mem, ID_SF, memSize);
else if (ap.isRegTainted(ID_OF) == TAINTED)
ap.assignmentSpreadTaintMemReg(se, mem, ID_OF, memSize);
else
ap.assignmentSpreadTaintMemReg(se, mem, ID_ZF, memSize);
}
}示例2: mem
void SetleIRBuilder::mem(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *sf, *of, *zf;
auto mem = this->operands[0].getMem();
auto memSize = this->operands[0].getMem().getSize();
/* Create the flag SMT semantic */
sf = ap.buildSymbolicFlagOperand(ID_TMP_SF);
of = ap.buildSymbolicFlagOperand(ID_TMP_OF);
zf = ap.buildSymbolicFlagOperand(ID_TMP_ZF);
/* Finale expr */
expr = smt2lib::ite(
smt2lib::equal(
smt2lib::bvor(smt2lib::bvxor(sf, of), zf),
smt2lib::bvtrue()),
smt2lib::bv(1, BYTE_SIZE_BIT),
smt2lib::bv(0, BYTE_SIZE_BIT));
/* Create the symbolic expression */
se = ap.createMemSE(inst, expr, mem, memSize);
/* Apply the taint via the concretization */
if (((ap.getFlagValue(ID_TMP_SF) ^ ap.getFlagValue(ID_TMP_OF)) | ap.getFlagValue(ID_TMP_ZF)) == 1) {
if (ap.isRegTainted(ID_TMP_SF) == TAINTED)
ap.assignmentSpreadTaintMemReg(se, mem, ID_TMP_SF, memSize);
else if (ap.isRegTainted(ID_TMP_OF) == TAINTED)
ap.assignmentSpreadTaintMemReg(se, mem, ID_TMP_OF, memSize);
else
ap.assignmentSpreadTaintMemReg(se, mem, ID_TMP_ZF, memSize);
}
}示例3: regReg
void CmovnleIRBuilder::regReg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *reg1e, *reg2e, *sf, *of, *zf;
uint64 reg1 = this->operands[0].getValue();
uint64 reg2 = this->operands[1].getValue();
uint64 size1 = this->operands[0].getSize();
uint64 size2 = this->operands[1].getSize();
/* Create the flag SMT semantic */
sf = ap.buildSymbolicFlagOperand(ID_SF);
of = ap.buildSymbolicFlagOperand(ID_OF);
zf = ap.buildSymbolicFlagOperand(ID_ZF);
reg1e = ap.buildSymbolicRegOperand(reg1, size1);
reg2e = ap.buildSymbolicRegOperand(reg2, size2);
expr = smt2lib::ite(
smt2lib::equal(
smt2lib::bvor(smt2lib::bvxor(sf, of), zf),
smt2lib::bvfalse()
),
reg2e,
reg1e);
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, reg1, size1);
/* Apply the taint via the concretization */
if (((ap.getFlagValue(ID_SF) ^ ap.getFlagValue(ID_OF)) | ap.getFlagValue(ID_ZF)) == 0)
ap.assignmentSpreadTaintRegReg(se, reg1, reg2);
}示例4: imm
void JnleIRBuilder::imm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, sf, of, zf;
uint64 imm = this->operands[0].getValue();
/* Create the SMT semantic */
sf << ap.buildSymbolicFlagOperand(ID_SF);
of << ap.buildSymbolicFlagOperand(ID_OF);
zf << ap.buildSymbolicFlagOperand(ID_ZF);
/*
* Finale expr
* JNLE: Jump if not less or equal ((SF^OF | ZF) == 0).
* SMT: (= (bvor (bvxor sf of) zf) FALSE)
*/
expr << smt2lib::ite(
smt2lib::equal(
smt2lib::bvor(smt2lib::bvxor(sf.str(), of.str()), zf.str()),
smt2lib::bvfalse()
),
smt2lib::bv(imm, REG_SIZE_BIT),
smt2lib::bv(this->nextAddress, REG_SIZE_BIT));
/* Create the symbolic element */
se = ap.createRegSE(inst, expr, ID_RIP, REG_SIZE, "RIP");
/* Add the constraint in the PathConstraints list */
ap.addPathConstraint(se->getID());
}示例5: imm
void JleIRBuilder::imm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *sf, *of, *zf;
auto imm = this->operands[0].getImm().getValue();
/* Create the SMT semantic */
sf = ap.buildSymbolicFlagOperand(ID_TMP_SF);
of = ap.buildSymbolicFlagOperand(ID_TMP_OF);
zf = ap.buildSymbolicFlagOperand(ID_TMP_ZF);
/*
* Finale expr
* JLE: Jump if less or equal ((SF^OF | ZF) == 1).
