Question: Step 1 : finding our sinks: memcpy _ refs = [ ( ref . function, ref.address ) for ref in bv . get _ code

Step

1

: finding our sinks:

memcpy

_

refs

= [

(

ref

.

function, ref.address

)

for ref in bv

.

get

_

code

_

refs

(

.

symbols

['_

memcpy'

] .

address

)

]

dangerous

_

calls

= []

for function, addr in memcpy

_

refs:

call

_

instr

=

function.get

_

low

_

level

_

_

(

addr

) .

medium

_

level

_

if check

_

memcpy

(

call

_

instr.ssa

_

form

)

dangerous

_

calls.append

((

addr

,

call

_

instr.address

))

Step

2

: Eliminate sinks that we know aren

t vulnerable

def check

_

memcpy

(

memcpy

_

call

)

size

_

param

=

memcpy

_

call.params

[2]

if size

_

param.operation

! =

MediumLevelILOperation.MLIL

_

VAR

_

SSA:

return False

possible

_

sizes

=

size

_

param.possible

_

values

# Dataflow won't combine multiple possible values from

# shifted bytes, so any value we care about will be

# undetermined at this point. This might change in the future?

if possible

_

sizes.type

! =

RegisterValueType.UndeterminedValue:

return False

model

=

ByteSwapModeler

(

size

_

param, bv

.

address

_

size

)

return model.is

_

byte

_

swap

()

Step

3

: check variables the size depends on:

var

_

def

=

self.function.get

_

ssa

_

var

_

definition

(

self

.

var.src

)

# Visit statements that our variable directly depends on

self.to

_

visit.append

(

var

_

def

)

while self.to

_

visit:

idx

=

self.to

_

visit.pop

()

if idx is not None:

self.visit

(

self

.

function

[

idx

])

Step

4

: Identify variables that might be a part byte swap:

def visit

_

MLIL

_

VAR

_

SSA

(

self

,

expr

)

if expr.src not in self.visited:

var

_

def

=

expr.function.get

_

ssa

_

var

_

definition

(

expr

.

src

)

if var

_

def is not None:

self.to

_

visit.append

(

var

_

def

)

src

=

create

_

BitVec

(

expr

.

src

,

expr.size

)

value

_

range

=

identify

_

byte

(

expr

,

self.function

)

if value

_

range is not None:

self.solver.add

(

(

src

= = 0,

And

(

src

=

value

_

range.step

)

)

)

self.byte

_

vars.add

(

expr

.

src

)

return src

Step

5

: Identify constraints on the size parameter:

for i

,

branch in self.var.branch

_

dependence.iteritems

()

for vr in self.function

[

] .

vars

_

read:

if vr in self.byte

_

vars:

raise ModelIsConstrained

()

_

def

=

self.function.get

_

ssa

_

var

_

definition

(

)

if vr

_

def is None:

continue

for vr

_

vr in self.function

[

_

def

] .

vars

_

read:

if vr

_

vr in self.byte

_

vars:

raise ModelIsConstrained

Step

6

: Solve the model:

self.solver.add

(

Not

(

And

(

var

= =

ZeroExt

(

var.size

() -

len

(

ordering

) * 8,

Concat

(*

ordering

)

),

reverse

_

var

= =

ZeroExt

(

reverse

_

var.size

() -

reversed

_

ordering.size

(),

reversed

_

ordering

)

)

)

)

if self.solver.check

() = =

unsat:

return True

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer

Step: 1 Unlock blur-text-image

Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock

Step: 3 Unlock

Students Have Also Explored These Related Accounting Questions!

Step 1: Finding the present value of costs of three options NPV of option one = - $13,000,000. The number is negative because it is a cost. NPV of option two =...

please help solve this in excel file with formulas. TIA Problem: Your boss believes the company's power plant is producing too much air pollution on a typical island. Your boss gives you three...

please help present this into an excel file with formulas. TIA. Problem: Your boss believes the company's power plant is producing too much air pollution on a typical island. Your boss gives you...

Part 1. Calculate the Volume of One Drop of Solution Assume the density of water to be 1.00 g/mL. mass of 1 drop (g) 1L Volume of one drop = X 1.00 g/mL 1000 mL Part 2A. Calculate the Rate (The rate...

Below is a situation and its step-by-step procedure in solving problems involving the mean and variance of a discrete random variable, which is already answered for you. Your job is to check for...

Instructions: Use the formulas for compound interest and amortizations to help you answer the questions below. As you work through the problems, try to spot the patterns that emerge to help you...

QUESTIONS 3: Computing the Day of the Week [40] When calculating the day of the week for any given day in Gregorian calendar, several methods exists. The most common approach makes use of Doomsday...

Car Buying Final Project Once you purchase a vehicle, you will have to maintain it. You will also have to calculate approximately how much money you will spend on gas. You must research the average...

The question has 2 parts that needs to be solved (Step 1 and Step 2) as mentioned in the attached image. Its reference files are also attached as image with the same name as mentioned in the...

Car Buying Final Project You will need to get a loan from the bank so you can make payments on your automobile. To determine how much you will be paying in car payments for a month you will need to...

What is the GAAP definition of fair value? What is the fair value option?

Determine what the optimum capital structure is for Delta Airlines. You will use Hamada's Equation to recalculate the levered betas based on the weights that you choose. Where can I find or how do I...

Mention different types of debentures.

Can you elucidate the role of molecular chaperones and protein quality control systems in maintaining the integrity and homeostasis of the cytoplasm, particularly under conditions of cellular stress...