void XaddIRBuilder::memReg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicElement *se1, *se2;
std::stringstream expr1, expr2, op1, op2;
uint64_t mem1 = this->operands[0].getValue();
uint64_t reg2 = this->operands[1].getValue();
uint32_t memSize1 = this->operands[0].getSize();
uint32_t regSize2 = this->operands[1].getSize();
uint64_t tmpMem1Taint = ap.isMemTainted(mem1);
uint64_t tmpReg2Taint = ap.isRegTainted(reg2);
/* Create the SMT semantic */
op1 << ap.buildSymbolicMemOperand(mem1, memSize1);
op2 << ap.buildSymbolicRegOperand(reg2, regSize2);
// Final expr
expr1 << op2.str();
expr2 << smt2lib::bvadd(op1.str(), op2.str());
/* Create the symbolic element */
se1 = ap.createMemSE(inst, expr1, mem1, memSize1);
se2 = ap.createRegSE(inst, expr2, reg2, regSize2);
/* Apply the taint */
ap.setTaintMem(se1, mem1, tmpReg2Taint);
ap.setTaintReg(se2, reg2, tmpMem1Taint);
/* Add the symbolic flags element to the current inst */
EflagsBuilder::af(inst, se2, ap, memSize1, op1, op2);
EflagsBuilder::cfAdd(inst, se2, ap, op1);
EflagsBuilder::ofAdd(inst, se2, ap, memSize1, op1, op2);
EflagsBuilder::pf(inst, se2, ap);
EflagsBuilder::sf(inst, se2, ap, memSize1);
EflagsBuilder::zf(inst, se2, ap, memSize1);
}
void XaddIRBuilder::memReg(AnalysisProcessor &ap, Inst &inst) const {
SymbolicExpression *se1, *se2;
smt2lib::smtAstAbstractNode *expr1, *expr2, *op1, *op2;
uint64 mem1 = this->operands[0].getValue();
uint64 reg2 = this->operands[1].getValue();
uint32 memSize1 = this->operands[0].getSize();
uint32 regSize2 = this->operands[1].getSize();
uint64 tmpMem1Taint = ap.isMemTainted(mem1);
uint64 tmpReg2Taint = ap.isRegTainted(reg2);
/* Create the SMT semantic */
op1 = ap.buildSymbolicMemOperand(mem1, memSize1);
op2 = ap.buildSymbolicRegOperand(reg2, regSize2);
// Final expr
expr1 = op2;
expr2 = smt2lib::bvadd(op1, op2);
/* Create the symbolic expression */
se1 = ap.createMemSE(inst, expr1, mem1, memSize1);
se2 = ap.createRegSE(inst, expr2, reg2, regSize2);
/* Apply the taint */
ap.setTaintMem(se1, mem1, tmpReg2Taint);
ap.setTaintReg(se2, reg2, tmpMem1Taint);
/* Add the symbolic flags expression to the current inst */
EflagsBuilder::af(inst, se2, ap, memSize1, op1, op2);
EflagsBuilder::cfAdd(inst, se2, ap, memSize1, op1);
EflagsBuilder::ofAdd(inst, se2, ap, memSize1, op1, op2);
EflagsBuilder::pf(inst, se2, ap, memSize1);
EflagsBuilder::sf(inst, se2, ap, memSize1);
EflagsBuilder::zf(inst, se2, ap, memSize1);
}
static PyObject *Triton_isMemTainted(PyObject *self, PyObject *mem)
{
if (!PyLong_Check(mem) && !PyInt_Check(mem))
return PyErr_Format(PyExc_TypeError, "isMemTainted(): expected an address (integer) as argument");
if (ap.isMemTainted(PyInt_AsLong(mem)) == true)
return Py_True;
return Py_False;
}
static PyObject *Triton_isMemTainted(PyObject *self, PyObject *mem) {
if (!PyLong_Check(mem) && !PyInt_Check(mem))
return PyErr_Format(PyExc_TypeError, "isMemTainted(): expected an address (integer) as argument");
MemoryOperand mo(PyInt_AsLong(mem), 1);
if (ap.isMemTainted(mo) == true)
Py_RETURN_TRUE;
Py_RETURN_FALSE;
}
