本文整理汇总了C++中AnalysisProcessor::getFlagValue方法的典型用法代码示例。如果您正苦于以下问题:C++ AnalysisProcessor::getFlagValue方法的具体用法?C++ AnalysisProcessor::getFlagValue怎么用?C++ AnalysisProcessor::getFlagValue使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类AnalysisProcessor
的用法示例。
在下文中一共展示了AnalysisProcessor::getFlagValue方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: regMem
void CmovlIRBuilder::regMem(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *reg1e, *mem1e, *sf, *of;
auto memSize = this->operands[1].getMem().getSize();
auto mem = this->operands[1].getMem();
auto reg = this->operands[0].getReg();
auto regSize = this->operands[0].getReg().getSize();
/* Create the flag SMT semantic */
sf = ap.buildSymbolicFlagOperand(ID_TMP_SF);
of = ap.buildSymbolicFlagOperand(ID_TMP_OF);
reg1e = ap.buildSymbolicRegOperand(reg, regSize);
mem1e = ap.buildSymbolicMemOperand(mem, memSize);
expr = smt2lib::ite(
smt2lib::equal(
smt2lib::bvxor(sf, of),
smt2lib::bvtrue()),
mem1e,
reg1e);
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, reg, regSize);
/* Apply the taint via the concretization */
if (ap.getFlagValue(ID_TMP_SF) ^ ap.getFlagValue(ID_TMP_OF))
ap.assignmentSpreadTaintRegMem(se, reg, mem, memSize);
}
示例2: mem
void SetnbeIRBuilder::mem(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *cf, *zf;
auto mem = this->operands[0].getMem();
auto memSize = this->operands[0].getMem().getSize();
/* Create the SMT semantic */
cf = ap.buildSymbolicFlagOperand(ID_TMP_CF);
zf = ap.buildSymbolicFlagOperand(ID_TMP_ZF);
/* Finale expr */
expr = smt2lib::ite(
smt2lib::equal(
smt2lib::bvand(
smt2lib::bvnot(cf),
smt2lib::bvnot(zf)
),
smt2lib::bvtrue()),
smt2lib::bv(1, BYTE_SIZE_BIT),
smt2lib::bv(0, BYTE_SIZE_BIT));
/* Create the symbolic expression */
se = ap.createMemSE(inst, expr, mem, memSize);
/* Apply the taint via the concretization */
if (ap.getFlagValue(ID_TMP_CF) == 0 && ap.getFlagValue(ID_TMP_ZF) == 0) {
if (ap.isRegTainted(ID_TMP_CF) == TAINTED)
ap.assignmentSpreadTaintMemReg(se, mem, ID_TMP_CF, memSize);
else
ap.assignmentSpreadTaintMemReg(se, mem, ID_TMP_ZF, memSize);
}
}
示例3: regReg
void CmovbeIRBuilder::regReg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *reg1e, *reg2e, *cf, *zf;
uint64 reg1 = this->operands[0].getValue();
uint64 reg2 = this->operands[1].getValue();
uint64 size1 = this->operands[0].getSize();
uint64 size2 = this->operands[1].getSize();
/* Create the SMT semantic */
cf = ap.buildSymbolicFlagOperand(ID_CF);
zf = ap.buildSymbolicFlagOperand(ID_ZF);
reg1e = ap.buildSymbolicRegOperand(reg1, size1);
reg2e = ap.buildSymbolicRegOperand(reg2, size2);
expr = smt2lib::ite(
smt2lib::equal(
smt2lib::bvor(
cf,
zf
),
smt2lib::bvtrue()
),
reg2e,
reg1e);
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, reg1, size1);
/* Apply the taint via the concretization */
if (ap.getFlagValue(ID_CF) | ap.getFlagValue(ID_ZF))
ap.assignmentSpreadTaintRegReg(se, reg1, reg2);
}
示例4: reg
void SetleIRBuilder::reg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *sf, *of, *zf;
auto reg = this->operands[0].getReg();
auto regSize = this->operands[0].getReg().getSize();
/* Create the flag SMT semantic */
sf = ap.buildSymbolicFlagOperand(ID_TMP_SF);
of = ap.buildSymbolicFlagOperand(ID_TMP_OF);
zf = ap.buildSymbolicFlagOperand(ID_TMP_ZF);
/* Finale expr */
expr = smt2lib::ite(
smt2lib::equal(
smt2lib::bvor(smt2lib::bvxor(sf, of), zf),
smt2lib::bvtrue()),
smt2lib::bv(1, BYTE_SIZE_BIT),
smt2lib::bv(0, BYTE_SIZE_BIT));
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, reg, regSize);
/* Apply the taint via the concretization */
if (((ap.getFlagValue(ID_TMP_SF) ^ ap.getFlagValue(ID_TMP_OF)) | ap.getFlagValue(ID_TMP_ZF)) == 1) {
if (ap.isRegTainted(ID_TMP_SF) == TAINTED)
ap.assignmentSpreadTaintRegReg(se, reg, ID_TMP_SF);
else if (ap.isRegTainted(ID_TMP_OF) == TAINTED)
ap.assignmentSpreadTaintRegReg(se, reg, ID_TMP_OF);
else
ap.assignmentSpreadTaintRegReg(se, reg, ID_TMP_ZF);
}
}
示例5: reg
void SetnleIRBuilder::reg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, reg1e, sf, of, zf;
uint64 reg = this->operands[0].getValue();
uint64 regSize = this->operands[0].getSize();
/* Create the flag SMT semantic */
sf << ap.buildSymbolicFlagOperand(ID_SF);
of << ap.buildSymbolicFlagOperand(ID_OF);
zf << ap.buildSymbolicFlagOperand(ID_ZF);
reg1e << ap.buildSymbolicRegOperand(reg, regSize);
/* Finale expr */
expr << smt2lib::ite(
smt2lib::equal(
smt2lib::bvor(smt2lib::bvxor(sf.str(), of.str()), zf.str()),
smt2lib::bvfalse()),
smt2lib::bv(1, BYTE_SIZE_BIT),
smt2lib::bv(0, BYTE_SIZE_BIT));
/* Create the symbolic element */
se = ap.createRegSE(inst, expr, reg, regSize);
/* Apply the taint via the concretization */
if (((ap.getFlagValue(ID_SF) ^ ap.getFlagValue(ID_OF)) | ap.getFlagValue(ID_ZF)) == 0) {
if (ap.isRegTainted(ID_SF) == TAINTED)
ap.assignmentSpreadTaintRegReg(se, reg, ID_SF);
else if (ap.isRegTainted(ID_OF) == TAINTED)
ap.assignmentSpreadTaintRegReg(se, reg, ID_OF);
else
ap.assignmentSpreadTaintRegReg(se, reg, ID_ZF);
}
}
示例6: regReg
void CmovnleIRBuilder::regReg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, reg1e, reg2e, sf, of, zf;
uint64 reg1 = this->operands[0].getValue();
uint64 reg2 = this->operands[1].getValue();
uint64 size1 = this->operands[0].getSize();
uint64 size2 = this->operands[1].getSize();
/* Create the flag SMT semantic */
sf << ap.buildSymbolicFlagOperand(ID_SF);
of << ap.buildSymbolicFlagOperand(ID_OF);
zf << ap.buildSymbolicFlagOperand(ID_ZF);
reg1e << ap.buildSymbolicRegOperand(reg1, size1);
reg2e << ap.buildSymbolicRegOperand(reg2, size2);
expr << smt2lib::ite(
smt2lib::equal(
smt2lib::bvor(smt2lib::bvxor(sf.str(), of.str()), zf.str()),
smt2lib::bvfalse()
),
reg2e.str(),
reg1e.str());
/* Create the symbolic element */
se = ap.createRegSE(inst, expr, reg1, size1);
/* Apply the taint via the concretization */
if (((ap.getFlagValue(ID_SF) ^ ap.getFlagValue(ID_OF)) | ap.getFlagValue(ID_ZF)) == 0)
ap.assignmentSpreadTaintRegReg(se, reg1, reg2);
}
示例7: regMem
void CmovlIRBuilder::regMem(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, reg1e, mem1e, sf, of;
uint32 readSize = this->operands[1].getSize();
uint64 mem = this->operands[1].getValue();
uint64 reg = this->operands[0].getValue();
uint64 regSize = this->operands[0].getSize();
/* Create the flag SMT semantic */
sf << ap.buildSymbolicFlagOperand(ID_SF);
of << ap.buildSymbolicFlagOperand(ID_OF);
reg1e << ap.buildSymbolicRegOperand(reg, regSize);
mem1e << ap.buildSymbolicMemOperand(mem, readSize);
expr << smt2lib::ite(
smt2lib::equal(
smt2lib::bvxor(sf.str(), of.str()),
smt2lib::bvtrue()),
mem1e.str(),
reg1e.str());
/* Create the symbolic element */
