本文整理汇总了C++中AnalysisProcessor::createMemSE方法的典型用法代码示例。如果您正苦于以下问题:C++ AnalysisProcessor::createMemSE方法的具体用法?C++ AnalysisProcessor::createMemSE怎么用?C++ AnalysisProcessor::createMemSE使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类AnalysisProcessor的用法示例。
在下文中一共展示了AnalysisProcessor::createMemSE方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: memImm
void RolIRBuilder::memImm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *op1, *op2;
uint32 writeSize = this->operands[0].getSize();
uint64 mem = this->operands[0].getValue();
uint64 imm = this->operands[1].getValue();
/* Create the SMT semantic */
op1 = ap.buildSymbolicMemOperand(mem, writeSize);
/*
* Note that SMT2-LIB doesn't support expression as rotate's value.
* The op2 must be the concretization's value.
*/
op2 = smt2lib::decimal(imm);
/* Final expr */
expr = smt2lib::bvrol(op2, op1);
/* Create the symbolic expression */
se = ap.createMemSE(inst, expr, mem, writeSize);
/* Apply the taint */
ap.aluSpreadTaintMemMem(se, mem, mem, writeSize);
/* Add the symbolic flags expression to the current inst */
EflagsBuilder::cfRol(inst, se, ap, op2);
EflagsBuilder::ofRol(inst, se, ap, writeSize, op2);
}示例2: memReg
void XaddIRBuilder::memReg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se1, *se2;
smt2lib::smtAstAbstractNode *expr1, *expr2, *op1, *op2;
uint64 mem1 = this->operands[0].getValue();
uint64 reg2 = this->operands[1].getValue();
uint32 memSize1 = this->operands[0].getSize();
uint32 regSize2 = this->operands[1].getSize();
uint64 tmpMem1Taint = ap.isMemTainted(mem1);
uint64 tmpReg2Taint = ap.isRegTainted(reg2);
/* Create the SMT semantic */
op1 = ap.buildSymbolicMemOperand(mem1, memSize1);
op2 = ap.buildSymbolicRegOperand(reg2, regSize2);
// Final expr
expr1 = op2;
expr2 = smt2lib::bvadd(op1, op2);
/* Create the symbolic expression */
se1 = ap.createMemSE(inst, expr1, mem1, memSize1);
se2 = ap.createRegSE(inst, expr2, reg2, regSize2);
/* Apply the taint */
ap.setTaintMem(se1, mem1, tmpReg2Taint);
ap.setTaintReg(se2, reg2, tmpMem1Taint);
/* Add the symbolic flags expression to the current inst */
EflagsBuilder::af(inst, se2, ap, memSize1, op1, op2);
EflagsBuilder::cfAdd(inst, se2, ap, memSize1, op1);
EflagsBuilder::ofAdd(inst, se2, ap, memSize1, op1, op2);
EflagsBuilder::pf(inst, se2, ap, memSize1);
EflagsBuilder::sf(inst, se2, ap, memSize1);
EflagsBuilder::zf(inst, se2, ap, memSize1);
}示例3: memReg
void RolIRBuilder::memReg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *op1, *op2;
auto memSize = this->operands[0].getMem().getSize();
auto mem = this->operands[0].getMem();
/* Create the SMT semantic */
op1 = ap.buildSymbolicMemOperand(mem, memSize);
/*
* Note that SMT2-LIB doesn't support expression as rotate's value.
* The op2 must be the concretization's value.
*/
op2 = smt2lib::decimal(ap.getRegisterValue(ID_TMP_RCX) & 0xff); /* 0xff -> There is only CL available */
// Final expr
expr = smt2lib::bvrol(op2, op1);
/* Create the symbolic expression */
se = ap.createMemSE(inst, expr, mem, memSize);
/* Apply the taint */
ap.aluSpreadTaintMemMem(se, mem, mem, memSize);
/* Add the symbolic flags expression to the current inst */
EflagsBuilder::cfRol(inst, se, ap, op2);
EflagsBuilder::ofRol(inst, se, ap, memSize, op2);
}示例4: memImm
void RorIRBuilder::memImm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, op1, op2;
uint32 writeSize = this->operands[0].getSize();
uint64 mem = this->operands[0].getValue();
uint64 imm = this->operands[1].getValue();
/* Create the SMT semantic */
op1 << ap.buildSymbolicMemOperand(mem, writeSize);
/*
* Note that SMT2-LIB doesn't support expression as rotate's value.
* The op2 must be the concretization's value.