* SMT: ( = (bvor (bvxor sf of) zf) TRUE)
*/
expr = smt2lib::ite(
smt2lib::equal(
smt2lib::bvor(smt2lib::bvxor(sf, of), zf),
smt2lib::bvtrue()
),
smt2lib::bv(imm, REG_SIZE_BIT),
smt2lib::bv(this->nextAddress, REG_SIZE_BIT));
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, ID_TMP_RIP, REG_SIZE, "RIP");
/* Apply the taint */
ap.aluSpreadTaintRegReg(se, ID_TMP_RIP, ID_TMP_SF);
ap.aluSpreadTaintRegReg(se, ID_TMP_RIP, ID_TMP_OF);
ap.aluSpreadTaintRegReg(se, ID_TMP_RIP, ID_TMP_ZF);
/* Add the constraint in the PathConstraints list */
ap.addPathConstraint(se->getID());
}示例6: regMem
void CmovnleIRBuilder::regMem(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *reg1e, *mem1e, *sf, *of, *zf;
auto mem = this->operands[1].getMem().getAddress();
auto memSize = this->operands[1].getMem().getSize();
auto reg = this->operands[0].getReg().getTritonRegId();
auto regSize = this->operands[0].getReg().getSize();
/* Create the flag SMT semantic */
sf = ap.buildSymbolicFlagOperand(ID_SF);
of = ap.buildSymbolicFlagOperand(ID_OF);
zf = ap.buildSymbolicFlagOperand(ID_ZF);
reg1e = ap.buildSymbolicRegOperand(reg, regSize);
mem1e = ap.buildSymbolicMemOperand(mem, memSize);
expr = smt2lib::ite(
smt2lib::equal(
smt2lib::bvor(smt2lib::bvxor(sf, of), zf),
smt2lib::bvfalse()
),
mem1e,
reg1e);
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, reg, regSize);
/* Apply the taint via the concretization */
if (((ap.getFlagValue(ID_SF) ^ ap.getFlagValue(ID_OF)) | ap.getFlagValue(ID_ZF)) == 0)
ap.assignmentSpreadTaintRegMem(se, reg, mem, memSize);
}示例7: regMem
void CmovnleIRBuilder::regMem(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, reg1e, mem1e, sf, of, zf;
uint32 readSize = this->operands[1].getSize();
uint64 mem = this->operands[1].getValue();
uint64 reg = this->operands[0].getValue();
uint64 regSize = this->operands[0].getSize();
/* Create the flag SMT semantic */
sf << ap.buildSymbolicFlagOperand(ID_SF);
of << ap.buildSymbolicFlagOperand(ID_OF);
zf << ap.buildSymbolicFlagOperand(ID_ZF);
reg1e << ap.buildSymbolicRegOperand(reg, regSize);
mem1e << ap.buildSymbolicMemOperand(mem, readSize);
expr << smt2lib::ite(
smt2lib::equal(
smt2lib::bvor(smt2lib::bvxor(sf.str(), of.str()), zf.str()),
smt2lib::bvfalse()
),
mem1e.str(),
reg1e.str());
/* Create the symbolic element */
se = ap.createRegSE(inst, expr, reg, regSize);
/* Apply the taint via the concretization */
if (((ap.getFlagValue(ID_SF) ^ ap.getFlagValue(ID_OF)) | ap.getFlagValue(ID_ZF)) == 0)
ap.assignmentSpreadTaintRegMem(se, reg, mem, readSize);
}示例8: regReg
void CmovnsIRBuilder::regReg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *reg1e, *reg2e, *sf;
auto reg1 = this->operands[0].getReg().getTritonRegId();
auto reg2 = this->operands[1].getReg().getTritonRegId();
auto regSize1 = this->operands[0].getReg().getSize();
auto regSize2 = this->operands[1].getReg().getSize();
/* Create the SMT semantic */
sf = ap.buildSymbolicFlagOperand(ID_SF);
reg1e = ap.buildSymbolicRegOperand(reg1, regSize1);
reg2e = ap.buildSymbolicRegOperand(reg2, regSize2);
expr = smt2lib::ite(
smt2lib::equal(
sf,
smt2lib::bvfalse()),
reg2e,
reg1e);
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, reg1, regSize1);
/* Apply the taint via the concretization */
if (ap.getFlagValue(ID_SF) == 0)
ap.assignmentSpreadTaintRegReg(se, reg1, reg2);
}示例9: imm
void JnbeIRBuilder::imm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, cf, zf;
uint64 imm = this->operands[0].getValue();
/* Create the SMT semantic */
cf << ap.buildSymbolicFlagOperand(ID_CF);
zf << ap.buildSymbolicFlagOperand(ID_ZF);
/*
* Finale expr
* JNBE: Jump if not below or equal (CF=0 and ZF=0).
* SMT: (= (bvand (bvnot zf) (bvnot cf)) (_ bv1 1))
*/
expr << smt2lib::ite(
smt2lib::equal(
smt2lib::bvand(
smt2lib::bvnot(cf.str()),
smt2lib::bvnot(zf.str())
),
smt2lib::bvtrue()
),
smt2lib::bv(imm, REG_SIZE_BIT),
smt2lib::bv(this->nextAddress, REG_SIZE_BIT));
/* Create the symbolic element */
se = ap.createRegSE(inst, expr, ID_RIP, REG_SIZE, "RIP");
/* Add the constraint in the PathConstraints list */
ap.addPathConstraint(se->getID());
}示例10: imm
void JnbeIRBuilder::imm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *cf, *zf;
auto imm = this->operands[0].getImm().getValue();
/* Create the SMT semantic */
cf = ap.buildSymbolicFlagOperand(ID_CF);
zf = ap.buildSymbolicFlagOperand(ID_ZF);
/*
* Finale expr
* JNBE: Jump if not below or equal (CF =0 and ZF =0).
* SMT: ( = (bvand (bvnot zf) (bvnot cf)) (_ bv1 1))
*/
expr = smt2lib::ite(
smt2lib::equal(
smt2lib::bvand(
smt2lib::bvnot(cf),
smt2lib::bvnot(zf)
),
smt2lib::bvtrue()
),
smt2lib::bv(imm, REG_SIZE_BIT),
smt2lib::bv(this->nextAddress, REG_SIZE_BIT));
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, ID_RIP, REG_SIZE, "RIP");
/* Add the constraint in the PathConstraints list */
ap.addPathConstraint(se->getID());
}示例11: reg
void SetnzIRBuilder::reg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, reg1e, zf;
uint64 reg = this->operands[0].getValue();
uint64 regSize = this->operands[0].getSize();
/* Create the SMT semantic */
zf << ap.buildSymbolicFlagOperand(ID_ZF);
reg1e << ap.buildSymbolicRegOperand(reg, regSize);
/* Finale expr */
expr << smt2lib::ite(
smt2lib::equal(
zf.str(),
smt2lib::bvfalse()),
smt2lib::bv(1, BYTE_SIZE_BIT),
smt2lib::bv(0, BYTE_SIZE_BIT));
/* Create the symbolic element */
se = ap.createRegSE(inst, expr, reg, regSize);
/* Apply the taint via the concretization */
if (ap.getFlagValue(ID_ZF) == 0)
ap.assignmentSpreadTaintRegReg(se, reg, ID_ZF);
}示例12: imm
void JnlIRBuilder::imm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *sf, *of;
uint64 imm = this->operands[0].getValue();
/* Create the SMT semantic */
sf = ap.buildSymbolicFlagOperand(ID_SF);
of = ap.buildSymbolicFlagOperand(ID_OF);
/*
* Finale expr
* JNL: Jump if not less (SF=OF).