se = ap.createRegSE(inst, expr, reg, regSize);
/* Apply the taint via the concretization */
if (ap.getFlagValue(ID_SF) ^ ap.getFlagValue(ID_OF))
ap.assignmentSpreadTaintRegMem(se, reg, mem, readSize);
}
示例8: regReg
void CmovnleIRBuilder::regReg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *reg1e, *reg2e, *sf, *of, *zf;
auto reg1 = this->operands[0].getReg().getTritonRegId();
auto reg2 = this->operands[1].getReg().getTritonRegId();
auto regSize1 = this->operands[0].getReg().getSize();
auto regSize2 = this->operands[1].getReg().getSize();
/* Create the flag SMT semantic */
sf = ap.buildSymbolicFlagOperand(ID_SF);
of = ap.buildSymbolicFlagOperand(ID_OF);
zf = ap.buildSymbolicFlagOperand(ID_ZF);
reg1e = ap.buildSymbolicRegOperand(reg1, regSize1);
reg2e = ap.buildSymbolicRegOperand(reg2, regSize2);
expr = smt2lib::ite(
smt2lib::equal(
smt2lib::bvor(smt2lib::bvxor(sf, of), zf),
smt2lib::bvfalse()
),
reg2e,
reg1e);
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, reg1, regSize1);
/* Apply the taint via the concretization */
if (((ap.getFlagValue(ID_SF) ^ ap.getFlagValue(ID_OF)) | ap.getFlagValue(ID_ZF)) == 0)
ap.assignmentSpreadTaintRegReg(se, reg1, reg2);
}
示例9: regMem
void CmovnleIRBuilder::regMem(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *reg1e, *mem1e, *sf, *of, *zf;
uint32 readSize = this->operands[1].getSize();
uint64 mem = this->operands[1].getValue();
uint64 reg = this->operands[0].getValue();
uint64 regSize = this->operands[0].getSize();
/* Create the flag SMT semantic */
sf = ap.buildSymbolicFlagOperand(ID_SF);
of = ap.buildSymbolicFlagOperand(ID_OF);
zf = ap.buildSymbolicFlagOperand(ID_ZF);
reg1e = ap.buildSymbolicRegOperand(reg, regSize);
mem1e = ap.buildSymbolicMemOperand(mem, readSize);
expr = smt2lib::ite(
smt2lib::equal(
smt2lib::bvor(smt2lib::bvxor(sf, of), zf),
smt2lib::bvfalse()
),
mem1e,
reg1e);
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, reg, regSize);
/* Apply the taint via the concretization */
if (((ap.getFlagValue(ID_SF) ^ ap.getFlagValue(ID_OF)) | ap.getFlagValue(ID_ZF)) == 0)
ap.assignmentSpreadTaintRegMem(se, reg, mem, readSize);
}
示例10: mem
void SetlIRBuilder::mem(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, mem1e, sf, of;
uint64_t mem = this->operands[0].getValue();
uint64_t memSize = this->operands[0].getSize();
/* Create the flag SMT semantic */
sf << ap.buildSymbolicFlagOperand(ID_SF);
of << ap.buildSymbolicFlagOperand(ID_OF);
mem1e << ap.buildSymbolicMemOperand(mem, memSize);
/* Finale expr */
expr << smt2lib::ite(
smt2lib::equal(
smt2lib::bvxor(sf.str(), of.str()),
smt2lib::bvtrue()),
smt2lib::bv(1, BYTE_SIZE_BIT),
smt2lib::bv(0, BYTE_SIZE_BIT));
/* Create the symbolic element */
se = ap.createMemSE(inst, expr, mem, memSize);
/* Apply the taint via the concretization */
if (ap.getFlagValue(ID_SF) ^ ap.getFlagValue(ID_OF)) {
if (ap.isRegTainted(ID_SF) == TAINTED)
ap.assignmentSpreadTaintMemReg(se, mem, ID_SF, memSize);
else
ap.assignmentSpreadTaintMemReg(se, mem, ID_OF, memSize);
}
}
示例11: reg
void SetbIRBuilder::reg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *cf;
auto reg = this->operands[0].getReg();
auto regSize = this->operands[0].getReg().getSize();
/* Create the SMT semantic */
cf = ap.buildSymbolicFlagOperand(ID_TMP_CF);
/* Finale expr */
expr = smt2lib::ite(
smt2lib::equal(
cf,
