void CallIRBuilder::imm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr1, expr2;
uint64_t imm = this->operands[0].getValue();
uint64_t memDst = this->operands[1].getValue(); // The dst memory write
uint32_t writeSize = this->operands[1].getSize();
/* Create the SMT semantic side effect */
alignStack(inst, ap, writeSize);
/* Create the SMT semantic */
/* *RSP = Next_RIP */
expr1 << smt2lib::bv(this->nextAddress, writeSize * REG_SIZE);
/* Create the symbolic element */
se = ap.createMemSE(inst, expr1, memDst, writeSize, "Saved RIP");
/* Apply the taint */
ap.assignmentSpreadTaintMemImm(se, memDst, writeSize);
/* Create the SMT semantic */
/* RIP = imm */
expr2 << smt2lib::bv(imm, writeSize * REG_SIZE);
/* Create the symbolic element */
se = ap.createRegSE(inst, expr2, ID_RIP, REG_SIZE, "RIP");
/* Apply the taint */
ap.assignmentSpreadTaintRegImm(se, ID_RIP);
}
void MovIRBuilder::regImm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se;
std::stringstream expr;
uint64_t reg = this->operands[0].getValue();
uint64_t imm = this->operands[1].getValue();
uint64_t size = this->operands[0].getSize();
/* Create the SMT semantic */
expr << smt2lib::bv(imm, size * REG_SIZE);
/* Create the symbolic element */
se = ap.createRegSE(inst, expr, reg, size);
/* Apply the taint */
ap.assignmentSpreadTaintRegImm(se, reg);
}
void MovIRBuilder::regImm(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se;
smt2lib::smtAstAbstractNode *expr;
auto reg = this->operands[0].getReg();
auto regSize = this->operands[0].getReg().getSize();
auto imm = this->operands[1].getImm().getValue();
/* Create the SMT semantic */
expr = smt2lib::bv(imm, regSize * REG_SIZE);
/* Create the symbolic expression */
se = ap.createRegSE(inst, expr, reg, regSize);
/* Apply the taint */
ap.assignmentSpreadTaintRegImm(se, reg);
}
