-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
control flow taint propagation #9
Comments
Sorry, I can't really understand, what are you asking for? |
Sorry, my English is poor. I have seen your paper "All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution". There are some sentences about my question in this paper: |
There is a control dependency in "0xb7ff5eb7 <+23>: mov eax,0x1 //control" in the strcmp instruction, because it depends on "0xb7ff5eac <+12>: jne 0xb7ff5eb7 <strcmp+23>" instruction. If the ZF flag is tainted in the "0xb7ff5eac <+12>: jne 0xb7ff5eb7 <strcmp+23>" instruction, the eax register should be tainted in "0xb7ff5eb7 <+23>: mov eax,0x1 //control" instruction. |
in gentrace.cpp:
so bap-pintraces does not log the control flow taint propagation.
then the code in strcmp function:
we can not log the taint instruction in the trace file, so we can not get the contrain.
The text was updated successfully, but these errors were encountered: