Skip to content

Problem with code lifting in Zeek (Preprocessing) #65

Description

@orange017

I encountered a problem lifting code using pyvex. A function often returns a IRSB block for which the size field is zero (usually when lifting the last bytes in the base block). This causes a loop, and the function timeouts.

def extract_vex_blocks(bytes_, arch, opt_level=2, start_addr=0x400000):
    off = 0
    addr = start_addr
    blocks = []
    block_bytes = []

    while off < len(bytes_):
        irsb = pyvex.lift(
            bytes_[off:], addr, arch_to_pyvex_arch_map[arch], opt_level=opt_level)
        if irsb.size == 0: # possible solution to the problem
           break
        blocks.append(irsb)
        block_bytes.append(bytes_[off:off + irsb.size])
        addr += irsb.size
        off += irsb.size

    return blocks, block_bytes

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions