Examples with ReilFunction com.google.security.zynamics.reil.ReilFunction used on opensource projects

Search in sources :

Example 6 with ReilFunction

use of com.google.security.zynamics.reil.ReilFunction in project binnavi by google.

the class TestFollowZFIncomingBackwards method testRegisterTrackFlagDirectionUpMultiEdgeIn.

@Test
public void testRegisterTrackFlagDirectionUpMultiEdgeIn() {
    final MockInstruction startInstruction = new MockInstruction(Long.parseLong("4"), "jz", new ArrayList<MockOperandTree>());
    m_options = new RegisterTrackingOptions(true, new HashSet<String>(), true, AnalysisDirection.UP);
    final List<String> nop1 = new ArrayList<String>();
    nop1.add("100: nop [,,]");
    final List<String> nop2 = new ArrayList<String>();
    nop2.add("200: nop [,,]");
    final List<String> inst = new ArrayList<String>();
    inst.add("300: bisz [DWORD eax, EMPTY , BYTE ZF]");
    inst.add("400: jcc [BYTE ZF, EMPTY, DWORD 123456]");
    final List<List<String>> blocks = Lists.newArrayList();
    blocks.add(nop1);
    blocks.add(nop2);
    blocks.add(inst);
    final List<String> edgeStrings = new ArrayList<String>();
    edgeStrings.add("100 [JUMP_UNCONDITIONAL]-> 300");
    edgeStrings.add("200 [JUMP_UNCONDITIONAL]-> 300");
    generateReilGraph(blocks, edgeStrings);
    m_function = new ReilFunction("FOLLOWZF", m_graph1);
    final String trackedRegister = "ZF";
    final MonoReilSolverResult<RegisterSetLatticeElement> result = RegisterTracker.track(m_function, startInstruction, trackedRegister, m_options);
    final Map<IAddress, RegisterSetLatticeElement> resultMap = result.generateAddressToStateMapping(startInstruction, m_options.trackIncoming());
    for (final Entry<IAddress, RegisterSetLatticeElement> resultEntry : resultMap.entrySet()) {
        if (resultEntry.getKey().toLong() == Long.parseLong("100", 16)) {
            final RegisterSetLatticeElement jzElement = resultEntry.getValue();
            assertTrue(jzElement.getNewlyTaintedRegisters().isEmpty());
            assertTrue(jzElement.getReadRegisters().isEmpty());
            assertTrue(jzElement.getTaintedRegisters().contains("eax"));
            assertTrue(jzElement.getUntaintedRegisters().isEmpty());
            assertTrue(jzElement.getUpdatedRegisters().isEmpty());
        }
        if (resultEntry.getKey().toLong() == Long.parseLong("200", 16)) {
            final RegisterSetLatticeElement jzElement = resultEntry.getValue();
            assertTrue(jzElement.getNewlyTaintedRegisters().isEmpty());
            assertTrue(jzElement.getReadRegisters().isEmpty());
            assertTrue(jzElement.getTaintedRegisters().contains("eax"));
            assertTrue(jzElement.getUntaintedRegisters().isEmpty());
            assertTrue(jzElement.getUpdatedRegisters().isEmpty());
        }
        if (resultEntry.getKey().toLong() == Long.parseLong("300", 16)) {
            final RegisterSetLatticeElement jzElement = resultEntry.getValue();
            assertTrue(jzElement.getNewlyTaintedRegisters().contains("eax"));
            assertTrue(jzElement.getReadRegisters().contains("ZF"));
            assertTrue(jzElement.getTaintedRegisters().contains("eax"));
            assertTrue(jzElement.getUntaintedRegisters().contains("ZF"));
            assertTrue(jzElement.getUpdatedRegisters().isEmpty());
        }
        if (resultEntry.getKey().toLong() == Long.parseLong("400", 16)) {
            final RegisterSetLatticeElement jzElement = resultEntry.getValue();
            assertTrue(jzElement.getNewlyTaintedRegisters().contains("ZF"));
            assertTrue(jzElement.getReadRegisters().isEmpty());
            assertTrue(jzElement.getTaintedRegisters().contains("ZF"));
            assertTrue(jzElement.getUntaintedRegisters().isEmpty());
            assertTrue(jzElement.getUpdatedRegisters().isEmpty());
        }
    }
}
Also used : ReilFunction(com.google.security.zynamics.reil.ReilFunction) ArrayList(java.util.ArrayList) IAddress(com.google.security.zynamics.zylib.disassembly.IAddress) MockInstruction(com.google.security.zynamics.zylib.disassembly.MockInstruction) MockOperandTree(com.google.security.zynamics.zylib.disassembly.MockOperandTree) ArrayList(java.util.ArrayList) List(java.util.List) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 7 with ReilFunction

use of com.google.security.zynamics.reil.ReilFunction in project binnavi by google.

the class TestFollowZFIncomingBackwards method testTransformFollowZFinStream1.

