-
Notifications
You must be signed in to change notification settings - Fork 521
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conditional CMOVss should not invoke operand callbacks if the predicate is false #1166
Comments
Thanks for all those feedback <3, I will handle them when i come back at home (~2 or 3 weeks). |
In a concrete point of view I agree. But if we want to provide a correct symbolic expression, we need to know what values will be read according to the flag ( #
# Output:
# 0x0: cmovne eax, dword ptr [0x100]
# ref_0 = (((((0x0) << 8 | 0x0) << 8 | 0x12) << 8 | 0x34) if (0x0 == 0x0) else 0x0) # CMOVNE operation
# ref_1 = 0x7 # Program Counter
#
import opcode
from triton import *
ctx = TritonContext()
ctx.setArchitecture(ARCH.X86)
ctx.setConcreteMemoryValue(MemoryAccess(0x100, 4), 0x1234)
ctx.setAstRepresentationMode(AST_REPRESENTATION.PYTHON)
inst = Instruction(b"\x0f\x45\x05\x00\x01\x00\x00") # cmovne eax,DWORD PTR ds:0x100
ctx.processing(inst)
print(inst)
for se in inst.getSymbolicExpressions():
print(se) |
Yes. I thought about that as well. So my proposal is like this. Before the conditional MOV triggers the memory callback, set the def isConditionalMOV(inst: Instruction):
return inst.getType() in [
OPCODE.X86.CMOVA,
OPCODE.X86.CMOVAE,
OPCODE.X86.CMOVB,
OPCODE.X86.CMOVBE,
OPCODE.X86.FCMOVBE,
OPCODE.X86.FCMOVB,
OPCODE.X86.CMOVE,
OPCODE.X86.FCMOVE,
OPCODE.X86.CMOVG,
OPCODE.X86.CMOVGE,
OPCODE.X86.CMOVL,
OPCODE.X86.CMOVLE,
OPCODE.X86.FCMOVNBE,
OPCODE.X86.FCMOVNB,
OPCODE.X86.CMOVNE,
OPCODE.X86.FCMOVNE,
OPCODE.X86.CMOVNO,
OPCODE.X86.CMOVNP,
OPCODE.X86.FCMOVNU,
OPCODE.X86.CMOVNS,
OPCODE.X86.CMOVO,
OPCODE.X86.CMOVP,
OPCODE.X86.FCMOVU,
OPCODE.X86.CMOVS,
]
def mem_read_cb(ctx, mem):
if isConditionalMOV(inst) and not inst.isConditionTaken():
return
assert False, 'should not invoke memory read callback if condition mov predicate is false' CMOVcc family is probably the only instructions that need to be handled this way, not sure if there are other instructions like this. |
Illustrated below,
cmovne eax,DWORD PTR ds:0x100
is skipped because the condition is false, yet Triton still call the operand callbacks.The text was updated successfully, but these errors were encountered: