How to get the ground truth? #2
Comments
|
Hello, I'm not entirely sure I understand your question regarding counting
the functions.
Each desyncpoint symbol points to the first byte after a desynchronizing
branch instruction (i.e., the first junk byte in case of always-taken
branches, or the next valid instruction in case of never-taken branches).
The symbols have the format desyncpoint[HASH]_[index]_[size].
HASH is just a hash of the source file name, and index is a count of
inserted predicates in a given source file. These fields are just to ensure
unique symbol names. size denotes the number of inserted junk bytes (that
the branch jumps past). A size of 0 denotes a never-taken branch (i.e., the
branch jumps to some invalid offset and is protected by a predicate that is
never true).
Currently, the start of an inserted branch/predicate is not marked by
symbols in the binary, but it would be pretty straightforward to add this
if you would need it. (Emit another symbol before the call to
predicate.apply in apply_predicates_inner in desynchronizer.hpp).
Den sön 9 apr. 2023 kl 15:35 skrev peicwang ***@***.***>:
… Hi, first of all, thank you for providing this tool. During my use of your
tool, I encountered some questions. I am curious about the definition of
the ground truth for the obfuscated binary generated by your tool. I
noticed that after obfuscation, there are some entries in the symbol table,
such as “desyncpoint%”, are these entries included when counting the
functions? Also, how does the ground truth of the instructions change after
obfuscation?
—
Reply to this email directly, view it on GitHub
<#2>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ASMXDG73UZWES6GVVDXMNVLXAK3KZANCNFSM6AAAAAAWYD2VEA>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, first of all, thank you for providing this tool. During my use of your tool, I encountered some questions. I am curious about the definition of the ground truth for the obfuscated binary generated by your tool. I noticed that after obfuscation, there are some entries in the symbol table, such as “desyncpoint%”, are these entries included when counting the functions? Also, how does the ground truth of the instructions change after obfuscation?
The text was updated successfully, but these errors were encountered: