Reverse Engineering Asked by hexterisk on June 5, 2021
My aim is to taint the input and track it through every branch, that is, check if either of the operands to a cmp
is tainted, and if it is, get the value it is being compared to.
So far, my plan is to check every instruction’s disassembly and see if the string "cmp" exists. If it does, I’ll write a series of INS_OperandIsReg
, INS_OperandIsImmediate
and INS_OperandIsMemory
, and then check if the reg/memory is tainted. If it is, I’ll fetch the value.
Also, is there a way possible to only run this on the first cmp
instruction (apart from an extra counter maybe) ?
The issue is that this plan seems way too hack-ish and there must be some way to achieve what I’m aiming for in a much more formal way, something I’m missing in the documentation. Any suggestions or ideas would be appreciated.
Thank you.
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP