[asmprinter] Make assembly output more clear

Author: SanWieb

analyzer/asmprinter/asmprinter.py

@@ -38,11 +38,11 @@ def get_load_comments(expr: claripy.BV, secret_load_pc):
             if load_anno.address == secret_load_pc:
                 # We load the secret value
                 annotations[load_anno.address] = str(set(replace_secret_annotations_with_name(get_annotations(load_anno.read_address_ast), "Attacker")))
-                annotations[load_anno.address] += " > " + str(set(replace_secret_annotations_with_name(get_annotations(v), "Secret")))
+                annotations[load_anno.address] += " -> " + str(set(replace_secret_annotations_with_name(get_annotations(v), "Secret")))
             else:
                 # We load an attacker indirect value
                 annotations[load_anno.address] = str(set(replace_secret_annotations_with_name(get_annotations(load_anno.read_address_ast), "Attacker")))
-                annotations[load_anno.address] += " > " + str(set(replace_secret_annotations_with_name(get_annotations(v), "Attacker")))
+                annotations[load_anno.address] += " -> " + str(set(replace_secret_annotations_with_name(get_annotations(v), "Attacker")))
 
             annotations.update(get_load_comments(load_anno.read_address_ast, secret_load_pc))
 
@@ -62,14 +62,14 @@ def print_annotated_assembly(proj, bbls, branches, expr, pc, secret_load_pc, is_
     # Transmission
     if is_tfp:
         proj.kb.comments[pc] = str(set(replace_secret_annotations_with_name(get_annotations(expr), "Attacker")))
-        proj.kb.comments[pc] += " > " + "TAINTED FUNCTION POINTER"
+        proj.kb.comments[pc] += " -> " + "TAINTED FUNCTION POINTER"
     else:
         all_annotations = set(get_annotations(expr))
         secret_annotations = {a for a in all_annotations if isinstance(a, LoadAnnotation) and a.address == secret_load_pc}
         annotations = replace_secret_annotations_with_name(secret_annotations, "Secret")
         annotations += replace_secret_annotations_with_name(all_annotations - secret_annotations, "Attacker")
         proj.kb.comments[pc] = str(set(annotations))
-        proj.kb.comments[pc] += " > " + "TRANSMISSION"
+        proj.kb.comments[pc] += " -> " + "TRANSMISSION"
 
 
     output = ""
@@ -89,6 +89,7 @@ def output_gadget_to_file(t : Transmission, proj, path):
     o.write(f"""
 {'-'*48}
 uuid: {t.uuid}
+transmitter: {t.transmitter}
 
 Secret Address:
   - Expr: {t.secret_address.expr}

…294556ac-d9af-427e-9c8d-9b9a53c5b17e.asm …0fa0b458-9aaa-48d4-bf82-9e49f83833df.asmtests/test-cases/alias_overlap/ref-asm/gadget_alias_overlap_0x4000009_294556ac-d9af-427e-9c8d-9b9a53c5b17e.asm renamed to tests/test-cases/alias_overlap/ref-asm/gadget_alias_overlap_0x4000009_0fa0b458-9aaa-48d4-bf82-9e49f83833df.asm tests/test-cases/alias_overlap/ref-asm/gadget_alias_overlap_0x4000009_294556ac-d9af-427e-9c8d-9b9a53c5b17e.asm renamed to tests/test-cases/alias_overlap/ref-asm/gadget_alias_overlap_0x4000009_0fa0b458-9aaa-48d4-bf82-9e49f83833df.asm

@@ -1,8 +1,8 @@
 ----------------- TRANSMISSION -----------------
          alias_type_2:
 4000000  movzx   r8d, word ptr [rdx+0x28]
-4000005  mov     rax, qword ptr [rdx+0x20] ; {Attacker@rdx} > {Secret@0x4000005}
-4000009  mov     rcx, qword ptr [rax] ; {Secret@0x4000005} > TRANSMISSION
+4000005  mov     rax, qword ptr [rdx+0x20] ; {Attacker@rdx} -> {Secret@0x4000005}
+4000009  mov     rcx, qword ptr [rax] ; {Secret@0x4000005} -> TRANSMISSION
 400000c  mov     r11, qword ptr [rcx+r8]
 4000010  movzx   r9d, word ptr [rdx+0x24]
 4000015  mov     rbx, qword ptr [rdx+0x20]
@@ -11,7 +11,8 @@
 4000020  jmp     0x400dead
 
 ------------------------------------------------
-uuid: 294556ac-d9af-427e-9c8d-9b9a53c5b17e
+uuid: 0fa0b458-9aaa-48d4-bf82-9e49f83833df
+transmitter: TransmitterType.LOAD
 
 Secret Address:
   - Expr: <BV64 rdx + 0x20>

…87ea610c-4081-430a-a302-6eb3fa2404e2.asm …5006c4a9-08b7-41bd-8e71-beaaa6176c21.asmtests/test-cases/alias_overlap/ref-asm/gadget_alias_overlap_0x400000c_87ea610c-4081-430a-a302-6eb3fa2404e2.asm renamed to tests/test-cases/alias_overlap/ref-asm/gadget_alias_overlap_0x400000c_5006c4a9-08b7-41bd-8e71-beaaa6176c21.asm tests/test-cases/alias_overlap/ref-asm/gadget_alias_overlap_0x400000c_87ea610c-4081-430a-a302-6eb3fa2404e2.asm renamed to tests/test-cases/alias_overlap/ref-asm/gadget_alias_overlap_0x400000c_5006c4a9-08b7-41bd-8e71-beaaa6176c21.asm

@@ -1,17 +1,18 @@
 ----------------- TRANSMISSION -----------------
          alias_type_2:
-4000000  movzx   r8d, word ptr [rdx+0x28] ; {Attacker@rdx} > {Attacker@0x4000000}
-4000005  mov     rax, qword ptr [rdx+0x20] ; {Attacker@rdx} > {Attacker@0x4000005}
-4000009  mov     rcx, qword ptr [rax] ; {Attacker@0x4000005} > {Secret@0x4000009}
-400000c  mov     r11, qword ptr [rcx+r8] ; {Secret@0x4000009, Attacker@0x4000000} > TRANSMISSION
+4000000  movzx   r8d, word ptr [rdx+0x28] ; {Attacker@rdx} -> {Attacker@0x4000000}
+4000005  mov     rax, qword ptr [rdx+0x20] ; {Attacker@rdx} -> {Attacker@0x4000005}
+4000009  mov     rcx, qword ptr [rax] ; {Attacker@0x4000005} -> {Secret@0x4000009}
+400000c  mov     r11, qword ptr [rcx+r8] ; {Attacker@0x4000000, Secret@0x4000009} -> TRANSMISSION
 4000010  movzx   r9d, word ptr [rdx+0x24]
 4000015  mov     rbx, qword ptr [rdx+0x20]
 4000019  mov     rsi, qword ptr [rbx]
 400001c  mov     r12, qword ptr [rsi+r9]
 4000020  jmp     0x400dead
 
 ------------------------------------------------
-uuid: 87ea610c-4081-430a-a302-6eb3fa2404e2
+uuid: 5006c4a9-08b7-41bd-8e71-beaaa6176c21
+transmitter: TransmitterType.LOAD
 
 Secret Address:
   - Expr: <BV64 LOAD_64[<BV64 rdx + 0x20>]_21>

…1b43d77c-074b-44c0-9ac8-e426cc29d7a8.asm …e47ff901-45f5-497c-91f0-2d50c1ca047b.asmtests/test-cases/alias_overlap/ref-asm/gadget_alias_overlap_0x400000c_1b43d77c-074b-44c0-9ac8-e426cc29d7a8.asm renamed to tests/test-cases/alias_overlap/ref-asm/gadget_alias_overlap_0x400000c_e47ff901-45f5-497c-91f0-2d50c1ca047b.asm tests/test-cases/alias_overlap/ref-asm/gadget_alias_overlap_0x400000c_1b43d77c-074b-44c0-9ac8-e426cc29d7a8.asm renamed to tests/test-cases/alias_overlap/ref-asm/gadget_alias_overlap_0x400000c_e47ff901-45f5-497c-91f0-2d50c1ca047b.asm

