getSymbolicExpressions returns empty output

JonathanSalwan / Triton

Triton is a dynamic binary analysis library. Build your own program analysis tools, automate your reverse engineering, perform software verification or just emulate code.

https://triton-library.github.io

Apache License 2.0

3.4k stars 524 forks source link

getSymbolicExpressions returns empty output #1268

Closed xer0times closed 11 months ago

xer0times commented 11 months ago

Hi.

I have the same problem, #950

Something like this could work.

refs = []

ctx.processing(inst)
for se in inst.getSymbolicExpressions():
    refs.append(se)

I used this way and counted how many tainted (inst.isTainted) or symbolized (inst.isSymbolized) instructions were processed. At the end, the refs are empty, but the counter is almost #3453! Why does that happen?

I'd appreciate any suggestions.

xer0times commented 11 months ago

The problem was in CALLBACK.GET_CONCRETE_MEMORY_VALUE, which shouldn't work with symbolized memory. That makes sense!