@Test
public void testTransformFollowZFinStream1() {
    final MockOperandTree operandTreeFirst1 = new MockOperandTree();
    operandTreeFirst1.root = new MockOperandTreeNode(ExpressionType.SIZE_PREFIX, "dword");
    operandTreeFirst1.root.m_children.add(new MockOperandTreeNode(ExpressionType.IMMEDIATE_INTEGER, "16827245"));
    final List<MockOperandTree> operandsFirst = Lists.newArrayList(operandTreeFirst1);
    conditionalJumpInstruction1 = new MockInstruction(Long.parseLong("100C32F", 16), "jz", operandsFirst);
    m_options = new RegisterTrackingOptions(true, new HashSet<String>(), true, AnalysisDirection.UP);
    final List<String> instructionStrings1 = new ArrayList<String>();
    // cmp
    instructionStrings1.add("0000000100C32C00: add [DWORD 12, DWORD ebp, QWORD t0]");
    instructionStrings1.add("0000000100C32C01: and [QWORD t0, DWORD 4294967295, DWORD t1]");
    instructionStrings1.add("0000000100C32C02: ldm [DWORD t1, EMPTY , BYTE t2]");
    instructionStrings1.add("0000000100C32C03: and [DWORD ebx, BYTE 255, BYTE t4]");
    instructionStrings1.add("0000000100C32C04: and [BYTE t2, BYTE 128, BYTE t5]");
    instructionStrings1.add("0000000100C32C05: and [BYTE t4, BYTE 128, BYTE t6]");
    instructionStrings1.add("0000000100C32C06: sub [BYTE t2, BYTE t4, WORD t7]");
    instructionStrings1.add("0000000100C32C07: and [WORD t7, WORD 128, BYTE t8]");
    instructionStrings1.add("0000000100C32C08: bsh [BYTE t8, BYTE -7, BYTE SF]");
    instructionStrings1.add("0000000100C32C09: xor [BYTE t5, BYTE t6, BYTE t9]");
    instructionStrings1.add("0000000100C32C0A: xor [BYTE t5, BYTE t8, BYTE t10]");
    instructionStrings1.add("0000000100C32C0B: and [BYTE t9, BYTE t10, BYTE t11]");
    instructionStrings1.add("0000000100C32C0C: bsh [BYTE t11, BYTE -7, BYTE OF]");
    instructionStrings1.add("0000000100C32C0D: and [WORD t7, WORD 256, WORD t12]");
    instructionStrings1.add("0000000100C32C0E: bsh [WORD t12, WORD -8, BYTE CF]");
    instructionStrings1.add("0000000100C32C0F: and [WORD t7, WORD 255, BYTE t13]");
    instructionStrings1.add("0000000100C32C10: bisz [BYTE t13, EMPTY , BYTE ZF]");
    // jz
    instructionStrings1.add("0000000100C32F00: jcc [BYTE ZF, EMPTY , DWORD 16827245]");
    final List<List<String>> reilBlocks = new ArrayList<List<String>>();
    reilBlocks.add(instructionStrings1);
    generateReilGraph(reilBlocks, new ArrayList<String>());
    m_function = new ReilFunction("FOLLOWZF", m_graph1);
    final String trackedRegister = "ZF";
    final MonoReilSolverResult<RegisterSetLatticeElement> result = RegisterTracker.track(m_function, conditionalJumpInstruction1, trackedRegister, m_options);
    final Map<IAddress, RegisterSetLatticeElement> resultMap = result.generateAddressToStateMapping(conditionalJumpInstruction1, m_options.trackIncoming());
    System.out.println(m_graph1.toString());
    for (final Entry<IAddress, RegisterSetLatticeElement> resultEntry : resultMap.entrySet()) {
        if (resultEntry.getKey().toLong() == Long.parseLong("0000000100C32F00", 16)) {
            final RegisterSetLatticeElement jzElement = resultEntry.getValue();
            assertTrue(jzElement.getNewlyTaintedRegisters().contains("ZF"));
            assertTrue(jzElement.getReadRegisters().isEmpty());
            assertTrue(jzElement.getTaintedRegisters().contains("ZF"));
            assertTrue(jzElement.getUntaintedRegisters().isEmpty());
            assertTrue(jzElement.getUpdatedRegisters().isEmpty());
        }
        if (resultEntry.getKey().toLong() == Long.parseLong("0000000100C32C00", 16)) {
            final RegisterSetLatticeElement cmpElement = resultEntry.getValue();
            assertTrue(cmpElement.getNewlyTaintedRegisters().contains("ebx"));
            assertTrue(cmpElement.getReadRegisters().contains("ZF"));
            assertTrue(cmpElement.getTaintedRegisters().contains("ebx"));
            assertTrue(cmpElement.getUntaintedRegisters().contains("ZF"));
            assertTrue(cmpElement.getUpdatedRegisters().isEmpty());
        }
    }
}
Also used : MockOperandTreeNode(com.google.security.zynamics.zylib.disassembly.MockOperandTreeNode) ReilFunction(com.google.security.zynamics.reil.ReilFunction) ArrayList(java.util.ArrayList) IAddress(com.google.security.zynamics.zylib.disassembly.IAddress) MockInstruction(com.google.security.zynamics.zylib.disassembly.MockInstruction) MockOperandTree(com.google.security.zynamics.zylib.disassembly.MockOperandTree) ArrayList(java.util.ArrayList) List(java.util.List) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 8 with ReilFunction

use of com.google.security.zynamics.reil.ReilFunction in project binnavi by google.

the class TestFollowZFIncomingBackwards method testFollowESIInStream.

@Test
public void testFollowESIInStream() {
    final MockOperandTree operandTreeFirst = new MockOperandTree();
    operandTreeFirst.root = new MockOperandTreeNode(ExpressionType.SIZE_PREFIX, "dword");
    operandTreeFirst.root.m_children.add(new MockOperandTreeNode(ExpressionType.REGISTER, "esi"));
    final MockOperandTree operandTreeSecond = new MockOperandTree();
    operandTreeSecond.root = new MockOperandTreeNode(ExpressionType.SIZE_PREFIX, "dword");
    operandTreeSecond.root.m_children.add(new MockOperandTreeNode(ExpressionType.MEMDEREF, "["));
    operandTreeSecond.root.m_children.get(0).m_children.add(new MockOperandTreeNode(ExpressionType.OPERATOR, "+"));
    operandTreeSecond.root.m_children.get(0).m_children.get(0).m_children.add(new MockOperandTreeNode(ExpressionType.REGISTER, "esp"));
    operandTreeSecond.root.m_children.get(0).m_children.get(0).m_children.add(new MockOperandTreeNode(ExpressionType.IMMEDIATE_INTEGER, "16"));
    final List<MockOperandTree> operandsFirst = Lists.newArrayList(operandTreeFirst, operandTreeSecond);
    addInstruction = new MockInstruction(Long.parseLong("58AEE4CE", 16), "add", operandsFirst);
    m_options = new RegisterTrackingOptions(true, new HashSet<String>(), false, AnalysisDirection.DOWN);
    final List<String> instructionStrings1 = new ArrayList<String>();
    instructionStrings1.add("00000058AEE4C100: jcc [BYTE 1, EMPTY , DWORD 1487856843]");
    final List<String> instructionStrings2 = new ArrayList<String>();
    instructionStrings2.add("00000058AEE4CB00: add [DWORD 16, DWORD esi, QWORD t0]");
    instructionStrings2.add("00000058AEE4CB01: and [QWORD t0, DWORD 4294967295, DWORD t1]");
    instructionStrings2.add("00000058AEE4CB02: ldm [DWORD t1, EMPTY , DWORD t2]");
    instructionStrings2.add("00000058AEE4CB03: str [DWORD t2, EMPTY , DWORD esi]");
    instructionStrings2.add("00000058AEE4CE00: add [DWORD 16, DWORD esp, QWORD t0]");
    instructionStrings2.add("00000058AEE4CE01: and [QWORD t0, DWORD 4294967295, DWORD t1]");
    instructionStrings2.add("00000058AEE4CE02: ldm [DWORD t1, EMPTY , DWORD t2]");
    instructionStrings2.add("00000058AEE4CE03: and [DWORD t2, DWORD 2147483648, DWORD t3]");
    instructionStrings2.add("00000058AEE4CE04: and [DWORD esi, DWORD 2147483648, DWORD t4]");
    instructionStrings2.add("00000058AEE4CE05: add [DWORD t2, DWORD esi, QWORD t5]");
    instructionStrings2.add("00000058AEE4CE06: and [QWORD t5, QWORD 2147483648, DWORD t6]");
    instructionStrings2.add("00000058AEE4CE07: bsh [DWORD t6, DWORD -31, BYTE SF]");
    instructionStrings2.add("00000058AEE4CE08: xor [DWORD t3, DWORD t4, DWORD t7]");
    instructionStrings2.add("00000058AEE4CE09: xor [DWORD t7, DWORD 2147483648, DWORD t8]");
    instructionStrings2.add("00000058AEE4CE0A: xor [DWORD t3, DWORD t6, DWORD t9]");
    instructionStrings2.add("00000058AEE4CE0B: and [DWORD t8, DWORD t9, DWORD t10]");
    instructionStrings2.add("00000058AEE4CE0C: bsh [DWORD t10, DWORD -31, DWORD OF]");
    instructionStrings2.add("00000058AEE4CE0D: and [QWORD t5, QWORD 4294967296, QWORD t11]");
    instructionStrings2.add("00000058AEE4CE0E: bsh [QWORD t11, QWORD -32, BYTE CF]");
    instructionStrings2.add("00000058AEE4CE0F: and [QWORD t5, QWORD 4294967295, DWORD t12]");
    instructionStrings2.add("00000058AEE4CE10: bisz [DWORD t12, EMPTY , BYTE ZF]");
    instructionStrings2.add("00000058AEE4CE11: str [DWORD t12, EMPTY , DWORD esi]");
    instructionStrings2.add("00000058AEE4D200: and [DWORD ebx, DWORD 2147483648, DWORD t0]");
    instructionStrings2.add("00000058AEE4D201: and [DWORD eax, DWORD 2147483648, DWORD t1]");
    instructionStrings2.add("00000058AEE4D202: add [DWORD ebx, DWORD eax, QWORD t2]");
    instructionStrings2.add("00000058AEE4D203: and [QWORD t2, QWORD 2147483648, DWORD t3]");
    instructionStrings2.add("00000058AEE4D204: bsh [DWORD t3, DWORD -31, BYTE SF]");
    instructionStrings2.add("00000058AEE4D205: xor [DWORD t0, DWORD t1, DWORD t4]");
    instructionStrings2.add("00000058AEE4D206: xor [DWORD t4, DWORD 2147483648, DWORD t5]");
    instructionStrings2.add("00000058AEE4D207: xor [DWORD t0, DWORD t3, DWORD t6]");
    instructionStrings2.add("00000058AEE4D208: and [DWORD t5, DWORD t6, DWORD t7]");
    instructionStrings2.add("00000058AEE4D209: bsh [DWORD t7, DWORD -31, DWORD OF]");
    instructionStrings2.add("00000058AEE4D20A: and [QWORD t2, QWORD 4294967296, QWORD t8]");
    instructionStrings2.add("00000058AEE4D20B: bsh [QWORD t8, QWORD -32, BYTE CF]");
    instructionStrings2.add("00000058AEE4D20C: and [QWORD t2, QWORD 4294967295, DWORD t9]");
    instructionStrings2.add("00000058AEE4D20D: bisz [DWORD t9, EMPTY , BYTE ZF]");
    instructionStrings2.add("00000058AEE4D20E: str [DWORD t9, EMPTY , DWORD eax]");
    instructionStrings2.add("00000058AEE4D400: sub [DWORD esp, DWORD 4, QWORD t0]");
    instructionStrings2.add("00000058AEE4D401: and [QWORD t0, DWORD 4294967295, DWORD esp]");
    instructionStrings2.add("00000058AEE4D402: stm [DWORD eax, EMPTY , DWORD esp]");
    instructionStrings2.add("00000058AEE4D500: sub [DWORD esp, DWORD 4, QWORD t0]");
    instructionStrings2.add("00000058AEE4D501: and [QWORD t0, DWORD 4294967295, DWORD esp]");
    instructionStrings2.add("00000058AEE4D502: stm [DWORD ebx, EMPTY , DWORD esp]");
    instructionStrings2.add("00000058AEE4D600: sub [DWORD esp, DWORD 4, QWORD t0]");
    instructionStrings2.add("00000058AEE4D601: and [QWORD t0, DWORD 4294967295, DWORD esp]");
    instructionStrings2.add("00000058AEE4D602: stm [DWORD 1487856859, EMPTY , DWORD esp]");
    instructionStrings2.add("00000058AEE4D603: jcc [DWORD 1, EMPTY , DWORD 1487855744]");
    final List<String> instructionStrings3 = Lists.newArrayList();
    instructionStrings3.add("00000058AEE08000: and [DWORD esp, DWORD 2147483648, DWORD t0]");
    instructionStrings3.add("00000058AEE08001: and [DWORD 136, DWORD 2147483648, DWORD t1]");
    instructionStrings3.add("00000058AEE08002: sub [DWORD esp, DWORD 136, QWORD t2]");
    instructionStrings3.add("00000058AEE08003: and [QWORD t2, QWORD 2147483648, DWORD t3]");
    instructionStrings3.add("00000058AEE08004: bsh [DWORD t3, DWORD -31, BYTE SF]");
    instructionStrings3.add("00000058AEE08005: xor [DWORD t0, DWORD t1, DWORD t4]");
    instructionStrings3.add("00000058AEE08006: xor [DWORD t0, DWORD t3, DWORD t5]");
    instructionStrings3.add("00000058AEE08007: and [DWORD t4, DWORD t5, DWORD t6]");
    instructionStrings3.add("00000058AEE08008: bsh [DWORD t6, DWORD -31, BYTE OF]");
    instructionStrings3.add("00000058AEE08009: and [QWORD t2, QWORD 4294967296, QWORD t7]");
    instructionStrings3.add("00000058AEE0800A: bsh [QWORD t7, QWORD -32, BYTE CF]");
    instructionStrings3.add("00000058AEE0800B: and [QWORD t2, QWORD 4294967295, DWORD t8]");
    instructionStrings3.add("00000058AEE0800C: bisz [DWORD t8, EMPTY , BYTE ZF]");
    instructionStrings3.add("00000058AEE0800D: str [DWORD t8, EMPTY , DWORD esp]");
    instructionStrings3.add("00000058AEE08600: ldm [DWORD 1488871424, EMPTY , DWORD t0]");
    instructionStrings3.add("00000058AEE08601: str [DWORD t0, EMPTY , DWORD eax]");
    instructionStrings3.add("00000058AEE08B00: xor [DWORD esp, DWORD eax, DWORD t0]");
    instructionStrings3.add("00000058AEE08B01: and [DWORD t0, DWORD 2147483648, DWORD t1]");
    instructionStrings3.add("00000058AEE08B02: bsh [DWORD t1, DWORD -31, BYTE SF]");
    instructionStrings3.add("00000058AEE08B03: bisz [DWORD t0, EMPTY , BYTE ZF]");
    instructionStrings3.add("00000058AEE08B04: str [BYTE 0, EMPTY , BYTE CF]");
    instructionStrings3.add("00000058AEE08B05: str [BYTE 0, EMPTY , BYTE OF]");
    instructionStrings3.add("00000058AEE08B06: str [DWORD t0, EMPTY , DWORD eax]");
    instructionStrings3.add("00000058AEE08D00: add [DWORD 132, DWORD esp, QWORD t0]");
    instructionStrings3.add("00000058AEE08D01: and [QWORD t0, DWORD 4294967295, DWORD t1]");
    instructionStrings3.add("00000058AEE08D02: stm [DWORD eax, EMPTY , DWORD t1]");
    instructionStrings3.add("00000058AEE09400: sub [DWORD esp, DWORD 4, QWORD t0]");
    instructionStrings3.add("00000058AEE09401: and [QWORD t0, DWORD 4294967295, DWORD esp]");
    instructionStrings3.add("00000058AEE09402: stm [DWORD ebx, EMPTY , DWORD esp]");
    instructionStrings3.add("00000058AEE09500: add [DWORD 144, DWORD esp, QWORD t0]");
    instructionStrings3.add("00000058AEE09501: and [QWORD t0, DWORD 4294967295, DWORD t1]");
    instructionStrings3.add("00000058AEE09502: ldm [DWORD t1, EMPTY , DWORD t2]");
    instructionStrings3.add("00000058AEE09503: str [DWORD t2, EMPTY , DWORD ebx]");
    instructionStrings3.add("00000058AEE09C00: sub [DWORD esp, DWORD 4, QWORD t0]");
    instructionStrings3.add("00000058AEE09C01: and [QWORD t0, DWORD 4294967295, DWORD esp]");
    instructionStrings3.add("00000058AEE09C02: stm [DWORD 129, EMPTY , DWORD esp]");
    instructionStrings3.add("00000058AEE0A100: add [DWORD 8, DWORD esp, QWORD t0]");
    instructionStrings3.add("00000058AEE0A101: and [QWORD t0, DWORD 4294967295, DWORD t1]");
    instructionStrings3.add("00000058AEE0A102: str [DWORD t1, EMPTY , DWORD eax]");
    instructionStrings3.add("00000058AEE0A500: sub [DWORD esp, DWORD 4, QWORD t0]");
    instructionStrings3.add("00000058AEE0A501: and [QWORD t0, DWORD 4294967295, DWORD esp]");
    instructionStrings3.add("00000058AEE0A502: stm [DWORD 0, EMPTY , DWORD esp]");
    instructionStrings3.add("00000058AEE0A700: sub [DWORD esp, DWORD 4, QWORD t0]");
    instructionStrings3.add("00000058AEE0A701: and [QWORD t0, DWORD 4294967295, DWORD esp]");
    instructionStrings3.add("00000058AEE0A702: stm [DWORD eax, EMPTY , DWORD esp]");
    instructionStrings3.add("00000058AEE0A800: sub [DWORD esp, DWORD 4, QWORD t0]");
    instructionStrings3.add("00000058AEE0A801: and [QWORD t0, DWORD 4294967295, DWORD esp]");
    instructionStrings3.add("00000058AEE0A802: stm [DWORD 1487855789, EMPTY , DWORD esp]");
    instructionStrings3.add("00000058AEE0A803: jcc [DWORD 1, EMPTY , DWORD 1488406128]");
    instructionStrings3.add("00000058AEE0AD00: add [DWORD 32, DWORD ebx, QWORD t0]");
    instructionStrings3.add("00000058AEE0AD01: and [QWORD t0, DWORD 4294967295, DWORD t1]");
    instructionStrings3.add("00000058AEE0AD02: ldm [DWORD t1, EMPTY , DWORD t2]");
    instructionStrings3.add("00000058AEE0AD03: str [DWORD t2, EMPTY , DWORD ecx]");
    instructionStrings3.add("00000058AEE0B000: sub [DWORD esp, DWORD 4, QWORD t0]");
    instructionStrings3.add("00000058AEE0B001: and [QWORD t0, DWORD 4294967295, DWORD esp]");
    instructionStrings3.add("00000058AEE0B002: stm [DWORD 1, EMPTY , DWORD esp]");
    instructionStrings3.add("00000058AEE0B200: sub [DWORD esp, DWORD 4, QWORD t0]");
    instructionStrings3.add("00000058AEE0B201: and [QWORD t0, DWORD 4294967295, DWORD esp]");
    instructionStrings3.add("00000058AEE0B202: stm [DWORD 0, EMPTY , DWORD esp]");
    instructionStrings3.add("00000058AEE0B400: sub [DWORD esp, DWORD 4, QWORD t0]");
    instructionStrings3.add("00000058AEE0B401: and [QWORD t0, DWORD 4294967295, DWORD esp]");
    instructionStrings3.add("00000058AEE0B402: stm [DWORD 15, EMPTY , DWORD esp]");
    instructionStrings3.add("00000058AEE0B600: sub [DWORD esp, DWORD 4, QWORD t0]");
    instructionStrings3.add("00000058AEE0B601: and [QWORD t0, DWORD 4294967295, DWORD esp]");
    instructionStrings3.add("00000058AEE0B602: stm [DWORD 128, EMPTY , DWORD esp]");
    instructionStrings3.add("00000058AEE0BB00: sub [DWORD esp, DWORD 4, QWORD t0]");
    instructionStrings3.add("00000058AEE0BB01: and [QWORD t0, DWORD 4294967295, DWORD esp]");
    instructionStrings3.add("00000058AEE0BB02: stm [DWORD ecx, EMPTY , DWORD esp]");
    instructionStrings3.add("00000058AEE0BC00: add [DWORD 36, DWORD esp, QWORD t0]");
    instructionStrings3.add("00000058AEE0BC01: and [QWORD t0, DWORD 4294967295, DWORD t1]");
    instructionStrings3.add("00000058AEE0BC02: str [DWORD t1, EMPTY , DWORD edx]");
    instructionStrings3.add("00000058AEE0C000: sub [DWORD esp, DWORD 4, QWORD t0]");
    instructionStrings3.add("00000058AEE0C001: and [QWORD t0, DWORD 4294967295, DWORD esp]");
    instructionStrings3.add("00000058AEE0C002: stm [DWORD edx, EMPTY , DWORD esp]");
    instructionStrings3.add("00000058AEE0C100: sub [DWORD esp, DWORD 4, QWORD t0]");
    instructionStrings3.add("00000058AEE0C101: and [QWORD t0, DWORD 4294967295, DWORD esp]");
    instructionStrings3.add("00000058AEE0C102: stm [DWORD edi, EMPTY , DWORD esp]");
    instructionStrings3.add("00000058AEE0C200: sub [DWORD esp, DWORD 4, QWORD t0]");
    instructionStrings3.add("00000058AEE0C201: and [QWORD t0, DWORD 4294967295, DWORD esp]");
    instructionStrings3.add("00000058AEE0C202: stm [DWORD 1487855815, EMPTY , DWORD esp]");
    instructionStrings3.add("00000058AEE0C203: jcc [DWORD 1, EMPTY , DWORD 1487799776]");
    instructionStrings3.add("00000058AEE0C700: add [DWORD 44, DWORD esp, QWORD t0]");
    instructionStrings3.add("00000058AEE0C701: and [QWORD t0, DWORD 4294967295, DWORD t1]");
    instructionStrings3.add("00000058AEE0C702: str [DWORD t1, EMPTY , DWORD eax]");
    instructionStrings3.add("00000058AEE0CB00: sub [DWORD esp, DWORD 4, QWORD t0]");
    instructionStrings3.add("00000058AEE0CB01: and [QWORD t0, DWORD 4294967295, DWORD esp]");
    instructionStrings3.add("00000058AEE0CB02: stm [DWORD eax, EMPTY , DWORD esp]");
    instructionStrings3.add("00000058AEE0CC00: str [DWORD 129, EMPTY , DWORD edx]");
    instructionStrings3.add("00000058AEE0D100: sub [DWORD esp, DWORD 4, QWORD t0]");
    instructionStrings3.add("00000058AEE0D101: and [QWORD t0, DWORD 4294967295, DWORD esp]");
    instructionStrings3.add("00000058AEE0D102: stm [DWORD 1487855830, EMPTY , DWORD esp]");
    instructionStrings3.add("00000058AEE0D103: jcc [DWORD 1, EMPTY , DWORD 1487663360]");
    instructionStrings3.add("00000058AEE0D600: sub [DWORD esp, DWORD 4, QWORD t0]");
    instructionStrings3.add("00000058AEE0D601: and [QWORD t0, DWORD 4294967295, DWORD esp]");
    instructionStrings3.add("00000058AEE0D602: stm [DWORD 1, EMPTY , DWORD esp]");
    instructionStrings3.add("00000058AEE0D800: sub [DWORD esp, DWORD 4, QWORD t0]");
    instructionStrings3.add("00000058AEE0D801: and [QWORD t0, DWORD 4294967295, DWORD esp]");
    instructionStrings3.add("00000058AEE0D802: stm [DWORD 0, EMPTY , DWORD esp]");
    instructionStrings3.add("00000058AEE0DA00: sub [DWORD esp, DWORD 4, QWORD t0]");
    instructionStrings3.add("00000058AEE0DA01: and [QWORD t0, DWORD 4294967295, DWORD esp]");
    instructionStrings3.add("00000058AEE0DA02: stm [DWORD 15, EMPTY , DWORD esp]");
    instructionStrings3.add("00000058AEE0DC00: add [DWORD 4, DWORD esi, QWORD t0]");
    instructionStrings3.add("00000058AEE0DC01: and [QWORD t0, DWORD 4294967295, DWORD t1]");
    instructionStrings3.add("00000058AEE0DC02: stm [DWORD eax, EMPTY , DWORD t1]");
    instructionStrings3.add("00000058AEE0DF00: add [DWORD 8, DWORD ebx, QWORD t0]");
    instructionStrings3.add("00000058AEE0DF01: and [QWORD t0, DWORD 4294967295, DWORD t1]");
    instructionStrings3.add("00000058AEE0DF02: ldm [DWORD t1, EMPTY , DWORD t2]");
    instructionStrings3.add("00000058AEE0DF03: str [DWORD t2, EMPTY , DWORD ecx]");
    instructionStrings3.add("00000058AEE0E200: sub [DWORD esp, DWORD 4, QWORD t0]");
    instructionStrings3.add("00000058AEE0E201: and [QWORD t0, DWORD 4294967295, DWORD esp]");
    instructionStrings3.add("00000058AEE0E202: stm [DWORD 16, EMPTY , DWORD esp]");
    instructionStrings3.add("00000058AEE0E400: sub [DWORD esp, DWORD 4, QWORD t0]");
    instructionStrings3.add("00000058AEE0E401: and [QWORD t0, DWORD 4294967295, DWORD esp]");
