Closed peicwang closed 1 year ago
Nifury
commented
1 year ago According to our observations, MSVC tends to use INT3 as padding whereas gcc uses NOP instructions (one-byte or multi-byte).
INT3 and NOP instructions in the ground truth are considered padding instructions.
peicwang
commented
1 year ago So, based on your observations, in order to remove INT3 or NOP instructions from the ground truth, it may only require a simple scan or some more complex algorithms? And do you need to pay attention to the position of these padding instructions? What I mean is that the padding instructions that exist at the end of the function are removed, while those that exist within the function are preserved?
Nifury
commented
1 year ago it may only require a simple scan or some more complex algorithms
A simple scan. You can easily tell if an instruction is a padding instruction via its mnemonics.
It doesn't matter where the padding instructions are. All of them are masked during evaluation.
peicwang
commented
1 year ago Thank you for your reply, I see
Hi, I noticed that you mentioned in your paper that the padding instructions will not count towards positive or negative instructions. I think it's very reasonable, but how to automate this task, specifically, how to accurately identify whether certain instructions are padding instructions?