void CallIRBuilder::imm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr1, expr2;
uint64_t imm = this->operands[0].getValue();
uint64_t memDst = this->operands[1].getValue(); // The dst memory write
uint32_t writeSize = this->operands[1].getSize();
/* Create the SMT semantic side effect */
alignStack(inst, ap, writeSize);
/* Create the SMT semantic */
/* *RSP = Next_RIP */
expr1 << smt2lib::bv(this->nextAddress, writeSize * REG_SIZE);
/* Create the symbolic element */
se = ap.createMemSE(inst, expr1, memDst, writeSize, "Saved RIP");
/* Apply the taint */
ap.assignmentSpreadTaintMemImm(se, memDst, writeSize);
/* Create the SMT semantic */
/* RIP = imm */
expr2 << smt2lib::bv(imm, writeSize * REG_SIZE);
/* Create the symbolic element */
se = ap.createRegSE(inst, expr2, ID_RIP, REG_SIZE, "RIP");
/* Apply the taint */
ap.assignmentSpreadTaintRegImm(se, ID_RIP);
}
void MovIRBuilder::memImm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr;
uint32_t writeSize = this->operands[0].getSize();
uint64_t mem = this->operands[0].getValue();
uint64_t imm = this->operands[1].getValue();
/* Create the SMT semantic */
expr << smt2lib::bv(imm, writeSize * REG_SIZE);
/* Create the symbolic element */
se = ap.createMemSE(inst, expr, mem, writeSize);
/* Apply the taint */
ap.assignmentSpreadTaintMemImm(se, mem, writeSize);
}
void MovIRBuilder::memImm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr;
auto memSize = this->operands[0].getMem().getSize();
auto mem = this->operands[0].getMem();
auto imm = this->operands[1].getImm().getValue();
/* Create the SMT semantic */
expr = smt2lib::bv(imm, memSize * REG_SIZE);
/* Create the symbolic expression */
se = ap.createMemSE(inst, expr, mem, memSize);
/* Apply the taint */
ap.assignmentSpreadTaintMemImm(se, mem, memSize);
}
