def get_gadget_constraint(self):
address = self.get_input0() + self.get_param0()
in_mem_value = utils.z3_get_memory(self.get_mem_before(), address, self.arch.bits, self.arch)
out_mem_value = utils.z3_get_memory(self.get_mem_after(), address, self.arch.bits, self.arch)
store_constraint = z3.Not(out_mem_value == self.binop(in_mem_value, self.get_input1()))
antialias_constraint = self.get_antialias_constraint(address)
return store_constraint, antialias_constraint
def get_gadget_constraint(self):
address = self.get_input0() + self.get_param0()
in_mem_value = utils.z3_get_memory(self.get_mem_before(), address, self.arch.bits, self.arch)
out_mem_value = utils.z3_get_memory(self.get_mem_after(), address, self.arch.bits, self.arch)
store_constraint = z3.Not(out_mem_value == self.binop(in_mem_value, self.get_input1()))
antialias_constraint = self.get_antialias_constraint(address)
return store_constraint, antialias_constraint
def get_gadget_constraint(self):
load_mem_constraint = None
for i in range(len(self.outputs)):
mem_value = utils.z3_get_memory(self.get_mem_before(), self.get_input0() + self.get_param(i), self.arch.bits, self.arch)
new_constraint = z3.Not(self.get_output(i) == mem_value)
if load_mem_constraint == None:
load_mem_constraint = new_constraint
else:
load_mem_constraint = z3.Or(load_mem_constraint, new_constraint)
return load_mem_constraint, None
def get_gadget_constraint(self):
load_mem_constraint = None
for i in range(len(self.outputs)):
mem_value = utils.z3_get_memory(self.get_mem_before(), self.get_input0() + self.get_param(i), self.arch.bits, self.arch)
new_constraint = z3.Not(self.get_output(i) == mem_value)
if load_mem_constraint == None:
load_mem_constraint = new_constraint
else:
load_mem_constraint = z3.Or(load_mem_constraint, new_constraint)
return load_mem_constraint, None
def get_stack_ip_constraints(self):
sp_before = self.get_reg_before(self.arch.registers['sp'][0])
sp_after = self.get_reg_after(self.arch.registers['sp'][0])
constraint = z3.Not(sp_after == sp_before + self.stack_offset)
if self.ip_in_stack_offset != None:
new_ip_value = utils.z3_get_memory(self.get_mem_before(), sp_before + self.ip_in_stack_offset, self.arch.bits, self.arch)
ip_after = self.get_reg_after(self.arch.registers['ip'][0])
if self.arch.name in extra_archinfo.ALIGNED_ARCHS: # For some architectures, pyvex adds a constraint to ensure new IPs are aligned
new_ip_value = new_ip_value & ((2 ** self.arch.bits) - self.arch.instruction_alignment) # in order to properly validate, we must match that
constraint = z3.Or(constraint, z3.Not(ip_after == new_ip_value))
return constraint
def get_stack_ip_constraints(self):
sp_before = self.get_reg_before(self.arch.registers['sp'][0])
sp_after = self.get_reg_after(self.arch.registers['sp'][0])
constraint = z3.Not(sp_after == sp_before + self.stack_offset)
if self.ip_in_stack_offset != None:
new_ip_value = utils.z3_get_memory(self.get_mem_before(), sp_before + self.ip_in_stack_offset, self.arch.bits, self.arch)
ip_after = self.get_reg_after(self.arch.registers['ip'][0])
if self.arch.name in extra_archinfo.ALIGNED_ARCHS: # For some architectures, pyvex adds a constraint to ensure new IPs are aligned
new_ip_value = new_ip_value & ((2 ** self.arch.bits) - self.arch.instruction_alignment) # in order to properly validate, we must match that
constraint = z3.Or(constraint, z3.Not(ip_after == new_ip_value))
return constraint
def get_gadget_constraint(self): mem_value = utils.z3_get_memory(self.get_mem_before(), self.get_input0() + self.get_param0(), self.arch.bits, self.arch) return z3.Not(self.get_output0() == self.binop(mem_value, self.get_input1())), None
def get_gadget_constraint(self): mem_value = utils.z3_get_memory(self.get_mem_before(), self.get_input0() + self.get_param0(), self.arch.bits, self.arch) return z3.Not(self.get_output0() == self.binop(mem_value, self.get_input1())), None
def get_mem(self, address, size):
return utils.z3_get_memory(self.memory, address, size, self.arch)
def get_mem(self, address, size): return utils.z3_get_memory(self.memory, address, size, self.arch)