* SMT: (= sf of)
*/
expr = smt2lib::ite(
smt2lib::equal(
sf,
of
),
smt2lib::bv(imm, REG_SIZE_BIT),
smt2lib::bv(this->nextAddress, REG_SIZE_BIT));
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, ID_RIP, REG_SIZE, "RIP");
/* Add the constraint in the PathConstraints list */
ap.addPathConstraint(se->getID());
}示例13: regMem
void CmovpIRBuilder::regMem(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, reg1e, mem1e, pf;
uint32 readSize = this->operands[1].getSize();
uint64 mem = this->operands[1].getValue();
uint64 reg = this->operands[0].getValue();
uint64 regSize = this->operands[0].getSize();
/* Create the SMT semantic */
pf << ap.buildSymbolicFlagOperand(ID_PF);
reg1e << ap.buildSymbolicRegOperand(reg, regSize);
mem1e << ap.buildSymbolicMemOperand(mem, readSize);
expr << smt2lib::ite(
smt2lib::equal(
pf.str(),
smt2lib::bvtrue()),
mem1e.str(),
reg1e.str());
/* Create the symbolic element */
se = ap.createRegSE(inst, expr, reg, regSize);
/* Apply the taint via the concretization */
if (ap.getFlagValue(ID_PF) == 1)
ap.assignmentSpreadTaintRegMem(se, reg, mem, readSize);
}示例14: regMem
void AdcIRBuilder::regMem(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, op1, op2, op3;
uint32 readSize = this->operands[1].getSize();
uint64 mem = this->operands[1].getValue();
uint64 reg = this->operands[0].getValue();
uint32 regSize = this->operands[0].getSize();
/* Create the SMT semantic */
op1 << ap.buildSymbolicRegOperand(reg, regSize);
op2 << ap.buildSymbolicMemOperand(mem, readSize);
op3 << ap.buildSymbolicFlagOperand(ID_CF, regSize);
// Final expr
expr << smt2lib::bvadd(smt2lib::bvadd(op1.str(), op2.str()), op3.str());
/* Create the symbolic element */
se = ap.createRegSE(inst, expr, reg, regSize);
/* Apply the taint */
ap.aluSpreadTaintRegMem(se, reg, mem, readSize);
/* Add the symbolic flags element to the current inst */
EflagsBuilder::af(inst, se, ap, regSize, op1, op2);
EflagsBuilder::cfAdd(inst, se, ap, op1);
EflagsBuilder::ofAdd(inst, se, ap, regSize, op1, op2);
EflagsBuilder::pf(inst, se, ap);
EflagsBuilder::sf(inst, se, ap, regSize);
EflagsBuilder::zf(inst, se, ap, regSize);
}示例15: regReg
void SbbIRBuilder::regReg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, op1, op2, op3;
uint64 reg1 = this->operands[0].getValue();
uint64 reg2 = this->operands[1].getValue();
uint32 regSize1 = this->operands[0].getSize();
uint32 regSize2 = this->operands[1].getSize();
/* Create the SMT semantic */
op1 << ap.buildSymbolicRegOperand(reg1, regSize1);
op2 << ap.buildSymbolicRegOperand(reg2, regSize2);
op3 << ap.buildSymbolicFlagOperand(ID_CF, regSize1);
/* Final expr */
expr << smt2lib::bvsub(op1.str(), smt2lib::bvadd(op2.str(), op3.str()));
/* Create the symbolic element */
se = ap.createRegSE(inst, expr, reg1, regSize1);
/* Apply the taint */
ap.aluSpreadTaintRegReg(se, reg1, reg2);
/* Add the symbolic flags element to the current inst */
EflagsBuilder::af(inst, se, ap, regSize1, op1, op2);
EflagsBuilder::cfSub(inst, se, ap, op1, op2);
EflagsBuilder::ofSub(inst, se, ap, regSize1, op1, op2);
EflagsBuilder::pf(inst, se, ap);
EflagsBuilder::sf(inst, se, ap, regSize1);
EflagsBuilder::zf(inst, se, ap, regSize1);
}