Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

Analysis of instructions with symbolic operands

39 views
Skip to first unread message

Dave

unread,
Jul 18, 2024, 7:22:04 AM7/18/24
to S2E Developer Forum
Hi,

For a project I'm working on, I am attempting to follow symbolic values through the Linux kernel, and see what their effects are in certain places for the purpose of vulnerability analysis.

As a specific example, I for instance want to see whether some user input (that is marked as a symbolic value) or data that is dependent on this input reaches some MOV instruction in the kernel, and determine what this MOV instruction could do (e.g., what range of addresses could this instruction load data from).

Hence, I was wondering whether it is possible for me at all to reason about instructions in the guest at this level, by observing the instructions themselves and their operands from S2E in the host, and if there is existing code that can help me do this (and if not, what a good starting point for me would be to create it)?

Kind regards,

Dave

Vitaly Chipounov

unread,
Jul 20, 2024, 11:52:17 AM7/20/24
to s2e...@googlegroups.com
Hi,

You could try a few things:
- Use onTranslateRegisterAccessEnd [1] to instrument code that accesses specific registers.
- Use S2EExecutionState::disassemble if you need to look at the actual instruction.

Vitaly


--
You received this message because you are subscribed to the Google Groups "S2E Developer Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to s2e-dev+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/s2e-dev/4544a2c0-08c3-456d-b4fa-d49888ddcfccn%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages