XVilka
commented
1 month ago We could use RzIL for that
Open Rot127 opened 7 months ago
XVilka
commented
1 month ago We could use RzIL for that
Rot127
commented
1 month ago Actually it fits very well in the abstract interpretation I currently implement.
The abstract interpreter is an independent module and can be used for it. Or it is a by-product of the static analysis runs.
Abstract interpretation is also better because we can walk every path of a given function. Which would be a problem with emulation.
Also, this information should be stored then in the knowledge base.
In any case, no need to implement something new I think. If anyone is interested, please ping me here.
Is your feature request related to a problem? Please describe.
Tracking which registers depend on unknown or varying input values (e.g. passed arguments, mutable system registers or writable memory) can be useful for many things.
For example:
Describe the solution you'd like
For every new function added we can build a graph for the registers used in it.
Same for values which are deduced by other register out of scope (system registers).
Registers with an unset taint flag, are assumed to contain statically deducible values.
Obviously this must be extended for memory operations as well. If the memory reference loads from static memory, the destination register doesn't need to have the taint flag set.
Describe alternatives you've considered
None
Additional context
None yet