void opc_cmp_handler(char *opd1,char *opd2,char *offset,char *immi){
int ans;
int dec_opd2=bintodec(opd2);
if(immi[1]=='0'){
if(immi[0]=='0'){
int dec_opd1=bintodec(opd1);
int val_opd2=get_reg_val(dec_opd2);
ans=val_opd2-get_reg_val(dec_opd1);
}
else{
int dec_im_opd1=bintodec(opd1);
ans=get_reg_val(dec_opd2)-dec_im_opd1;
}
}
else{
int dec_off=bintodec(offset);
if(immi[0]=='0'){
int dec_opd1=bintodec(opd1);
ans=get_mem_val(dec_opd2+dec_off)-get_reg_val(dec_opd1);
}
else{
int dec_im_opd1=bintodec(opd1);
ans=get_mem_val(dec_opd2+dec_off)-dec_im_opd1;
}
}
if(ans==0){
set_reg_val(regfile+R_FLAGS,0);
}
else if(ans>0){
set_reg_val(regfile+R_FLAGS,1);
}
else{
set_reg_val(regfile+R_FLAGS,2);
}
}
void opc_xchange_handler(char *opd1,char *opd2,char *offset,char *immi){
int ans1,ans2;
int dec_opd2=bintodec(opd2);
if(immi[1]=='0'){
if(immi[0]=='0'){
int dec_opd1=bintodec(opd1);
int val_opd2=get_reg_val(dec_opd2);
ans1=get_reg_val(dec_opd1);
set_reg_val(regfile+dec_opd2,ans1);
ans2=get_reg_val(dec_opd2);
set_reg_val(regfile+dec_opd1,ans2);
}
}
else{
int dec_off=bintodec(offset);
if(immi[0]=='0'){
int dec_opd1=bintodec(opd1);
ans1=get_mem_val(dec_opd2+dec_off)+get_reg_val(dec_opd1);
set_reg_val(mem+dec_opd2+dec_off,ans1);
ans2=get_mem_val(dec_opd2+dec_off);
set_reg_val(regfile+dec_opd1,ans2);
}
}
}
void opc_pop_handler(char *opd1,char *opd2,char *offset,char *immi){
int ans;
int dec_opd2=bintodec(opd2);
int val_esp=get_reg_val(8);
if(immi[1]=='0'){
if(immi[0]=='0'){
int dec_opd1=bintodec(opd1);
int val_mem=get_mem_val(mem+val_esp);
ans=val_mem;
set_reg_val(regfile+dec_opd1,ans);
}
}
int new_esp=get_reg_val(8)+1;
set_reg_val(regfile+8,new_esp);
}
/*****************interface functions********************/
void handle_data_rewrite(const xed_inst_t* xi) {
unsigned int value = 0, mem_addr = 0, begin = 0, end = 0;
xed_reg_enum_t reg_id_0;
if(data_func[0] == 0){
setup_data_taint();
}
xed_iclass_enum_t opcode = xed_decoded_inst_get_iclass(&xedd_g);
const xed_operand_t *op1 = xed_inst_operand(xi, 1);
xed_operand_enum_t op_name1 = xed_operand_name(op1);
const xed_operand_t *op0 = xed_inst_operand(xi, 0);
xed_operand_enum_t op_name0 = xed_operand_name(op0);
//dependence data store data addresses
unsigned int taint = 0;
int mem_idx;
if(opcode != XED_ICLASS_LEA){
if(operand_is_mem4(op_name0, &mem_addr, 0)){
mem_idx = op_name0 == XED_OPERAND_MEM1 ? 1 : 0;
xed_reg_enum_t base_regid =
xed_decoded_inst_get_base_reg(&xedd_g, mem_idx);
if((base_regid != XED_REG_INVALID)){
if(taint = d_get_reg_taint(base_regid)){
update_mem_val_type(taint, 1, API_NONE, 0);
value = get_mem_val(taint)->val;
insert_dependence_data(mem_addr,xed_decoded_inst_operand_length(&xedd_g, 0));
/*
if(value < mem_addr)//value is root
insert_dependence_data(value,
mem_addr + xed_decoded_inst_operand_length(&xedd_g, 0) - value);
else{
insert_dependence_data(mem_addr,
value > mem_addr + xed_decoded_inst_operand_length(&xedd_g, 0) ?
value : mem_addr + xed_decoded_inst_operand_length(&xedd_g, 0) - mem_addr);
}*/
}
}
}else if(operand_is_mem4(op_name1, &mem_addr, 1)){
mem_idx = op_name1 == XED_OPERAND_MEM1 ? 1 : 0;
xed_reg_enum_t base_regid =
xed_decoded_inst_get_base_reg(&xedd_g, mem_idx);
xed_reg_enum_t index_regid =
xed_decoded_inst_get_index_reg(&xedd_g, mem_idx);
if((base_regid != XED_REG_INVALID)){
int a = 0,b = 0;
a = PEMU_get_reg(base_regid);
b = PEMU_get_reg(index_regid);
if(index_regid!=XED_REG_INVALID && b>a){
if((taint = d_get_reg_taint(index_regid))&&mem_taint==0)
{
update_mem_val_type(taint, 1, API_NONE, 0);
value = get_mem_val(taint)->val;
insert_dependence_data(mem_addr,xed_decoded_inst_operand_length(&xedd_g, 0));
}
}else if((taint = d_get_reg_taint(base_regid))&&mem_taint==0){
update_mem_val_type(taint, 1, API_NONE, 0);
value = get_mem_val(taint)->val;
insert_dependence_data(mem_addr,xed_decoded_inst_operand_length(&xedd_g, 0));
}
}
}
}
//taint source:
if(opcode == XED_ICLASS_PUSH ){
if(operand_is_mem4(op_name0, &mem_addr, 0)){
if(is_dependence_addr(mem_addr) && !is_d_written(mem_addr)){
unsigned int esp = PEMU_get_reg(XED_REG_ESP) - 4;
#ifdef DEBUG
fprintf(stdout, "taint source:\t%x\n", mem_addr);
#endif
d_set_mem_taint_bysize(esp, mem_addr, 4);
PEMU_read_mem(mem_addr, 4, &value);
insert_mem_val(mem_addr, value);
}
}
}else
if(opcode == XED_ICLASS_JMP || opcode == XED_ICLASS_CALL_NEAR) {
if(operand_is_mem4(op_name0, &mem_addr, 0)){
if(is_dependence_addr(mem_addr) && !is_d_written(mem_addr)){
#ifdef DEBUG
fprintf(stdout, "taint source:\t%x\n", mem_addr);
#endif
d_set_mem_taint_bysize(mem_addr, mem_addr, 4);
PEMU_read_mem(mem_addr, 4, &value);
insert_mem_val(mem_addr, value);
}
}
}else{
if(opcode != XED_ICLASS_LEA && operand_is_mem4(op_name1, &mem_addr, 1)){
if(is_dependence_addr(mem_addr) && !is_d_written(mem_addr)){
if(operand_is_reg(op_name0, ®_id_0)){
#ifdef DEBUG
fprintf(stdout, "taint source:\t%x\n", mem_addr);
#endif
d_set_reg_taint(reg_id_0, mem_addr);
PEMU_read_mem(mem_addr, 4, &value);
insert_mem_val(mem_addr, value);
}else{
fprintf(stderr, "error in handle_data_rewrite\n");
exit(0);
}
return;
}
}
}
//propagation
data_func[opcode](xi);
}
