gcc_pattern in smc LLVM IR

gcc_pattern.txt

================================================================================
Jmp to Data(Call Data..)
================================================================================
Pattern 1.  (PIE, NO-PIE 관계 없음)
gcc_m64_PIE_smc10.ll(해야할 것. 레지스터 분석을 해야함.)

(RBP에 저장)
%1 = load i64, i64* @RSP_2312_55bbbb4f90b8, align 8, !tbaa !1240
%2 = add i64 %1, -8
%4 = sub i64 %2, 32
%5 = inttoptr i64 %4 to i64*
store i64 7075083857039864136, i64* %5

(RBP으로 Jump)
%19 = load i64, i64* @RBP_2328_55bbbb4f90b8
%20 = sub i64 %19, 32
%24 = call %struct.Memory* @__remill_function_call(%struct.State* @__mcsema_reg_state, i64 %20, %struct.Memory* %18)

=====================================
Pattern 2. (PIE, NO-PIE 관계 없음, malloc 사용한 경우.) 
gcc_m64_PIE_smc11.ll

Feature.
2116 => _IO_stdin_used+0x4 임..

(RBP에 저장)
%13 = load i64, i64* @RBP_2328_558a76e561c8, align 8
%14 = add i64 %13, -16
%15 = inttoptr i64 %14 to i64*
store i64 2116, i64* %15, align 8

(RBP으로 점프)
%20 = load i64, i64* @RBP_2328_558a76e561c8, align 8
%21 = add i64 %20, -16
%22 = inttoptr i64 %21 to i64*
%23 = load i64, i64* %22, align 8
%27 = call %struct.Memory* @__remill_function_call(%struct.State* @__mcsema_reg_state, i64 %23, %struct.Memory* %19)

=====================================
Pattern 3. (PIE, NO-PIE 관계 없음. 전역변수 사용하는 경우.)
gcc_m64_smc12.ll

(Data 저장)
@code = dso_local global [8 x i8] c"\B8\01\00\00\00\CD\80\00", align 1

(Data로 점프)
call void (...) bitcast ([8 x i8]* @code to void (...)*)()

=====================================
Pattern 4.
gcc_m64_smc13.ll (pattern1 과 유사하지만.. 조금 다름.. 최적화의 차이.)

(RBP에 저장)
%12 = load i64, i64* bitcast (i8* @data_858 to i64*), align 8
store i64 %12, i64* %5, align 8

(RBP으로 점프)
%16 = load i64, i64* @RBP_2328_56553a1b01c8, align 8
%17 = add i64 %16, -16
store i64 %17, i64* @RIP_2472_56553a1b01c8, align 8, !tbaa !1216
%21 = call %struct.Memory* @__remill_function_call(%struct.State* @__mcsema_reg_state, i64 %17, %struct.Memory* %15)

================================================================================
Write Executable Memory
================================================================================
Pattern 5. (NO-PIE) (-> opt -o1 사용시 해당 smc 코드가 날라감. opt 사용하지 말것.)
gcc_m64_NO_PIE_smc14.ll

store i64 -8029759185026510704, i64* bitcast (i8* @data_40051c to i64*)


=====================================
Pattern 6. (NO-PIE)
gcc_m64_NO_PIE_smc15.ll

(RBP에 메모리값 저장)
%1 = load i64, i64* @RSP_2312_563f25f511d8, align 8, !tbaa !1240
%28 = add i64 %1, -16
%29 = inttoptr i64 %28 to i64*
store i64 ptrtoint (i8* @data_400527 to i64), i64* %29, align 8

%33 = load i64, i64* @RBP_2328_563f25f511d8, align 8
%34 = add i64 %33, -8
%35 = inttoptr i64 %34 to i64**
%36 = load i64*, i64** %35, align 8
store i64 -8029759185026510704, i64* %36, align 8

=====================================
Features. PIE나 NO-PIE나 상관없이 둘다 Constant 으로 리프팅되버림..

Pattern 7. (PIE)
gcc_m64_PIE_smc16.ll

(RBP에 저장)
%1 = load i64, i64* @RSP_2312_564d295651c8, align 8, !tbaa !1240
%28 = add i64 %1, -16
%29 = inttoptr i64 %28 to i64*
store i64 1663, i64* %29, align 8

(해당 메모리에 쓰기)
%33 = load i64, i64* @RBP_2328_564d295651c8, align 8
%34 = add i64 %33, -8
%35 = inttoptr i64 %34 to i64**
%36 = load i64*, i64** %35, align 8
store i64 -8029759185026510704, i64* %36, align 8

=====================================
Pattern 8. (PIE) 최적화 되면서... 이렇게 됨..
gcc_m64_PIE_smc20.ll

store i64 -8029759185026510704, i64* bitcast (i8* @data_673 to i64*), align 8

=====================================
Pattern 9. (PIE)
gcc_m64_PIE_smc21.ll


(RBP 에 저장)
%31 = load i64, i64* @RBP_2328_56412f5a61c8, align 8
%32 = add i64 %31, -8
%33 = inttoptr i64 %32 to i64*
store i64 1663, i64* %33, align 8

(값을 쓰기)
store i64 -8029759185026510704, i64* inttoptr (i64 1663 to i64*), align 8