    instructionStrings3.add("00000058AEE0E402: stm [DWORD ecx, EMPTY , DWORD esp]");
    instructionStrings3.add("00000058AEE0E500: add [DWORD 8, DWORD esi, QWORD t0]");
    instructionStrings3.add("00000058AEE0E501: and [QWORD t0, DWORD 4294967295, DWORD t1]");
    instructionStrings3.add("00000058AEE0E502: str [DWORD t1, EMPTY , DWORD edx]");
    instructionStrings3.add("00000058AEE0E800: sub [DWORD esp, DWORD 4, QWORD t0]");
    instructionStrings3.add("00000058AEE0E801: and [QWORD t0, DWORD 4294967295, DWORD esp]");
    instructionStrings3.add("00000058AEE0E802: stm [DWORD edx, EMPTY , DWORD esp]");
    instructionStrings3.add("00000058AEE0E900: sub [DWORD esp, DWORD 4, QWORD t0]");
    instructionStrings3.add("00000058AEE0E901: and [QWORD t0, DWORD 4294967295, DWORD esp]");
    instructionStrings3.add("00000058AEE0E902: stm [DWORD edi, EMPTY , DWORD esp]");
    instructionStrings3.add("00000058AEE0EA00: sub [DWORD esp, DWORD 4, QWORD t0]");
    instructionStrings3.add("00000058AEE0EA01: and [QWORD t0, DWORD 4294967295, DWORD esp]");
    instructionStrings3.add("00000058AEE0EA02: stm [DWORD 1487855855, EMPTY , DWORD esp]");
    instructionStrings3.add("00000058AEE0EA03: jcc [DWORD 1, EMPTY , DWORD 1487799776]");
    instructionStrings3.add("00000058AEE0EF00: add [DWORD 208, DWORD esp, QWORD t0]");
    instructionStrings3.add("00000058AEE0EF01: and [QWORD t0, DWORD 4294967295, DWORD t1]");
    instructionStrings3.add("00000058AEE0EF02: ldm [DWORD t1, EMPTY , DWORD t2]");
    instructionStrings3.add("00000058AEE0EF03: str [DWORD t2, EMPTY , DWORD ecx]");
    instructionStrings3.add("00000058AEE0F600: add [DWORD 220, DWORD esp, QWORD t0]");
    instructionStrings3.add("00000058AEE0F601: and [QWORD t0, DWORD 4294967295, DWORD t1]");
    instructionStrings3.add("00000058AEE0F602: ldm [DWORD t1, EMPTY , DWORD t2]");
    instructionStrings3.add("00000058AEE0F603: str [DWORD t2, EMPTY , DWORD eax]");
    instructionStrings3.add("00000058AEE0FD00: and [DWORD 72, DWORD 2147483648, DWORD t0]");
    instructionStrings3.add("00000058AEE0FD01: and [DWORD esp, DWORD 2147483648, DWORD t1]");
    instructionStrings3.add("00000058AEE0FD02: add [DWORD 72, DWORD esp, QWORD t2]");
    instructionStrings3.add("00000058AEE0FD03: and [QWORD t2, QWORD 2147483648, DWORD t3]");
    instructionStrings3.add("00000058AEE0FD04: bsh [DWORD t3, DWORD -31, BYTE SF]");
    instructionStrings3.add("00000058AEE0FD05: xor [DWORD t0, DWORD t1, DWORD t4]");
    instructionStrings3.add("00000058AEE0FD06: xor [DWORD t4, DWORD 2147483648, DWORD t5]");
    instructionStrings3.add("00000058AEE0FD07: xor [DWORD t0, DWORD t3, DWORD t6]");
    instructionStrings3.add("00000058AEE0FD08: and [DWORD t5, DWORD t6, DWORD t7]");
    instructionStrings3.add("00000058AEE0FD09: bsh [DWORD t7, DWORD -31, DWORD OF]");
    instructionStrings3.add("00000058AEE0FD0A: and [QWORD t2, QWORD 4294967296, QWORD t8]");
    instructionStrings3.add("00000058AEE0FD0B: bsh [QWORD t8, QWORD -32, BYTE CF]");
    instructionStrings3.add("00000058AEE0FD0C: and [QWORD t2, QWORD 4294967295, DWORD t9]");
    instructionStrings3.add("00000058AEE0FD0D: bisz [DWORD t9, EMPTY , BYTE ZF]");
    instructionStrings3.add("00000058AEE0FD0E: str [DWORD t9, EMPTY , DWORD esp]");
    instructionStrings3.add("00000058AEE10000: ldm [DWORD esp, EMPTY , DWORD t0]");
    instructionStrings3.add("00000058AEE10001: add [DWORD esp, DWORD 4, QWORD t1]");
    instructionStrings3.add("00000058AEE10002: and [QWORD t1, DWORD 4294967295, DWORD esp]");
    instructionStrings3.add("00000058AEE10003: str [DWORD t0, EMPTY , DWORD ebx]");
    instructionStrings3.add("00000058AEE10100: xor [DWORD esp, DWORD ecx, DWORD t0]");
    instructionStrings3.add("00000058AEE10101: and [DWORD t0, DWORD 2147483648, DWORD t1]");
    instructionStrings3.add("00000058AEE10102: bsh [DWORD t1, DWORD -31, BYTE SF]");
    instructionStrings3.add("00000058AEE10103: bisz [DWORD t0, EMPTY , BYTE ZF]");
    instructionStrings3.add("00000058AEE10104: str [BYTE 0, EMPTY , BYTE CF]");
    instructionStrings3.add("00000058AEE10105: str [BYTE 0, EMPTY , BYTE OF]");
    instructionStrings3.add("00000058AEE10106: str [DWORD t0, EMPTY , DWORD ecx]");
    instructionStrings3.add("00000058AEE10300: stm [DWORD eax, EMPTY , DWORD esi]");
    instructionStrings3.add("00000058AEE10500: sub [DWORD esp, DWORD 4, QWORD t0]");
    instructionStrings3.add("00000058AEE10501: and [QWORD t0, DWORD 4294967295, DWORD esp]");
    instructionStrings3.add("00000058AEE10502: stm [DWORD 1487855882, EMPTY , DWORD esp]");
    instructionStrings3.add("00000058AEE10503: jcc [DWORD 1, EMPTY , DWORD 1488401218]");
    instructionStrings3.add("00000058AEE10A00: and [DWORD 136, DWORD 2147483648, DWORD t0]");
    instructionStrings3.add("00000058AEE10A01: and [DWORD esp, DWORD 2147483648, DWORD t1]");
    instructionStrings3.add("00000058AEE10A02: add [DWORD 136, DWORD esp, QWORD t2]");
    instructionStrings3.add("00000058AEE10A03: and [QWORD t2, QWORD 2147483648, DWORD t3]");
    instructionStrings3.add("00000058AEE10A04: bsh [DWORD t3, DWORD -31, BYTE SF]");
    instructionStrings3.add("00000058AEE10A05: xor [DWORD t0, DWORD t1, DWORD t4]");
    instructionStrings3.add("00000058AEE10A06: xor [DWORD t4, DWORD 2147483648, DWORD t5]");
    instructionStrings3.add("00000058AEE10A07: xor [DWORD t0, DWORD t3, DWORD t6]");
    instructionStrings3.add("00000058AEE10A08: and [DWORD t5, DWORD t6, DWORD t7]");
    instructionStrings3.add("00000058AEE10A09: bsh [DWORD t7, DWORD -31, DWORD OF]");
    instructionStrings3.add("00000058AEE10A0A: and [QWORD t2, QWORD 4294967296, QWORD t8]");
    instructionStrings3.add("00000058AEE10A0B: bsh [QWORD t8, QWORD -32, BYTE CF]");
    instructionStrings3.add("00000058AEE10A0C: and [QWORD t2, QWORD 4294967295, DWORD t9]");
    instructionStrings3.add("00000058AEE10A0D: bisz [DWORD t9, EMPTY , BYTE ZF]");
    instructionStrings3.add("00000058AEE10A0E: str [DWORD t9, EMPTY , DWORD esp]");
    instructionStrings3.add("00000058AEE11000: ldm [DWORD esp, EMPTY , DWORD t0]");
    instructionStrings3.add("00000058AEE11001: add [DWORD esp, DWORD 4, QWORD t1]");
    instructionStrings3.add("00000058AEE11002: and [QWORD t1, QWORD 4294967295, DWORD esp]");
    instructionStrings3.add("00000058AEE11003: jcc [DWORD 1, EMPTY , DWORD t0]");
    final List<String> instructionStrings4 = Lists.newArrayList();
    instructionStrings4.add("00000058AEE4DB00: add [DWORD 24, DWORD esp, QWORD t0]");
    instructionStrings4.add("00000058AEE4DB01: and [QWORD t0, DWORD 4294967295, DWORD t1]");
    instructionStrings4.add("00000058AEE4DB02: ldm [DWORD t1, EMPTY , DWORD t2]");
    instructionStrings4.add("00000058AEE4DB03: and [DWORD 24, DWORD 2147483648, DWORD t3]");
    instructionStrings4.add("00000058AEE4DB04: and [DWORD t2, DWORD 2147483648, DWORD t4]");
    instructionStrings4.add("00000058AEE4DB05: add [DWORD 24, DWORD t2, QWORD t5]");
    instructionStrings4.add("00000058AEE4DB06: and [QWORD t5, QWORD 2147483648, DWORD t6]");
    instructionStrings4.add("00000058AEE4DB07: bsh [DWORD t6, DWORD -31, BYTE SF]");
    instructionStrings4.add("00000058AEE4DB08: xor [DWORD t3, DWORD t4, DWORD t7]");
    instructionStrings4.add("00000058AEE4DB09: xor [DWORD t7, DWORD 2147483648, DWORD t8]");
    instructionStrings4.add("00000058AEE4DB0A: xor [DWORD t3, DWORD t6, DWORD t9]");
    instructionStrings4.add("00000058AEE4DB0B: and [DWORD t8, DWORD t9, DWORD t10]");
    instructionStrings4.add("00000058AEE4DB0C: bsh [DWORD t10, DWORD -31, DWORD OF]");
    instructionStrings4.add("00000058AEE4DB0D: and [QWORD t5, QWORD 4294967296, QWORD t11]");
    instructionStrings4.add("00000058AEE4DB0E: bsh [QWORD t11, QWORD -32, BYTE CF]");
    instructionStrings4.add("00000058AEE4DB0F: and [QWORD t5, QWORD 4294967295, DWORD t12]");
    instructionStrings4.add("00000058AEE4DB10: bisz [DWORD t12, EMPTY , BYTE ZF]");
    instructionStrings4.add("00000058AEE4DB11: stm [DWORD t12, EMPTY , DWORD t1]");
    instructionStrings4.add("00000058AEE4E000: and [DWORD 8, DWORD 2147483648, DWORD t0]");
    instructionStrings4.add("00000058AEE4E001: and [DWORD esp, DWORD 2147483648, DWORD t1]");
    instructionStrings4.add("00000058AEE4E002: add [DWORD 8, DWORD esp, QWORD t2]");
    instructionStrings4.add("00000058AEE4E003: and [QWORD t2, QWORD 2147483648, DWORD t3]");
    instructionStrings4.add("00000058AEE4E004: bsh [DWORD t3, DWORD -31, BYTE SF]");
    instructionStrings4.add("00000058AEE4E005: xor [DWORD t0, DWORD t1, DWORD t4]");
    instructionStrings4.add("00000058AEE4E006: xor [DWORD t4, DWORD 2147483648, DWORD t5]");
    instructionStrings4.add("00000058AEE4E007: xor [DWORD t0, DWORD t3, DWORD t6]");
    instructionStrings4.add("00000058AEE4E008: and [DWORD t5, DWORD t6, DWORD t7]");
    instructionStrings4.add("00000058AEE4E009: bsh [DWORD t7, DWORD -31, DWORD OF]");
    instructionStrings4.add("00000058AEE4E00A: and [QWORD t2, QWORD 4294967296, QWORD t8]");
    instructionStrings4.add("00000058AEE4E00B: bsh [QWORD t8, QWORD -32, BYTE CF]");
    instructionStrings4.add("00000058AEE4E00C: and [QWORD t2, QWORD 4294967295, DWORD t9]");
    instructionStrings4.add("00000058AEE4E00D: bisz [DWORD t9, EMPTY , BYTE ZF]");
    instructionStrings4.add("00000058AEE4E00E: str [DWORD t9, EMPTY , DWORD esp]");
    instructionStrings4.add("00000058AEE4E300: and [DWORD 40, DWORD 2147483648, DWORD t0]");
    instructionStrings4.add("00000058AEE4E301: and [DWORD ebx, DWORD 2147483648, DWORD t1]");
    instructionStrings4.add("00000058AEE4E302: add [DWORD 40, DWORD ebx, QWORD t2]");
    instructionStrings4.add("00000058AEE4E303: and [QWORD t2, QWORD 2147483648, DWORD t3]");
    instructionStrings4.add("00000058AEE4E304: bsh [DWORD t3, DWORD -31, BYTE SF]");
    instructionStrings4.add("00000058AEE4E305: xor [DWORD t0, DWORD t1, DWORD t4]");
    instructionStrings4.add("00000058AEE4E306: xor [DWORD t4, DWORD 2147483648, DWORD t5]");
    instructionStrings4.add("00000058AEE4E307: xor [DWORD t0, DWORD t3, DWORD t6]");
    instructionStrings4.add("00000058AEE4E308: and [DWORD t5, DWORD t6, DWORD t7]");
    instructionStrings4.add("00000058AEE4E309: bsh [DWORD t7, DWORD -31, DWORD OF]");
    instructionStrings4.add("00000058AEE4E30A: and [QWORD t2, QWORD 4294967296, QWORD t8]");
    instructionStrings4.add("00000058AEE4E30B: bsh [QWORD t8, QWORD -32, BYTE CF]");
    instructionStrings4.add("00000058AEE4E30C: and [QWORD t2, QWORD 4294967295, DWORD t9]");
    instructionStrings4.add("00000058AEE4E30D: bisz [DWORD t9, EMPTY , BYTE ZF]");
    instructionStrings4.add("00000058AEE4E30E: str [DWORD t9, EMPTY , DWORD ebx]");
    instructionStrings4.add("00000058AEE4E600: add [DWORD 20, DWORD esp, QWORD t0]");
    instructionStrings4.add("00000058AEE4E601: and [QWORD t0, DWORD 4294967295, DWORD t1]");
    instructionStrings4.add("00000058AEE4E602: ldm [DWORD t1, EMPTY , DWORD t2]");
    instructionStrings4.add("00000058AEE4E603: and [DWORD t2, DWORD 2147483648, DWORD t3]");
    instructionStrings4.add("00000058AEE4E604: and [DWORD 1, DWORD 2147483648, DWORD t4]");
    instructionStrings4.add("00000058AEE4E605: sub [DWORD t2, DWORD 1, QWORD t5]");
    instructionStrings4.add("00000058AEE4E606: and [QWORD t5, QWORD 2147483648, DWORD t6]");
    instructionStrings4.add("00000058AEE4E607: bsh [DWORD t6, DWORD -31, BYTE SF]");
    instructionStrings4.add("00000058AEE4E608: xor [DWORD t3, DWORD t4, DWORD t7]");
    instructionStrings4.add("00000058AEE4E609: xor [DWORD t3, DWORD t6, DWORD t8]");
    instructionStrings4.add("00000058AEE4E60A: and [DWORD t7, DWORD t8, DWORD t9]");
    instructionStrings4.add("00000058AEE4E60B: bsh [DWORD t9, DWORD -31, BYTE OF]");
    instructionStrings4.add("00000058AEE4E60C: and [QWORD t5, QWORD 4294967296, QWORD t10]");
    instructionStrings4.add("00000058AEE4E60D: bsh [QWORD t10, QWORD -32, BYTE CF]");
    instructionStrings4.add("00000058AEE4E60E: and [QWORD t5, QWORD 4294967295, DWORD t11]");
    instructionStrings4.add("00000058AEE4E60F: bisz [DWORD t11, EMPTY , BYTE ZF]");
    instructionStrings4.add("00000058AEE4E610: stm [DWORD t11, EMPTY , DWORD t1]");
    instructionStrings4.add("00000058AEE4EB00: bisz [BYTE ZF, EMPTY , BYTE t0]");
    instructionStrings4.add("00000058AEE4EB01: jcc [BYTE t0, EMPTY , DWORD 1487856835]");
    final List<String> instructionStrings5 = Lists.newArrayList();
    instructionStrings5.add("00000058AEE4C300: add [DWORD 28, DWORD esp, QWORD t0]");
    instructionStrings5.add("00000058AEE4C301: and [QWORD t0, DWORD 4294967295, DWORD t1]");
    instructionStrings5.add("00000058AEE4C302: ldm [DWORD t1, EMPTY , DWORD t2]");
    instructionStrings5.add("00000058AEE4C303: str [DWORD t2, EMPTY , DWORD eax]");
    instructionStrings5.add("00000058AEE4C700: add [DWORD 32, DWORD esp, QWORD t0]");
    instructionStrings5.add("00000058AEE4C701: and [QWORD t0, DWORD 4294967295, DWORD t1]");
    instructionStrings5.add("00000058AEE4C702: ldm [DWORD t1, EMPTY , DWORD t2]");
    instructionStrings5.add("00000058AEE4C703: str [DWORD t2, EMPTY , DWORD esi]");
    final List<String> instructionStrings6 = Lists.newArrayList();
    instructionStrings6.add("00000058AEE4ED00: sub [DWORD esp, DWORD 4, QWORD t0]");
    instructionStrings6.add("00000058AEE4ED01: and [QWORD t0, DWORD 4294967295, DWORD esp]");
    final List<List<String>> reilBlocks = new ArrayList<List<String>>();
    reilBlocks.add(instructionStrings1);
    reilBlocks.add(instructionStrings2);
    reilBlocks.add(instructionStrings3);
    reilBlocks.add(instructionStrings4);
    reilBlocks.add(instructionStrings5);
    reilBlocks.add(instructionStrings6);
    final List<String> edgeStrings = new ArrayList<String>();
    edgeStrings.add("00000058AEE4C100 [JUMP_UNCONDITIONAL]-> 00000058AEE4CB00");
    edgeStrings.add("00000058AEE4CB00 [ENTER_INLINED_FUNCTION]-> 00000058AEE08000");
    edgeStrings.add("00000058AEE08000 [LEAVE_INLINED_FUNCTION]-> 00000058AEE4DB00");
    edgeStrings.add("00000058AEE4DB00 [JUMP_CONDITIONAL_TRUE]-> 00000058AEE4C300");
    edgeStrings.add("00000058AEE4DB00 [JUMP_CONDITIONAL_FALSE]-> 00000058AEE4ED00");
    edgeStrings.add("00000058AEE4C300 [JUMP_UNCONDITIONAL_LOOP]-> 00000058AEE4CB00");
    generateReilGraph(reilBlocks, edgeStrings);
    m_function = new ReilFunction("FOLLOWESI", m_graph1);
    final String trackedRegister = "esi";
    final MonoReilSolverResult<RegisterSetLatticeElement> result = RegisterTracker.track(m_function, addInstruction, trackedRegister, m_options);
    final Map<IAddress, RegisterSetLatticeElement> resultMap = result.generateAddressToStateMapping(addInstruction, m_options.trackIncoming());
    System.out.println(m_graph1.toString());
    for (final Entry<IAddress, RegisterSetLatticeElement> resultEntry : resultMap.entrySet()) {
        System.out.println(" KEY: " + resultEntry.getKey() + " VALUE: " + resultEntry.getValue().toString());
        if (resultEntry.getKey().toLong() == Long.parseLong("0000058AEE4CE00", 16)) {
            final RegisterSetLatticeElement jzElement = resultEntry.getValue();
            assertTrue(jzElement.getTaintedRegisters().contains("esi"));
        }
    }
}
Also used : MockOperandTreeNode(com.google.security.zynamics.zylib.disassembly.MockOperandTreeNode) ReilFunction(com.google.security.zynamics.reil.ReilFunction) ArrayList(java.util.ArrayList) IAddress(com.google.security.zynamics.zylib.disassembly.IAddress) MockInstruction(com.google.security.zynamics.zylib.disassembly.MockInstruction) MockOperandTree(com.google.security.zynamics.zylib.disassembly.MockOperandTree) ArrayList(java.util.ArrayList) List(java.util.List) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 9 with ReilFunction

use of com.google.security.zynamics.reil.ReilFunction in project binnavi by google.

the class ReilTranslatorTest method testInlinedFunctionGeneration.

@Test
public void testInlinedFunctionGeneration() throws InternalTranslationException {
    final MockBlockContainer container = new MockBlockContainer();
    final MockCodeContainer block1 = new MockCodeContainer();
    block1.m_instructions.add(createMov(0x1000, "eax", "1"));
    final MockCodeContainer block2 = new MockCodeContainer();
    block2.m_instructions.add(createMov(0x1200, "ebx", "eax"));
    final MockCodeContainer block3 = new MockCodeContainer();
    block3.m_instructions.add(createMov(0x1001, "ecx", "ebx"));
    container.m_blocks.add(block1);
    container.m_blocks.add(block2);
    container.m_blocks.add(block3);
    container.m_edges.add(new MockCodeEdge<MockCodeContainer>(block1, block2, EdgeType.ENTER_INLINED_FUNCTION));
    container.m_edges.add(new MockCodeEdge<MockCodeContainer>(block2, block3, EdgeType.LEAVE_INLINED_FUNCTION));
    final ReilFunction function = m_translator.translate(new StandardEnvironment(), container);
    System.out.println(function.getGraph().getNodes());
    System.out.println(function.getGraph().getEdges());
    assertEquals(3, function.getGraph().getNodes().size());
    assertEquals(2, function.getGraph().getEdges().size());
    final MonoReilSolverResult<RegisterSetLatticeElement> result = RegisterTracker.track(function, Iterables.getFirst(block1.getInstructions(), null), "eax", new RegisterTrackingOptions(true, new HashSet<String>(), true, AnalysisDirection.DOWN));
    System.out.println(result);
}
Also used : MockCodeContainer(com.google.security.zynamics.zylib.disassembly.MockCodeContainer) RegisterTrackingOptions(com.google.security.zynamics.reil.algorithms.mono2.registertracking.RegisterTrackingOptions) RegisterSetLatticeElement(com.google.security.zynamics.reil.algorithms.mono2.registertracking.RegisterSetLatticeElement) MockBlockContainer(com.google.security.zynamics.zylib.disassembly.MockBlockContainer) ReilFunction(com.google.security.zynamics.reil.ReilFunction) StandardEnvironment(com.google.security.zynamics.reil.translators.StandardEnvironment) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 10 with ReilFunction