smt2lib::bvtrue()),
smt2lib::bv(1, BYTE_SIZE_BIT),
smt2lib::bv(0, BYTE_SIZE_BIT));
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, reg, regSize);
/* Apply the taint via the concretization */
if (ap.getFlagValue(ID_TMP_CF) == 1)
ap.assignmentSpreadTaintRegReg(se, reg, ID_TMP_CF);
}
示例12: mem
void SetsIRBuilder::mem(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr, *sf;
auto mem = this->operands[0].getMem().getAddress();
auto memSize = this->operands[0].getMem().getSize();
/* Create the SMT semantic */
sf = ap.buildSymbolicFlagOperand(ID_SF);
/* Finale expr */
expr = smt2lib::ite(
smt2lib::equal(
sf,
smt2lib::bvtrue()),
smt2lib::bv(1, BYTE_SIZE_BIT),
smt2lib::bv(0, BYTE_SIZE_BIT));
/* Create the symbolic expression */
se = ap.createMemSE(inst, expr, mem, memSize);
/* Apply the taint via the concretization */
if (ap.getFlagValue(ID_SF) == 1)
ap.assignmentSpreadTaintMemReg(se, mem, ID_SF, memSize);
}
示例13: reg
void SetsIRBuilder::reg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, reg1e, sf;
uint64_t reg = this->operands[0].getValue();
uint64_t regSize = this->operands[0].getSize();
/* Create the SMT semantic */
sf << ap.buildSymbolicFlagOperand(ID_SF);
reg1e << ap.buildSymbolicRegOperand(reg, regSize);
/* Finale expr */
expr << smt2lib::ite(
smt2lib::equal(
sf.str(),
smt2lib::bvtrue()),
smt2lib::bv(1, BYTE_SIZE_BIT),
smt2lib::bv(0, BYTE_SIZE_BIT));
/* Create the symbolic element */
se = ap.createRegSE(inst, expr, reg, regSize);
/* Apply the taint via the concretization */
if (ap.getFlagValue(ID_SF) == 1)
ap.assignmentSpreadTaintRegReg(se, reg, ID_SF);
}
示例14:
static PyObject *Triton_getRegs(PyObject *self, PyObject *noargs)
{
PyObject *regs = xPyDict_New();
/* Build all Registers */
for (uint64 regId = ID_RAX; regId < ID_RFLAGS; regId++){
PyObject *reg = xPyDict_New();
if (regId >= ID_XMM0 && regId <= ID_XMM15)
PyDict_SetItemString(reg, "concreteValue", uint128ToPyLongObject(ap.getSSERegisterValue(regId)));
else
PyDict_SetItemString(reg, "concreteValue", Py_BuildValue("k", ap.getRegisterValue(regId)));
PyDict_SetItemString(reg, "symbolicExpr", Py_BuildValue("k", ap.getRegSymbolicID(regId)));
PyDict_SetItem(regs, Py_BuildValue("k", regId), reg);
}
/* Build all Flags */
for (uint64 flagId = ID_AF; flagId <= ID_ZF; flagId++){
PyObject *flag = xPyDict_New();
PyDict_SetItemString(flag, "concreteValue", Py_BuildValue("k", ap.getFlagValue(flagId)));
PyDict_SetItemString(flag, "symbolicExpr", Py_BuildValue("k", ap.getRegSymbolicID(flagId)));
PyDict_SetItem(regs, Py_BuildValue("k", flagId), flag);
}
return regs;
}
示例15: regReg
void CmovpIRBuilder::regReg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr, reg1e, reg2e, pf;
uint64 reg1 = this->operands[0].getValue();
uint64 reg2 = this->operands[1].getValue();
uint64 size1 = this->operands[0].getSize();
uint64 size2 = this->operands[1].getSize();
/* Create the SMT semantic */
pf << ap.buildSymbolicFlagOperand(ID_PF);
reg1e << ap.buildSymbolicRegOperand(reg1, size1);
reg2e << ap.buildSymbolicRegOperand(reg2, size2);
expr << smt2lib::ite(
smt2lib::equal(
pf.str(),
smt2lib::bvtrue()),
reg2e.str(),
reg1e.str());
/* Create the symbolic element */
se = ap.createRegSE(inst, expr, reg1, size1);
/* Apply the taint via the concretization */
if (ap.getFlagValue(ID_PF) == 1)
ap.assignmentSpreadTaintRegReg(se, reg1, reg2);
}