Upcoming SlideShare
×

# Wire - A Formal Intermediate Language for Binary Analysis

1,116
-1

Published on

0 Likes
Statistics
Notes
• Full Name
Comment goes here.

Are you sure you want to Yes No
• Be the first to comment

• Be the first to like this

Views
Total Views
1,116
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
16
0
Likes
0
Embeds 0
No embeds

No notes for slide

### Wire - A Formal Intermediate Language for Binary Analysis

1. 1. •• • • •• • • •
2. 2. • – –• – – –
3. 3. ••••
4. 4. i := 0 L1: if i >= 10 goto L2• t0 := i*I – t1 := &b t2 := t1 + I *t2 := t0• i := i + 1 – goto L1 L2: –• – – –• – –
5. 5. • – –• – – –•
6. 6. ••• –••
7. 7. Instructions m ::= *(r3) := r1 | r3 := (*r1) | r3 := r1 | r3 := n | r3 := uop r1 | r3 := r1 bop r2Program p ::= pi|i | r3 := r1 bop n | mkbool r1 ucondInstruction i ::= m| m t | mkbool r1 bcond r2 | nopType t ::= u8_t | halt | u16_t | label l | u32_t | jmp l | s8_t | ijmp r | s16_t | if r1 cond1 jmp l | s32_t | if r1 cond2 r2 jmp l | lcall s | cast(r1, t)Instructions I ::= ni | r3 := getpc()Heap H ::= nxn  n | r3 := returnaddress()Memory M ::= nn | pusharg(n, r)Register R ::= rn | r3 := malloc(r)Labels L ::= l  pc | free(r)AllocAMemory V ::= nxnn | r3 := alloca(r)Instructions: (maps instruction number to instruction) Operations uop ::= -|~|!Heap: (maps heap address and memory size to non bop ::= +,-,*,/,%,>>,<<,|,&,^ overlapping memory addresses) Conditions ucond ::= == 0|!= 0Register: (maps register name to numeric value) bcond ::= ==|!= | >|>=|<|<=Memory: (maps address to numeric value) Operands v ::= n (an integer literal)Labels: (maps label to instruction address pc) r (a register)AllocAMemory: (maps alloca address and memory size l (a label) to non overlapping memory addresses) s (a symbol)
8. 8.
9. 9. •••••• – – –
10. 10.
11. 11. •••
12. 12. •••  add \$50,%eax mov \$0,%eax sub \$50,%eax mov \$0,%eax  ASSIGNC \$0,-,%eax BOPCADD %eax,\$50,%eax BOPCSUB %eax,%50,%eax ASSIGNC \$0,,%eax
13. 13. •••
14. 14. • mov \$2,%eax mov \$1,%ebx mov \$1,%ebx mov \$2,%eax add %eax,%ebx add %eax,%ebx ASSIGNC \$0x2,,%eax ASSIGNC \$1,,%ebx BOPADD %ebx,%eax,%ebx ASSIGNC \$0x1,-,%ebx ASSIGNC \$2,-,%eax BOPADD %ebx,%eax,%ebx
15. 15. • xor %eax,%eax xor %eax,%eax jnz \$0x80482000 mov \$2,%eax mov \$2,%eax BOPXOR %eax,%eax,%eax UMKBOOLIsZero %eax,,%zf ASSIGNC \$2,-,%eax BOPXOR %eax,%eax,%eax UMKBOOLIsZero %eax,,%zf UCJMPIsNotZero %zf,,\$target ASSIGNC \$2,-,%eax
16. 16. •••
1. #### A particular slide catching your eye?

Clipping is a handy way to collect important slides you want to go back to later.