コード例 #1
0
ファイル: TestIRBuilder.cpp プロジェクト: v0re/Triton 
void TestIRBuilder::regReg(AnalysisProcessor &ap, Inst &inst) const {
  SymbolicExpression *se;
  smt2lib::smtAstAbstractNode *expr, *op1, *op2;
  auto reg1 = this->operands[0].getReg();
  auto reg2 = this->operands[1].getReg();
  auto regSize1 = this->operands[0].getReg().getSize();
  auto regSize2 = this->operands[1].getReg().getSize();

  /* Create the SMT semantic */
  op1 = ap.buildSymbolicRegOperand(reg1, regSize1);
  op2 = ap.buildSymbolicRegOperand(reg2, regSize2);

  // Final expr
  expr = smt2lib::bvand(op1, op2);

  /* Create the symbolic expression */
  se = ap.createSE(inst, expr);

  /* Apply the taint */
  ap.assignmentSpreadTaintExprRegReg(se, reg1, reg2);

  /* Add the symbolic flags expression to the current inst */
  EflagsBuilder::clearFlag(inst, ap, ID_TMP_CF, "Clears carry flag");
  EflagsBuilder::clearFlag(inst, ap, ID_TMP_OF, "Clears overflow flag");
  EflagsBuilder::pf(inst, se, ap, regSize1);
  EflagsBuilder::sf(inst, se, ap, regSize1);
  EflagsBuilder::zf(inst, se, ap, regSize1);
}
コード例 #2
0
void TestIRBuilder::regReg(AnalysisProcessor &ap, Inst &inst) const {
  SymbolicElement   *se;
  std::stringstream expr, op1, op2;
  uint64            reg1     = this->operands[0].getValue();
  uint64            reg2     = this->operands[1].getValue();
  uint32            regSize1 = this->operands[0].getSize();
  uint32            regSize2 = this->operands[1].getSize();

  /* Create the SMT semantic */
  op1 << ap.buildSymbolicRegOperand(reg1, regSize1);
  op2 << ap.buildSymbolicRegOperand(reg2, regSize2);

  // Final expr
  expr << smt2lib::bvand(op1.str(), op2.str());

  /* Create the symbolic element */
  se = ap.createSE(inst, expr);

  /* Apply the taint */
  ap.assignmentSpreadTaintExprRegReg(se, reg1, reg2);

  /* Add the symbolic flags element to the current inst */
  EflagsBuilder::clearFlag(inst, ap, ID_CF, "Clears carry flag");
  EflagsBuilder::clearFlag(inst, ap, ID_OF, "Clears overflow flag");
  EflagsBuilder::pf(inst, se, ap);
  EflagsBuilder::sf(inst, se, ap, regSize1);
  EflagsBuilder::zf(inst, se, ap, regSize1);
}
コード例 #3
0
ファイル: CmpIRBuilder.cpp プロジェクト: Jinmo/Triton 
void CmpIRBuilder::regReg(AnalysisProcessor &ap, Inst &inst) const {
    SymbolicExpression *se;
    smt2lib::smtAstAbstractNode *expr, *op1, *op2;
    uint64 reg1     = this->operands[0].getValue();
    uint64 reg2     = this->operands[1].getValue();
    uint32 regSize1 = this->operands[0].getSize();
    uint32 regSize2 = this->operands[1].getSize();

    /* Create the SMT semantic */
    op1 = ap.buildSymbolicRegOperand(reg1, regSize1);
    op2 = ap.buildSymbolicRegOperand(reg2, regSize2);

    /* Final expr */
    expr = smt2lib::bvsub(op1, op2);

    /* Create the symbolic expression */
    se = ap.createSE(inst, expr, "Temporary Compare");

    /* Apply the taint */
    ap.assignmentSpreadTaintExprRegReg(se, reg1, reg2);

    /* Add the symbolic flags expression to the current inst */
    EflagsBuilder::af(inst, se, ap, regSize1, op1, op2);
    EflagsBuilder::cfSub(inst, se, ap, op1, op2);
    EflagsBuilder::ofSub(inst, se, ap, regSize1, op1, op2);
    EflagsBuilder::pf(inst, se, ap, regSize1);
    EflagsBuilder::sf(inst, se, ap, regSize1);
    EflagsBuilder::zf(inst, se, ap, regSize1);
}