Peter Goodman
Peter Goodman
Shameless plug, but [Remill](https://github.com/trailofbits/remill) has C++ implementations of instructions that map to XED iforms. Also in progress is AArch64 support, based on the documents referenced by @jrmuizel. For example, the...
@jrmuizel We use these Semantics in [McSema](https://github.com/trailofbits/mcsema), and some people run KLEE on McSema-produced bitcode. KLEE converts LLVM IR into SMT queries. I also use these semantics in a dynamic...
A better approach to saving/restoring state would be: instead of saving/restoring all registers, emit additional instructions for saving/restoring the used registers.
@awesie Feel free to tackle this :-) If you're looking for an idea on how to do it, it would be similar-ish to how we "rewrite" uses of esp/rsp to...
1. I think you should investigate the level of effort to ensure matching events, that way there is a certain amount of uniformity in your data model. It's convenient to...
Here's another one: ``` Tree sitter query generation failed: Structure (binary_expression left: [(identifier) (field_expression) (field_identifier)] @2 operator: "*" right: [(identifier) (field_expression) (field_identifier)] @1)]))]) consequence:(identifier) @4)@5(#eq? @4 "g")) ^ sexpr: ((if_statement...
And another: ``` Tree sitter query generation failed: Structure ((if_statement "if" @0 condition:(parenthesized_expression (ERROR (ERROR)) [(identifier) (field_expression) (field_identifier)] @1) consequence:(goto_statement "goto" @2 label:(statement_identifier)))@3) ^ sexpr: ((if_statement "if" @0 condition:(parenthesized_expression (ERROR...
Here is a rough example of the patterns we want to recognize, and how we want to "re-interpret" them: # Redirection-based patterns The following patterns describe "code redirection" patterns, that...
We can't close just yet. Parts of this issue are done, but not all parts. What remains to be done: - Indirect calls of the form `call [__libc_start_main]`. This means...
This pass is currently disabled due to some issues where it spams in lots of instructions.