def get_gadget_constraint(self): address = self.get_input0() + self.get_param0() in_mem_value = utils.z3_get_memory(self.get_mem_before(), address, self.arch.bits, self.arch) out_mem_value = utils.z3_get_memory(self.get_mem_after(), address, self.arch.bits, self.arch) store_constraint = z3.Not(out_mem_value == self.binop(in_mem_value, self.get_input1())) antialias_constraint = self.get_antialias_constraint(address) return store_constraint, antialias_constraint
def get_gadget_constraint(self): load_mem_constraint = None for i in range(len(self.outputs)): mem_value = utils.z3_get_memory(self.get_mem_before(), self.get_input0() + self.get_param(i), self.arch.bits, self.arch) new_constraint = z3.Not(self.get_output(i) == mem_value) if load_mem_constraint == None: load_mem_constraint = new_constraint else: load_mem_constraint = z3.Or(load_mem_constraint, new_constraint) return load_mem_constraint, None
def get_stack_ip_constraints(self): sp_before = self.get_reg_before(self.arch.registers['sp'][0]) sp_after = self.get_reg_after(self.arch.registers['sp'][0]) constraint = z3.Not(sp_after == sp_before + self.stack_offset) if self.ip_in_stack_offset != None: new_ip_value = utils.z3_get_memory(self.get_mem_before(), sp_before + self.ip_in_stack_offset, self.arch.bits, self.arch) ip_after = self.get_reg_after(self.arch.registers['ip'][0]) if self.arch.name in extra_archinfo.ALIGNED_ARCHS: # For some architectures, pyvex adds a constraint to ensure new IPs are aligned new_ip_value = new_ip_value & ((2 ** self.arch.bits) - self.arch.instruction_alignment) # in order to properly validate, we must match that constraint = z3.Or(constraint, z3.Not(ip_after == new_ip_value)) return constraint
def get_gadget_constraint(self): mem_value = utils.z3_get_memory(self.get_mem_before(), self.get_input0() + self.get_param0(), self.arch.bits, self.arch) return z3.Not(self.get_output0() == self.binop(mem_value, self.get_input1())), None
def get_mem(self, address, size): return utils.z3_get_memory(self.memory, address, size, self.arch)