New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The value of BPatch_registerExpr(BPatch_register reg) #388
Comments
It should be the runtime value for that register. |
Thank you! @mxz297 How about the value of BPatch_dynamicTargetExpr() ?
|
dynamicTargetExpr is more portable across call sites if you want the target; prefer the closest match of abstractions to what you actually want when writing Dyninst snippets. |
Thank you for your explanation. @wrwilliams I want to do a simple CFI monitor. First, I need to get the legitimate call target before running the rewritten binary. Then I need to get the runtime call target and compare it with the legitimate one. As you explained, BPatch_registerExpr(RAX) and dynamicTargetExpr will both get the runtime value. Is there any way to get the legitimate call target? Thank you! |
You'd need some sort of static analysis to determine which functions are legal to call from each call site (or overapproximate and just require that calls go to legitimate function entry points). We don't currently perform a precise analysis and assume internally that any indirect call may target any function; this can clearly be improved on. |
Thank you @wrwilliams |
I create a snippet through these codes:
BPatch_snippet *registervalue = new BPatch_registerExpr(regs[0]);
Then, this snippet is inserted to the binary and I get a new rewritten binary. I will run the new binary and print the registervalue.
May I know the registervalue is a runtime value or it's just a static estimation?
The text was updated successfully, but these errors were encountered: