search

JonathanSalwan / Triton

Triton is a dynamic binary analysis library. Build your own program analysis tools, automate your reverse engineering, perform software verification or just emulate code.
https://triton-library.github.io
Apache License 2.0
3.4k stars 524 forks source link

Questions about pointers #1233

Closed jie808 closed 7 months ago

jie808 commented 1 year ago

Code like this

            for k, v in mapping.items():
                if inst.getAddress() == 0x140349283:
                    res = ast.ite(ast.extract(7, 0, ast.reference(ctx.getSymbolicExpression(BID))) + ast.bv(ADB, 8) == k, v, res)
                elif inst.getAddress() == 0x140349286:
                    res = ast.ite(ast.extract(7, 0, ast.reference(ctx.getSymbolicExpression(AID))) + ast.bv(ADA, 8) == k, v, res)

            if inst.getAddress() == 0x140349283:
                if SID:
                    res = ast.extract(31, 0, ast.bvadd(ast.zx(32, res),ast.reference(ctx.getSymbolicExpression(SID))))
                else:
                    res = ast.extract(31, 0, ast.bvadd(ast.zx(32, res),ast.zx(32, ast.bv(3933796639,32))))
            elif inst.getAddress() == 0x140349286:
                res = ast.extract(31, 0, ast.bvadd(ast.zx(32, res),ast.reference(ctx.getSymbolicExpression(exprID))))
                ADA = ADA + 13
                ADB = ADB + 9
            return res

Whether it's a grammar problem or ATS is too long, it always has a probability of error, I compared the original answer, and when it was wrong, "ast.ite" returned a result of 1 or 0 SymbolicExpressions.txt

JonathanSalwan commented 1 year ago

Can you provide a unit test of this behaviour?