Differenciate between tainting analysis and symbolic execution #4

0ca · 2016-08-30T22:24:10Z

The plugin could be use just to do tainting analysis and know which instructions of the program are tainted and this is different to make a symbolic execution analysis where all the formulas (from the tainted instructions) are being generated.

Tainting analysis should be quite more light than symbolic execution. So in some scenarios it could be useful to allow the user just to do tainting without symbolic.

0ca · 2016-08-31T22:26:05Z

I added two flags in globals.cpp:

#define ENABLE_TAINTING_ENGINE true
#define ENABLE_SYMBOLIC_ENGINE true

But when I disable the symbolic engine the tainting engine is not working. I reported this "bug" to triton:
JonathanSalwan/Triton#379

0ca · 2016-09-06T18:14:44Z

Jonathan fixed it:
JonathanSalwan/Triton#379

Now it is possible to disable the symbolic engine and do only taint analysis.

0ca mentioned this issue Aug 31, 2016

Add a new windows with the configuration #15

Closed

0ca pushed a commit that referenced this issue Aug 31, 2016

Implemented the differenction between symbolic and tainted analysis #4

7f0de4e

0ca closed this as completed Sep 6, 2016

0ca modified the milestone: v0.1 Sep 8, 2016

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Differenciate between tainting analysis and symbolic execution #4

Differenciate between tainting analysis and symbolic execution #4

0ca commented Aug 30, 2016

0ca commented Aug 31, 2016

0ca commented Sep 6, 2016

Differenciate between tainting analysis and symbolic execution #4

Differenciate between tainting analysis and symbolic execution #4

Comments

0ca commented Aug 30, 2016

0ca commented Aug 31, 2016

0ca commented Sep 6, 2016