Negate formula and inject solution in runtime

illera88 / Ponce

IDA 2016 plugin contest winner! Symbolic Execution just one-click away!

https://docs.idaponce.com

Other

1.48k stars 72 forks source link

Negate formula and inject solution in runtime #24

Closed 0ca closed 8 years ago

0ca commented 8 years ago

In the future we can implement the option to solve/negate a condition and based in the solution inject the value in the process and change the flags to invert the condition.

The idea is use this option with manual stepping so the user could negate the conditions he wants and modify the execution in runtime.

In some cases this cannot work. When the input modified was used before in the program to do something additional, like active flags, or modified another input. But still I think it can work in simple cases and it is spectacular.

0ca commented 8 years ago

This was implemented as a different menu item, Negate condition:

And it allows you manually solve conditions as you are debugging the program:

I need still to invert correctly the flags of the negated condition.

0ca commented 8 years ago

We need still to invert all the possible conditions in a proper way.

0ca commented 8 years ago

There is a good explanation here: https://en.wikibooks.org/wiki/X86_Assembly/Control_Flow

But invert all of them is not trivial, some of them are like:

SF = OF and ZF = 0

if we have:

SF=0
OF=1
ZF=1

To invert we should satisfy the equal and the zf flag:

SF=0
OF=0
ZF=0