*/
op2 << imm;
/* Final expr */
expr << smt2lib::bvror(op1.str(), op2.str());
/* Create the symbolic element */
se = ap.createMemSE(inst, expr, mem, writeSize);
/* Apply the taint */
ap.aluSpreadTaintMemMem(se, mem, mem, writeSize);
/* Add the symbolic flags element to the current inst */
EflagsBuilder::cfRor(inst, se, ap, writeSize, op2);
EflagsBuilder::ofRor(inst, se, ap, writeSize, op2);
}示例5: memImm
void ShrIRBuilder::memImm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, op1, op2;
uint32_t writeSize = this->operands[0].getSize();
uint64_t mem = this->operands[0].getValue();
uint64_t imm = this->operands[1].getValue();
/* Create the SMT semantic */
op1 << ap.buildSymbolicMemOperand(mem, writeSize);
op2 << smt2lib::bv(imm, writeSize * REG_SIZE);
/* Final expr */
expr << smt2lib::bvlshr(op1.str(), op2.str());
/* Create the symbolic element */
se = ap.createMemSE(inst, expr, mem, writeSize);
/* Apply the taint */
ap.aluSpreadTaintMemMem(se, mem, mem);
/* Add the symbolic flags element to the current inst */
EflagsBuilder::cfShr(inst, se, ap, writeSize, op1, op2);
EflagsBuilder::ofShr(inst, se, ap, writeSize, op1, op2);
EflagsBuilder::pfShl(inst, se, ap, writeSize, op2) /* Same that shl */;
EflagsBuilder::sfShl(inst, se, ap, writeSize, op2) /* Same that shl */;
EflagsBuilder::zfShl(inst, se, ap, writeSize, op2) /* Same that shl */;
}示例6: memReg
void AddIRBuilder::memReg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *op1, *op2;
uint32 writeSize = this->operands[0].getSize();
uint64 mem = this->operands[0].getValue();
uint64 reg = this->operands[1].getValue();
uint32 regSize = this->operands[1].getSize();
/* Create the SMT semantic */
op1 = ap.buildSymbolicMemOperand(mem, writeSize);
op2 = ap.buildSymbolicRegOperand(reg, regSize);
// Final expr
expr = smt2lib::bvadd(op1, op2);
/* Create the symbolic expression */
se = ap.createMemSE(inst, expr, mem, writeSize);
/* Apply the taint */
ap.aluSpreadTaintMemReg(se, mem, reg, writeSize);
/* Add the symbolic flags expression to the current inst */
EflagsBuilder::af(inst, se, ap, writeSize, op1, op2);
EflagsBuilder::cfAdd(inst, se, ap, op1);
EflagsBuilder::ofAdd(inst, se, ap, writeSize, op1, op2);
EflagsBuilder::pf(inst, se, ap, writeSize);
EflagsBuilder::sf(inst, se, ap, writeSize);
EflagsBuilder::zf(inst, se, ap, writeSize);
}示例7: memReg
void XaddIRBuilder::memReg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se1, *se2;
std::stringstream expr1, expr2, op1, op2;
uint64_t mem1 = this->operands[0].getValue();
uint64_t reg2 = this->operands[1].getValue();
uint32_t memSize1 = this->operands[0].getSize();
uint32_t regSize2 = this->operands[1].getSize();
uint64_t tmpMem1Taint = ap.isMemTainted(mem1);
uint64_t tmpReg2Taint = ap.isRegTainted(reg2);
/* Create the SMT semantic */
op1 << ap.buildSymbolicMemOperand(mem1, memSize1);
op2 << ap.buildSymbolicRegOperand(reg2, regSize2);
// Final expr
expr1 << op2.str();
expr2 << smt2lib::bvadd(op1.str(), op2.str());
/* Create the symbolic element */
se1 = ap.createMemSE(inst, expr1, mem1, memSize1);
se2 = ap.createRegSE(inst, expr2, reg2, regSize2);
/* Apply the taint */
ap.setTaintMem(se1, mem1, tmpReg2Taint);
ap.setTaintReg(se2, reg2, tmpMem1Taint);
/* Add the symbolic flags element to the current inst */
EflagsBuilder::af(inst, se2, ap, memSize1, op1, op2);
EflagsBuilder::cfAdd(inst, se2, ap, op1);
EflagsBuilder::ofAdd(inst, se2, ap, memSize1, op1, op2);
EflagsBuilder::pf(inst, se2, ap);
EflagsBuilder::sf(inst, se2, ap, memSize1);
EflagsBuilder::zf(inst, se2, ap, memSize1);
}示例8: memReg
void OrIRBuilder::memReg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *op1, *op2;
auto mem = this->operands[0].getMem();
auto memSize = this->operands[0].getMem().getSize();
auto reg = this->operands[1].getReg();
auto regSize = this->operands[1].getReg().getSize();
/* Create the SMT semantic */
op1 = ap.buildSymbolicMemOperand(mem, memSize);
op2 = ap.buildSymbolicRegOperand(reg, regSize);
/* Final expr */
expr = smt2lib::bvor(op1, op2);
/* Create the symbolic expression */
se = ap.createMemSE(inst, expr, mem, memSize);
/* Apply the taint */
ap.aluSpreadTaintMemReg(se, mem, reg, memSize);
/* Add the symbolic flags expression to the current inst */
EflagsBuilder::clearFlag(inst, ap, ID_TMP_CF, "Clears carry flag");
EflagsBuilder::clearFlag(inst, ap, ID_TMP_OF, "Clears overflow flag");
EflagsBuilder::pf(inst, se, ap, memSize);
EflagsBuilder::sf(inst, se, ap, memSize);
EflagsBuilder::zf(inst, se, ap, memSize);
}示例9: memReg
void SbbIRBuilder::memReg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *op1, *op2, *op3;
auto memSize = this->operands[0].getMem().getSize();
auto mem = this->operands[0].getMem().getAddress();
auto reg = this->operands[1].getReg().getTritonRegId();
auto regSize = this->operands[1].getReg().getSize();
/* Create the SMT semantic */
op1 = ap.buildSymbolicMemOperand(mem, memSize);
op2 = ap.buildSymbolicRegOperand(reg, regSize);
op3 = ap.buildSymbolicFlagOperand(ID_CF, regSize);
/* Final expr */
expr = smt2lib::bvsub(op1, smt2lib::bvadd(op2, op3));
/* Create the symbolic expression */
se = ap.createMemSE(inst, expr, mem, memSize);
/* Apply the taint */
ap.aluSpreadTaintMemReg(se, mem, reg, memSize);
/* Add the symbolic flags expression to the current inst */
EflagsBuilder::af(inst, se, ap, memSize, op1, op2);
EflagsBuilder::cfSub(inst, se, ap, memSize, op1, op2);
EflagsBuilder::ofSub(inst, se, ap, memSize, op1, op2);
EflagsBuilder::pf(inst, se, ap, memSize);
EflagsBuilder::sf(inst, se, ap, memSize);
EflagsBuilder::zf(inst, se, ap, memSize);
}示例10: memImm
void AndIRBuilder::memImm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, op1, op2;
uint32_t writeSize = this->operands[0].getSize();
uint64_t mem = this->operands[0].getValue();
uint64_t imm = this->operands[1].getValue();
/* Create the SMT semantic */
op1 << ap.buildSymbolicMemOperand(mem, writeSize);
op2 << smt2lib::bv(imm, writeSize * REG_SIZE);
/* Final expr */
expr << smt2lib::bvand(op1.str(), op2.str());
/* Create the symbolic element */
se = ap.createMemSE(inst, expr, mem, writeSize);
/* Apply the taint */
ap.aluSpreadTaintMemImm(se, mem, writeSize);
/* Add the symbolic flags element to the current inst */
EflagsBuilder::clearFlag(inst, ap, ID_CF, "Clears carry flag");
EflagsBuilder::clearFlag(inst, ap, ID_OF, "Clears overflow flag");
EflagsBuilder::pf(inst, se, ap);
EflagsBuilder::sf(inst, se, ap, writeSize);
EflagsBuilder::zf(inst, se, ap, writeSize);
}示例11: memImm
void XorIRBuilder::memImm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *op1, *op2;
uint32 writeSize = this->operands[0].getSize();
uint64 mem = this->operands[0].getValue();
uint64 imm = this->operands[1].getValue();
/* Create the SMT semantic */
op1 = ap.buildSymbolicMemOperand(mem, writeSize);
op2 = smt2lib::bv(imm, writeSize * REG_SIZE);
/* Final expr */
expr = smt2lib::bvxor(op1, op2);
/* Create the symbolic expression */
se = ap.createMemSE(inst, expr, mem, writeSize);
/* Apply the taint */
ap.aluSpreadTaintMemImm(se, mem, writeSize);
/* Add the symbolic flags expression to the current inst */
EflagsBuilder::clearFlag(inst, ap, ID_CF, "Clears carry flag");
EflagsBuilder::clearFlag(inst, ap, ID_OF, "Clears overflow flag");
EflagsBuilder::pf(inst, se, ap, writeSize);
EflagsBuilder::sf(inst, se, ap, writeSize);
EflagsBuilder::zf(inst, se, ap, writeSize);
}示例12: mem
void SetleIRBuilder::mem(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *sf, *of, *zf;
uint64 mem = this->operands[0].getValue();
uint64 memSize = this->operands[0].getSize();
/* Create the flag SMT semantic */
sf = ap.buildSymbolicFlagOperand(ID_SF);
of = ap.buildSymbolicFlagOperand(ID_OF);
zf = ap.buildSymbolicFlagOperand(ID_ZF);
/* Finale expr */
expr = smt2lib::ite(
smt2lib::equal(
smt2lib::bvor(smt2lib::bvxor(sf, of), zf),
smt2lib::bvtrue()),
smt2lib::bv(1, BYTE_SIZE_BIT),
smt2lib::bv(0, BYTE_SIZE_BIT));
/* Create the symbolic expression */
se = ap.createMemSE(inst, expr, mem, memSize);
/* Apply the taint via the concretization */
if (((ap.getFlagValue(ID_SF) ^ ap.getFlagValue(ID_OF)) | ap.getFlagValue(ID_ZF)) == 1) {
if (ap.isRegTainted(ID_SF) == TAINTED)
ap.assignmentSpreadTaintMemReg(se, mem, ID_SF, memSize);
else if (ap.isRegTainted(ID_OF) == TAINTED)
ap.assignmentSpreadTaintMemReg(se, mem, ID_OF, memSize);
else
ap.assignmentSpreadTaintMemReg(se, mem, ID_ZF, memSize);
}
}示例13: memImm
void SbbIRBuilder::memImm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, op1, op2, op3;
uint32 writeSize = this->operands[0].getSize();
uint64 mem = this->operands[0].getValue();
uint64 imm = this->operands[1].getValue();
/* Create the SMT semantic */
op1 << ap.buildSymbolicMemOperand(mem, writeSize);
op2 << smt2lib::bv(imm, writeSize * REG_SIZE);
op3 << ap.buildSymbolicFlagOperand(ID_CF, writeSize);
/* Final expr */
expr << smt2lib::bvsub(op1.str(), smt2lib::bvadd(op2.str(), op3.str()));
/* Create the symbolic element */
se = ap.createMemSE(inst, expr, mem, writeSize);
/* Apply the taint */
ap.aluSpreadTaintMemImm(se, mem, writeSize);
/* Add the symbolic flags element to the current inst */
EflagsBuilder::af(inst, se, ap, writeSize, op1, op2);
EflagsBuilder::cfSub(inst, se, ap, op1, op2);
EflagsBuilder::ofSub(inst, se, ap, writeSize, op1, op2);
EflagsBuilder::pf(inst, se, ap);
EflagsBuilder::sf(inst, se, ap, writeSize);
EflagsBuilder::zf(inst, se, ap, writeSize);
}示例14: mem
void SetzIRBuilder::mem(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, mem1e, zf;
uint64_t mem = this->operands[0].getValue();
uint64_t memSize = this->operands[0].getSize();
/* Create the SMT semantic */
zf << ap.buildSymbolicFlagOperand(ID_ZF);
mem1e << ap.buildSymbolicMemOperand(mem, memSize);
/* Finale expr */
expr << smt2lib::ite(
smt2lib::equal(
zf.str(),
smt2lib::bvtrue()),
smt2lib::bv(1, 8),
smt2lib::bv(0, 8));
/* Create the symbolic element */
se = ap.createMemSE(inst, expr, mem, memSize);
/* Apply the taint via the concretization */
if (ap.getFlagValue(ID_ZF) == 1)
ap.assignmentSpreadTaintMemReg(se, mem, ID_ZF, memSize);
}示例15: mem
void IncIRBuilder::mem(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, op1, op2;
uint64 mem = this->operands[0].getValue();
uint32 memSize = this->operands[0].getSize();
/* Create the SMT semantic */
op1 << ap.buildSymbolicMemOperand(mem, memSize);
op2 << smt2lib::bv(1, memSize * REG_SIZE);
/* Finale expr */
expr << smt2lib::bvadd(op1.str(), op2.str());
/* Create the symbolic element */
se = ap.createMemSE(inst, expr, mem, memSize);
/* Apply the taint */
ap.aluSpreadTaintMemMem(se, mem, mem, memSize);
/* Add the symbolic flags element to the current inst */
EflagsBuilder::af(inst, se, ap, memSize, op1, op2);
EflagsBuilder::ofAdd(inst, se, ap, memSize, op1, op2);
EflagsBuilder::pf(inst, se, ap);
EflagsBuilder::sf(inst, se, ap, memSize);
EflagsBuilder::zf(inst, se, ap, memSize);
}