I recall @bunniestudios and @xobs did some RE by emulating, trapping hw reg accesses, and sending to real hw over debug port; obviously imperfect but interesting idea. Symbolic exec you propose seems mostly useful if you have snapshot of sram state and regs at func entry
-
-
-
I'm mostly thinking about things like "I'm looking at this packet processing function in disassembly and I'm only interested about packets X and Y of size Z", which is something I needed a few times
Kraj razgovora
Novi razgovor -
-
-
It's sadly not very usable, but my Pandemic framework had symexec, abstract interpretation, etc. and ran inside of IDA: https://github.com/RolfRolles/PandemicML … (These days I maintain a Python version, but it's not public, and only given to students of my SMT-based binary analysis training class)
-
It was/is plenty usable and was the vessel for my research in applying program analysis to binaries (see the "Program Analysis" heading on my research page: https://www.msreverseengineering.com/research )
- Još 3 druga odgovora
Novi razgovor -
-
-
In a non-verification setting, loops get really tough bc you need some way to "saturate" the symbolic state if a loop is difficult to analyze. Program verification tools (eg Dafny) get around this by requiring explicit loop invariants.
-
Interesting but under-appreciated point. Because the semantics of loops are least fixed-points, it is easy to over-approximate them ( any fixed-point will do ) but hard to under-approximate. This is one ( of two? ) reasons why abstract interpretation scales better than BMC/symex.
- Još 2 druga odgovora
Novi razgovor -
-
-
Wasn't that called Lisp?
- Još 2 druga odgovora
Novi razgovor -
-
-
ida had plugins for symbolic execution a long ass time ago, but it was pretty much only useful for determining reachability
-
presumably theres new ones that can actually do useful things
- Još 5 drugih odgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.