-
Notifications
You must be signed in to change notification settings - Fork 54
/
tainthlp.cpp
96 lines (89 loc) · 2.26 KB
/
tainthlp.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
#include "tainthlp.hpp"
#include "utils.hpp"
int tainthlp::add_taint(uint32_t base, size_t len, size_t ref) {
if (len > 0) {
mem_taint.erase(base);
mem_taint.emplace(base, ref);
return add_taint(base + 1, len - 1, ref);
}
if (len == 0)
return 0;
else
return 1;
}
bool tainthlp::has_taint(uint32_t base, size_t len) {
std::map<uint32_t, size_t>::iterator it = mem_taint.lower_bound(base);
if (it->first < base + len)
return true;
else
return false;
}
size_t tainthlp::get_taint(uint32_t addr) {
std::map<uint32_t, size_t>::iterator it = mem_taint.find(addr);
if (it == mem_taint.end())
return 0;
else
return it->second;
}
int tainthlp::add_taint(x86_reg reg, size_t ref) {
reg_taint.erase(reg);
reg_taint.emplace(reg, ref);
switch (reg) {
case X86_REG_EAX:
return add_taint(X86_REG_AX, ref);
case X86_REG_EBX:
return add_taint(X86_REG_BX, ref);
case X86_REG_ECX:
return add_taint(X86_REG_CX, ref);
case X86_REG_EDX:
return add_taint(X86_REG_DX, ref);
case X86_REG_AX:
return add_taint(X86_REG_AH, ref) & add_taint(X86_REG_AL, ref);
case X86_REG_BX:
return add_taint(X86_REG_AH, ref) & add_taint(X86_REG_AL, ref);
case X86_REG_CX:
return add_taint(X86_REG_AH, ref) & add_taint(X86_REG_AL, ref);
case X86_REG_DX:
return add_taint(X86_REG_AH, ref) & add_taint(X86_REG_AL, ref);
case X86_REG_EBP:
return add_taint(X86_REG_BP, ref);
case X86_REG_BP:
return add_taint(X86_REG_BPL, ref);
case X86_REG_EDI:
return add_taint(X86_REG_DI, ref);
case X86_REG_DI:
return add_taint(X86_REG_DIL, ref);
case X86_REG_ESI:
return add_taint(X86_REG_SI, ref);
case X86_REG_SI:
return add_taint(X86_REG_SIL, ref);
case X86_REG_ESP:
return add_taint(X86_REG_SP, ref);
case X86_REG_SP:
return add_taint(X86_REG_SPL, ref);
case X86_REG_AH:
case X86_REG_AL:
case X86_REG_BH:
case X86_REG_BL:
case X86_REG_CH:
case X86_REG_CL:
case X86_REG_DH:
case X86_REG_DL:
case X86_REG_BPL:
case X86_REG_SPL:
case X86_REG_SIL:
case X86_REG_DIL:
return 0;
default:
return 1;
}
}
bool tainthlp::has_taint(x86_reg reg) {
return reg_taint.find(reg) != reg_taint.end();
}
size_t tainthlp::get_taint(x86_reg reg) {
auto it = reg_taint.find(reg);
if (it != reg_taint.end())
return it->second;
return 0;
}