use of com.google.security.zynamics.reil.ReilFunction in project binnavi by google.

the class ReilTranslatorTest method testInlinedFunctionGeneration2.

@Test
public void testInlinedFunctionGeneration2() throws InternalTranslationException {
    final MockBlockContainer container = new MockBlockContainer();
    final MockCodeContainer block1 = new MockCodeContainer();
    block1.m_instructions.add(createPush(0x1000, "eax"));
    block1.m_instructions.add(createMov(0x1001, "edx", "3"));
    block1.m_instructions.add(createCall(0x1002));
    final MockCodeContainer block2 = new MockCodeContainer();
    block2.m_instructions.add(createPush(0x2500, "ebx"));
    final MockCodeContainer block3 = new MockCodeContainer();
    block3.m_instructions.add(createPush(0x1003, "ecx"));
    container.m_blocks.add(block1);
    container.m_blocks.add(block2);
    container.m_blocks.add(block3);
    final MockCodeEdge<MockCodeContainer> edge1 = new MockCodeEdge<MockCodeContainer>(block1, block2, EdgeType.ENTER_INLINED_FUNCTION);
    final MockCodeEdge<MockCodeContainer> edge2 = new MockCodeEdge<MockCodeContainer>(block2, block3, EdgeType.LEAVE_INLINED_FUNCTION);
    block1.m_outgoingEdges.add(edge1);
    container.m_edges.add(edge1);
    container.m_edges.add(edge2);
    final ReilFunction function = m_translator.translate(new StandardEnvironment(), container);
    System.out.println(function.getGraph().getEdges());
    assertEquals(3, function.getGraph().getNodes().size());
    assertEquals(2, function.getGraph().getEdges().size());
    final MonoReilSolverResult<RegisterSetLatticeElement> result = RegisterTracker.track(function, Iterables.get(block1.getInstructions(), 0), "esp", new RegisterTrackingOptions(true, new HashSet<String>(), true, AnalysisDirection.DOWN));
    System.out.println(result);
}
Also used : MockCodeContainer(com.google.security.zynamics.zylib.disassembly.MockCodeContainer) MockCodeEdge(com.google.security.zynamics.zylib.disassembly.MockCodeEdge) RegisterTrackingOptions(com.google.security.zynamics.reil.algorithms.mono2.registertracking.RegisterTrackingOptions) RegisterSetLatticeElement(com.google.security.zynamics.reil.algorithms.mono2.registertracking.RegisterSetLatticeElement) MockBlockContainer(com.google.security.zynamics.zylib.disassembly.MockBlockContainer) ReilFunction(com.google.security.zynamics.reil.ReilFunction) StandardEnvironment(com.google.security.zynamics.reil.translators.StandardEnvironment) HashSet(java.util.HashSet) Test(org.junit.Test)

Aggregations

ReilFunction (com.google.security.zynamics.reil.ReilFunction)12 Test (org.junit.Test)9 IAddress (com.google.security.zynamics.zylib.disassembly.IAddress)6 HashSet (java.util.HashSet)6 MockInstruction (com.google.security.zynamics.zylib.disassembly.MockInstruction)5 MockOperandTree (com.google.security.zynamics.zylib.disassembly.MockOperandTree)5 ArrayList (java.util.ArrayList)5 List (java.util.List)5 ReilInstruction (com.google.security.zynamics.reil.ReilInstruction)4 MockOperandTreeNode (com.google.security.zynamics.zylib.disassembly.MockOperandTreeNode)4 ReilBlock (com.google.security.zynamics.reil.ReilBlock)3 ReilEdge (com.google.security.zynamics.reil.ReilEdge)3 ReilGraph (com.google.security.zynamics.reil.ReilGraph)3 InstructionGraphNode (com.google.security.zynamics.reil.algorithms.mono.InstructionGraphNode)3 ValueTrackerElement (com.google.security.zynamics.reil.algorithms.mono.valuetracking.ValueTrackerElement)3 StandardEnvironment (com.google.security.zynamics.reil.translators.StandardEnvironment)3 MockCodeContainer (com.google.security.zynamics.zylib.disassembly.MockCodeContainer)3 INaviInstruction (com.google.security.zynamics.binnavi.disassembly.INaviInstruction)2 INaviView (com.google.security.zynamics.binnavi.disassembly.views.INaviView)2 RegisterSetLatticeElement (com.google.security.zynamics.reil.algorithms.mono2.registertracking.RegisterSetLatticeElement)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial