libdft64 icon indicating copy to clipboard operation
libdft64 copied to clipboard

Published 20 hours ago verified publisher icon AngoraFuzzer

Printing taint tracked instructions

Open r00tus3r opened this issue 2 years ago • 3 comments

Hi,

I tried to print the instructions using taint tracked data by uncommenting the following code: https://github.com/AngoraFuzzer/libdft64/blob/master/src/libdft_api.cpp#L302

But it seems to print all the instructions which are executed after tainted = true set in here: https://github.com/AngoraFuzzer/libdft64/blob/master/src/syscall_hook.cpp#L19

Is there another way to print the taint tracked instructions?

r00tus3r avatar Jun 30 '22 01:06 r00tus3r

It looks like there is no existed way to find tainted instructions. You may need to mark them respectively by yourself.

spinpx avatar Jul 01 '22 03:07 spinpx

Alright, do you have any suggestions on what might be a good way to do that?

r00tus3r avatar Jul 01 '22 20:07 r00tus3r

Sorry that I am not able to offer any good advice since the rules for taint propagation is too trivial. e.g for binary ops, you may add hook for tag_combine to detect if it is tainted or not, but it does not works on mov instructions.

spinpx avatar Jul 02 '22 10:07 spinpx