void XaddIRBuilder::memReg(AnalysisProcessor &ap, Inst &inst) const { SymbolicElement *se1, *se2; std::stringstream expr1, expr2, op1, op2; uint64_t mem1 = this->operands[0].getValue(); uint64_t reg2 = this->operands[1].getValue(); uint32_t memSize1 = this->operands[0].getSize(); uint32_t regSize2 = this->operands[1].getSize(); uint64_t tmpMem1Taint = ap.isMemTainted(mem1); uint64_t tmpReg2Taint = ap.isRegTainted(reg2); /* Create the SMT semantic */ op1 << ap.buildSymbolicMemOperand(mem1, memSize1); op2 << ap.buildSymbolicRegOperand(reg2, regSize2); // Final expr expr1 << op2.str(); expr2 << smt2lib::bvadd(op1.str(), op2.str()); /* Create the symbolic element */ se1 = ap.createMemSE(inst, expr1, mem1, memSize1); se2 = ap.createRegSE(inst, expr2, reg2, regSize2); /* Apply the taint */ ap.setTaintMem(se1, mem1, tmpReg2Taint); ap.setTaintReg(se2, reg2, tmpMem1Taint); /* Add the symbolic flags element to the current inst */ EflagsBuilder::af(inst, se2, ap, memSize1, op1, op2); EflagsBuilder::cfAdd(inst, se2, ap, op1); EflagsBuilder::ofAdd(inst, se2, ap, memSize1, op1, op2); EflagsBuilder::pf(inst, se2, ap); EflagsBuilder::sf(inst, se2, ap, memSize1); EflagsBuilder::zf(inst, se2, ap, memSize1); }
void XaddIRBuilder::memReg(AnalysisProcessor &ap, Inst &inst) const { SymbolicExpression *se1, *se2; smt2lib::smtAstAbstractNode *expr1, *expr2, *op1, *op2; uint64 mem1 = this->operands[0].getValue(); uint64 reg2 = this->operands[1].getValue(); uint32 memSize1 = this->operands[0].getSize(); uint32 regSize2 = this->operands[1].getSize(); uint64 tmpMem1Taint = ap.isMemTainted(mem1); uint64 tmpReg2Taint = ap.isRegTainted(reg2); /* Create the SMT semantic */ op1 = ap.buildSymbolicMemOperand(mem1, memSize1); op2 = ap.buildSymbolicRegOperand(reg2, regSize2); // Final expr expr1 = op2; expr2 = smt2lib::bvadd(op1, op2); /* Create the symbolic expression */ se1 = ap.createMemSE(inst, expr1, mem1, memSize1); se2 = ap.createRegSE(inst, expr2, reg2, regSize2); /* Apply the taint */ ap.setTaintMem(se1, mem1, tmpReg2Taint); ap.setTaintReg(se2, reg2, tmpMem1Taint); /* Add the symbolic flags expression to the current inst */ EflagsBuilder::af(inst, se2, ap, memSize1, op1, op2); EflagsBuilder::cfAdd(inst, se2, ap, memSize1, op1); EflagsBuilder::ofAdd(inst, se2, ap, memSize1, op1, op2); EflagsBuilder::pf(inst, se2, ap, memSize1); EflagsBuilder::sf(inst, se2, ap, memSize1); EflagsBuilder::zf(inst, se2, ap, memSize1); }