search

JonathanSalwan / Triton

Triton is a dynamic binary analysis library. Build your own program analysis tools, automate your reverse engineering, perform software verification or just emulate code.
https://triton-library.github.io
Apache License 2.0
3.4k stars 525 forks source link

Fix bswap regression from #1131 #1151

Closed Andrix44 closed 2 years ago

Andrix44 commented 2 years ago

The instructions

mov r8d, 0xe65c5560
bswap r8d

behave like you would expect to when running natively: image On master running the code 

#!/usr/bin/env python
## -*- coding: utf-8 -*-
try:
    from triton_autocomplete import *
except:
    pass
from triton import TritonContext, ARCH, Instruction

if __name__ == '__main__':
    ctx = TritonContext(ARCH.X86_64)
    # mov r8d, 0xe65c5560
    # bswap r8d
    for opcode in (b"\x41\xb8\x60\x55\x5c\xe6", b"\x41\x0f\xc8"):
        inst = Instruction(opcode)
        ctx.processing(inst)
        print(inst)
        for expr in inst.getSymbolicExpressions():
            print('\t', expr)
        print()

    print('r8d:', hex(ctx.getConcreteRegisterValue(ctx.registers.r8d)))

produces:

0x0: mov r8d, 0xe65c5560
         (define-fun ref!0 () (_ BitVec 64) ((_ zero_extend 32) (_ bv3864810848 32))) ; MOV operation
         (define-fun ref!1 () (_ BitVec 64) (_ bv6 64)) ; Program Counter

0x6: bswap r8d
         (define-fun ref!2 () (_ BitVec 64) ((_ zero_extend 32) (concat (_ bv0 8) (_ bv0 8) ((_ extract 23 16) ((_ extract 31 0) ref!0)) ((_ extract 31 24) ((_ extract 31 0) ref!0))))) ; BSWAP operation
         (define-fun ref!3 () (_ BitVec 64) (_ bv9 64)) ; Program Counter

r8d: 0x5ce6

The lowest 2 bytes of the operand were discarded. This PR fixes the problem and adds a testcase for it. After the changes:

0x0: mov r8d, 0xe65c5560
         (define-fun ref!0 () (_ BitVec 64) ((_ zero_extend 32) (_ bv3864810848 32))) ; MOV operation
         (define-fun ref!1 () (_ BitVec 64) (_ bv6 64)) ; Program Counter

0x6: bswap r8d
         (define-fun ref!2 () (_ BitVec 64) ((_ zero_extend 32) (concat ((_ extract 7 0) ((_ extract 31 0) ref!0)) ((_ extract 15 8) ((_ extract 31 0) ref!0)) ((_ extract 23 16) ((_ extract 31 0) ref!0)) ((_ extract 31 24) ((_ extract 31 0) ref!0))))) ; BSWAP operation
         (define-fun ref!3 () (_ BitVec 64) (_ bv9 64)) ; Program Counter

r8d: 0x60555ce6
JonathanSalwan commented 2 years ago

Erf my bad! Good catch!

SweetVishnya commented 2 years ago

Nice catch! It actually improved some our local tests!