Multi-Byte Symbolic Expressions

cyber-defence-campus / morion

Morion is a PoC tool to experiment with symbolic execution on real-word (ARMv7) binaries.

Apache License 2.0

5 stars 1 forks source link

Closed pdamian closed 6 days ago

pdamian commented 2 years ago

Does it make sense to e.g. make the argument of strlen being based on a single symbolic variable (strlen($) instead of strlen($$$$)?

pdamian commented 1 year ago

It could probably make sense, yes. However, in Triton we are restricted by MemoryAccess and its allowed sizes.

Methods to assign a symbolic variable to a memory location (registers likewise):

SymbolicVariable symbolizeMemory(MemoryAccess mem, string symVarAlias)
void assignSymbolicExpressionToMemory(SymbolicExpression symExpr, MemoryAccess mem)

Allowed sizes for MemoryAccess (CPUSIZE):

pdamian commented 6 days ago

Currently not intended to be addresses.