|
From: Eric L. <ew...@an...> - 2006-06-06 22:17:20
|
Oh, I forgot to mention that I'm doing all this translation statically. So my program currently takes in the name of the executable that I want to examine, then does all the disassembly, translation, and analysis. It seems like the 6th and 7th arguments to LibVEX_Translate, guset_bytes_addr and guest_bytes_addr_noredir, have to do with where in the process's addr space the BB is loaded into? But my binary has no process because it's not running so what should I fill in for those? Thanks again, Eric > On Mon, 5 Jun 2006, Eric Li wrote: > >>> What are you really trying to achieve? >> >> I'm working on a research project that generates vulnerability >> signatures (signatures that let you detect exploits and all their >> polymorphic variations in a binary). The framework translates from BB to >> IR to GCL to WP(weakest preconditions) and we were hoping to replace our >> IR with the one in Valgrind because it's more mature. > > How do you go from BB to IR? Something must be identifying the BBs. > Couldn't you keep that and then pass its output to Vex? > > Nick > > > |