Skip to content

Instantly share code, notes, and snippets.

@dbwodlf3

dbwodlf3/remill-lift-9.0.example.md

Last active June 30, 2020 10:47
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save dbwodlf3/86bea6f68898f26f99642575cbc82a7a to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save dbwodlf3/86bea6f68898f26f99642575cbc82a7a to your computer and use it in GitHub Desktop.
Download ZIP
Raw
remill-lift-9.0.example.md 
section .data
hello_string db "Hello World!", 0x0d, 0x0a
hello_string_len equ $ - hello_string

section .text
global _start

_start:
	mov eax, 4 ; eax <- 4, syscall number (print) But, never execute.
	mov ebx, 1 ; ebx <- 1, syscall argument1 (stdout) But, never execute.
	mov ecx, hello_string ; ecx <- exit_string, syscall argument2 (string ptr) But, never execute.
	mov edx, hello_string_len ; edx <- exit_string_len, syscall argument3 (string len) But, never execute.
	int 0x80; ; syscall But, never execute.
	mov eax, 1 ; eax <- 1, syscall number (exit) But, never execute.
	mov ebx, 0 ; ebx <- 0, syscall argument1 (return value) But, never execute.
	int 0x80; syscall But, never execute.
remill-lift-9.0 --arch x86 --ir_out /dev/stdout \
--bytes B804000000BB01000000B9A4900408BA0E000000CD80B801000000BB00000000CD80
; ModuleID = 'lifted_code'
source_filename = "lifted_code"
target datalayout = "e-m:e-p:32:32-f64:32:64-f80:32-n8:16:32-S128"
target triple = "i386-pc-linux-gnu-elf"

%struct.State = type { %struct.ArchState, [32 x %union.VectorReg], %struct.ArithFlags, %union.anon, %struct.Segments, %struct.AddressSpace, %struct.GPR, %struct.X87Stack, %struct.MMX, %struct.FPUStatusFlags, %union.anon, %union.FPU, %struct.SegmentCaches }
%struct.ArchState = type { i32, i32, %union.anon }
%union.VectorReg = type { %union.vec512_t }
%union.vec512_t = type { %struct.uint64v8_t }
%struct.uint64v8_t = type { [8 x i64] }
%struct.ArithFlags = type { i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8 }
%struct.Segments = type { i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector, i16, %union.SegmentSelector }
%union.SegmentSelector = type { i16 }
%struct.AddressSpace = type { i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg }
%struct.Reg = type { %union.anon.1, i32 }
%union.anon.1 = type { i32 }
%struct.GPR = type { i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg, i64, %struct.Reg }
%struct.X87Stack = type { [8 x %struct.anon.3] }
%struct.anon.3 = type { i64, double }
%struct.MMX = type { [8 x %struct.anon.4] }
%struct.anon.4 = type { i64, %union.vec64_t }
%union.vec64_t = type { %struct.uint64v1_t }
%struct.uint64v1_t = type { [1 x i64] }
%struct.FPUStatusFlags = type { i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, i8, [4 x i8] }
%union.anon = type { i64 }
%union.FPU = type { %struct.anon.13 }
%struct.anon.13 = type { %struct.FpuFXSAVE, [96 x i8] }
%struct.FpuFXSAVE = type { %union.SegmentSelector, %union.SegmentSelector, %union.FPUAbridgedTagWord, i8, i16, i32, %union.SegmentSelector, i16, i32, %union.SegmentSelector, i16, %union.anon.1, %union.anon.1, [8 x %struct.FPUStackElem], [16 x %union.vec128_t] }
%union.FPUAbridgedTagWord = type { i8 }
%struct.FPUStackElem = type { %union.anon.11, [6 x i8] }
%union.anon.11 = type { %struct.float80_t }
%struct.float80_t = type { [10 x i8] }
%union.vec128_t = type { %struct.uint128v1_t }
%struct.uint128v1_t = type { [1 x i128] }
%struct.SegmentCaches = type { %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow, %struct.SegmentShadow }
%struct.SegmentShadow = type { %union.anon, i32, i32 }
%struct.Memory = type opaque

; Function Attrs: noinline nounwind
define dso_local %struct.Memory* @sub_0(%struct.State* noalias dereferenceable(3376), i32, %struct.Memory* noalias) local_unnamed_addr #0 {
  %4 = getelementptr inbounds %struct.State, %struct.State* %0, i32 0, i32 6, i32 1, i32 0, i32 0
  %5 = getelementptr inbounds %struct.State, %struct.State* %0, i32 0, i32 6, i32 3, i32 0, i32 0
  %6 = getelementptr inbounds %struct.State, %struct.State* %0, i32 0, i32 6, i32 5, i32 0, i32 0
  %7 = getelementptr inbounds %struct.State, %struct.State* %0, i32 0, i32 6, i32 7, i32 0, i32 0
  %8 = getelementptr inbounds %struct.State, %struct.State* %0, i32 0, i32 6, i32 33, i32 0, i32 0
  store i32 4, i32* %4, align 4, !tbaa !0
  store i32 1, i32* %5, align 4, !tbaa !0
  store i32 134516900, i32* %6, align 4, !tbaa !0
  store i32 14, i32* %7, align 4, !tbaa !0
  %9 = add i32 %1, 22
  store i32 %9, i32* %8, align 4
  %10 = getelementptr inbounds %struct.State, %struct.State* %0, i32 0, i32 0, i32 2
  %11 = bitcast %union.anon* %10 to i32*
  store i32 128, i32* %11, align 8, !tbaa !4
  %12 = getelementptr inbounds %struct.State, %struct.State* %0, i32 0, i32 0, i32 0
  store i32 4, i32* %12, align 16, !tbaa !5
  %13 = tail call %struct.Memory* @__remill_async_hyper_call(%struct.State* nonnull %0, i32 %9, %struct.Memory* %2)
  %14 = load i32, i32* %8, align 4
  %15 = icmp eq i32 %14, 22
  br i1 %15, label %18, label %16

16:                                               ; preds = %3
  %17 = tail call %struct.Memory* @__remill_missing_block(%struct.State* nonnull %0, i32 %14, %struct.Memory* %2)
  ret %struct.Memory* %17

18:                                               ; preds = %3
  store i32 1, i32* %4, align 4, !tbaa !0
  store i32 0, i32* %5, align 4, !tbaa !0
  store i32 34, i32* %8, align 4
  store i32 128, i32* %11, align 8, !tbaa !4
  store i32 4, i32* %12, align 16, !tbaa !5
  %19 = tail call %struct.Memory* @__remill_async_hyper_call(%struct.State* nonnull %0, i32 34, %struct.Memory* %2)
  %20 = load i32, i32* %8, align 4
  %21 = tail call %struct.Memory* @__remill_missing_block(%struct.State* nonnull %0, i32 %20, %struct.Memory* %2)
  ret %struct.Memory* %21
}

; Function Attrs: noduplicate noinline nounwind optnone
declare dso_local %struct.Memory* @__remill_async_hyper_call(%struct.State* dereferenceable(3376), i32, %struct.Memory*) #1

; Function Attrs: noduplicate noinline nounwind optnone
declare dso_local %struct.Memory* @__remill_missing_block(%struct.State* dereferenceable(3376), i32, %struct.Memory*) #1

attributes #0 = { noinline nounwind "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "min-legal-vector-width"="0" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" }
attributes #1 = { noduplicate noinline nounwind optnone "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "unsafe-fp-math"="false" "use-soft-float"="false" }

!0 = !{!1, !1, i64 0}
!1 = !{!"int", !2, i64 0}
!2 = !{!"omnipotent char", !3, i64 0}
!3 = !{!"Simple C++ TBAA"}
!4 = !{!2, !2, i64 0}
!5 = !{!6, !7, i64 0}
!6 = !{!"_ZTS9ArchState", !7, i64 0, !1, i64 4, !2, i64 8}
!7 = !{!"_ZTSN14AsyncHyperCall4NameE", !2, i64 0}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment