lunixbochs
commented
8 years ago Taint analysis for registers can be done statically in one single-stepped run, but as registers don't change, subsequent runs can likely be done with memory trace only.
Open lunixbochs opened 8 years ago
lunixbochs
commented
8 years ago Taint analysis for registers can be done statically in one single-stepped run, but as registers don't change, subsequent runs can likely be done with memory trace only.
lunixbochs
commented
6 years ago
Hash map? Binary tree? of memory regions annotating their last influenced address or syscall.
When memory is loaded into a register, mark that register with the region. When it's moved to another register or stored to memory, mark the target with the same region.
When a jump or conditional is computed from a marked register, mark immediate values in the target?