Wire - A Formal Intermediate Language for Binary Analysis
Download as PPTX, PDF1 like1,115 views
The document describes an intermediate representation (IR) for representing low-level machine code instructions. It defines the syntax and semantics for the IR, including instruction operations, register operands, memory addresses, and condition codes. It also provides examples of x86 assembly instructions translated to the defined IR format.
Wire - A Formal Intermediate Language for Binary Analysis
- 2. • • • • • • • • •
- 3. • – – • – – –
- 4. • • • •
- 5. i := 0 L1: if i >= 10 goto L2 • t0 := i*I – t1 := &b t2 := t1 + I *t2 := t0 • i := i + 1 – goto L1 L2: – • – – – • – –
- 6. • – – • – – – •
- 7. • • • – • •
- 8. Instructions m ::= *(r3) := r1 | r3 := (*r1) | r3 := r1 | r3 := n | r3 := uop r1 | r3 := r1 bop r2 Program p ::= pi|i | r3 := r1 bop n | mkbool r1 ucond Instruction i ::= m| m t | mkbool r1 bcond r2 | nop Type t ::= u8_t | halt | u16_t | label l | u32_t | jmp l | s8_t | ijmp r | s16_t | if r1 cond1 jmp l | s32_t | if r1 cond2 r2 jmp l | lcall s | cast(r1, t) Instructions I ::= ni | r3 := getpc() Heap H ::= nxn n | r3 := returnaddress() Memory M ::= nn | pusharg(n, r) Register R ::= rn | r3 := malloc(r) Labels L ::= l pc | free(r) AllocAMemory V ::= nxnn | r3 := alloca(r) Instructions: (maps instruction number to instruction) Operations uop ::= -|~|! Heap: (maps heap address and memory size to non bop ::= +,-,*,/,%,>>,<<,|,&,^ overlapping memory addresses) Conditions ucond ::= == 0|!= 0 Register: (maps register name to numeric value) bcond ::= ==|!= | >|>=|<|<= Memory: (maps address to numeric value) Operands v ::= n (an integer literal) Labels: (maps label to instruction address pc) r (a register) AllocAMemory: (maps alloca address and memory size l (a label) to non overlapping memory addresses) s (a symbol)
- 9. •
- 10. • • • • • • – – –
- 11. •
- 13. • • •
- 14. • • • add $50,%eax mov $0,%eax sub $50,%eax mov $0,%eax ASSIGNC $0,-,%eax BOPCADD %eax,$50,%eax BOPCSUB %eax,%50,%eax ASSIGNC $0,,%eax
- 15. • • •
- 17. • mov $2,%eax mov $1,%ebx mov $1,%ebx mov $2,%eax add %eax,%ebx add %eax,%ebx ASSIGNC $0x2,,%eax ASSIGNC $1,,%ebx BOPADD %ebx,%eax,%ebx ASSIGNC $0x1,-,%ebx ASSIGNC $2,-,%eax BOPADD %ebx,%eax,%ebx
- 19. • xor %eax,%eax xor %eax,%eax jnz $0x80482000 mov $2,%eax mov $2,%eax BOPXOR %eax,%eax,%eax UMKBOOLIsZero %eax,,%zf ASSIGNC $2,-,%eax BOPXOR %eax,%eax,%eax UMKBOOLIsZero %eax,,%zf UCJMPIsNotZero %zf,,$target ASSIGNC $2,-,%eax
- 21. • • •