More Standard Definitions

[bannsec]

Hey,

Tried using this again today. I think i was playing around with this maybe a year or so ago. bin_descend still seg faults on me. get_cfg works, however cfg_to_bc gives the following error:

Could not find external function: __isoc99_scanf

I checked the standard defs file and it's not in there. That said, I also couldn't find any documentation on how to add to that file when need be. Unfortunately, so far I have not been able to have a single successful lifting to LLVM-IR with this tool.

[dguido]

The standard advice when mcsema fails with bin_descend is to try using it with IDA. Can you name the specific binary you're trying to recover?

[bannsec]

It was the donfos binary in the HackIM contest:

https://github.com/ctfs/write-ups-2016/raw/master/nullcon-hackim-2016/re/donfos-500/donfos_reversing

Any suggestion on how to add the isoc99_scanf into the std defs file?

[pgoodman]

I took a quickly googled for the prototypes of isoc99_scanf: http://www.ic.unicamp.br/~islene/2s2008-mo806/libc/stdio-common/isoc99_scanf.c and scanf: http://www.tutorialspoint.com/c_standard_library/c_function_scanf.htm and they are the same. We've also already got a different named version of the function here: https://github.com/trailofbits/mcsema/blob/master/mc-sema/std_defs/std_defs.txt#L774

My suggestion: copy that line, rename the function, and submit a commit / pull request ;-)

[bannsec]

Worked. Thanks!

[dguido]

Cool! I'll make sure that a ton of new standard definitions are added to the next big feature push.