Wire - A Formal Intermediate Language for Binary Analysis

1,478 views

Published on

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,478
On SlideShare
0
From Embeds
0
Number of Embeds
88
Actions
Shares
0
Downloads
20
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Wire - A Formal Intermediate Language for Binary Analysis

  1. 1. •• • • •• • • •
  2. 2. • – –• – – –
  3. 3. ••••
  4. 4. i := 0 L1: if i >= 10 goto L2• t0 := i*I – t1 := &b t2 := t1 + I *t2 := t0• i := i + 1 – goto L1 L2: –• – – –• – –
  5. 5. • – –• – – –•
  6. 6. ••• –••
  7. 7. Instructions m ::= *(r3) := r1 | r3 := (*r1) | r3 := r1 | r3 := n | r3 := uop r1 | r3 := r1 bop r2Program p ::= pi|i | r3 := r1 bop n | mkbool r1 ucondInstruction i ::= m| m t | mkbool r1 bcond r2 | nopType t ::= u8_t | halt | u16_t | label l | u32_t | jmp l | s8_t | ijmp r | s16_t | if r1 cond1 jmp l | s32_t | if r1 cond2 r2 jmp l | lcall s | cast(r1, t)Instructions I ::= ni | r3 := getpc()Heap H ::= nxn  n | r3 := returnaddress()Memory M ::= nn | pusharg(n, r)Register R ::= rn | r3 := malloc(r)Labels L ::= l  pc | free(r)AllocAMemory V ::= nxnn | r3 := alloca(r)Instructions: (maps instruction number to instruction) Operations uop ::= -|~|!Heap: (maps heap address and memory size to non bop ::= +,-,*,/,%,>>,<<,|,&,^ overlapping memory addresses) Conditions ucond ::= == 0|!= 0Register: (maps register name to numeric value) bcond ::= ==|!= | >|>=|<|<=Memory: (maps address to numeric value) Operands v ::= n (an integer literal)Labels: (maps label to instruction address pc) r (a register)AllocAMemory: (maps alloca address and memory size l (a label) to non overlapping memory addresses) s (a symbol)
  8. 8.
  9. 9. •••••• – – –
  10. 10.
  11. 11. •••
  12. 12. •••  add $50,%eax mov $0,%eax sub $50,%eax mov $0,%eax  ASSIGNC $0,-,%eax BOPCADD %eax,$50,%eax BOPCSUB %eax,%50,%eax ASSIGNC $0,,%eax
  13. 13. •••
  14. 14. • mov $2,%eax mov $1,%ebx mov $1,%ebx mov $2,%eax add %eax,%ebx add %eax,%ebx ASSIGNC $0x2,,%eax ASSIGNC $1,,%ebx BOPADD %ebx,%eax,%ebx ASSIGNC $0x1,-,%ebx ASSIGNC $2,-,%eax BOPADD %ebx,%eax,%ebx
  15. 15. • xor %eax,%eax xor %eax,%eax jnz $0x80482000 mov $2,%eax mov $2,%eax BOPXOR %eax,%eax,%eax UMKBOOLIsZero %eax,,%zf ASSIGNC $2,-,%eax BOPXOR %eax,%eax,%eax UMKBOOLIsZero %eax,,%zf UCJMPIsNotZero %zf,,$target ASSIGNC $2,-,%eax
  16. 16. •••

×