@@ -1,17 +1,18 @@
 ----------------- TRANSMISSION -----------------
          alias_type_2:
-4000000  movzx   r8d, word ptr [rdx+0x28] ; {Attacker@rdx} > {Secret@0x4000000}
-4000005  mov     rax, qword ptr [rdx+0x20] ; {Attacker@rdx} > {Attacker@0x4000005}
-4000009  mov     rcx, qword ptr [rax] ; {Attacker@0x4000005} > {Attacker@0x4000009}
-400000c  mov     r11, qword ptr [rcx+r8] ; {Attacker@0x4000009, Secret@0x4000000} > TRANSMISSION
+4000000  movzx   r8d, word ptr [rdx+0x28] ; {Attacker@rdx} -> {Secret@0x4000000}
+4000005  mov     rax, qword ptr [rdx+0x20] ; {Attacker@rdx} -> {Attacker@0x4000005}
+4000009  mov     rcx, qword ptr [rax] ; {Attacker@0x4000005} -> {Attacker@0x4000009}
+400000c  mov     r11, qword ptr [rcx+r8] ; {Attacker@0x4000009, Secret@0x4000000} -> TRANSMISSION
 4000010  movzx   r9d, word ptr [rdx+0x24]
 4000015  mov     rbx, qword ptr [rdx+0x20]
 4000019  mov     rsi, qword ptr [rbx]
 400001c  mov     r12, qword ptr [rsi+r9]
 4000020  jmp     0x400dead
 
 ------------------------------------------------
-uuid: 1b43d77c-074b-44c0-9ac8-e426cc29d7a8
+uuid: e47ff901-45f5-497c-91f0-2d50c1ca047b
+transmitter: TransmitterType.LOAD
 
 Secret Address:
   - Expr: <BV64 rdx + 0x28>

…314077e5-dbe3-4c45-bb40-c12bc8199b97.asm …7bdb60d0-f3cd-4679-9ce6-7a410ccf8802.asmtests/test-cases/alias_overlap/ref-asm/gadget_alias_overlap_0x4000019_314077e5-dbe3-4c45-bb40-c12bc8199b97.asm renamed to tests/test-cases/alias_overlap/ref-asm/gadget_alias_overlap_0x4000019_7bdb60d0-f3cd-4679-9ce6-7a410ccf8802.asm tests/test-cases/alias_overlap/ref-asm/gadget_alias_overlap_0x4000019_314077e5-dbe3-4c45-bb40-c12bc8199b97.asm renamed to tests/test-cases/alias_overlap/ref-asm/gadget_alias_overlap_0x4000019_7bdb60d0-f3cd-4679-9ce6-7a410ccf8802.asm

@@ -5,13 +5,14 @@
 4000009  mov     rcx, qword ptr [rax]
 400000c  mov     r11, qword ptr [rcx+r8]
 4000010  movzx   r9d, word ptr [rdx+0x24]
-4000015  mov     rbx, qword ptr [rdx+0x20] ; {Attacker@rdx} > {Secret@0x4000015}
-4000019  mov     rsi, qword ptr [rbx] ; {Secret@0x4000015} > TRANSMISSION
+4000015  mov     rbx, qword ptr [rdx+0x20] ; {Attacker@rdx} -> {Secret@0x4000015}
+4000019  mov     rsi, qword ptr [rbx] ; {Secret@0x4000015} -> TRANSMISSION
 400001c  mov     r12, qword ptr [rsi+r9]
 4000020  jmp     0x400dead
 
 ------------------------------------------------
-uuid: 314077e5-dbe3-4c45-bb40-c12bc8199b97
+uuid: 7bdb60d0-f3cd-4679-9ce6-7a410ccf8802
+transmitter: TransmitterType.LOAD
 
 Secret Address:
   - Expr: <BV64 rdx + 0x20>

…f0885b62-2203-430a-a2c8-0ea1d7198799.asm …61e8290a-aa5a-4dcd-a3a3-71c23eafcd37.asmtests/test-cases/alias_overlap/ref-asm/gadget_alias_overlap_0x400001c_f0885b62-2203-430a-a2c8-0ea1d7198799.asm renamed to tests/test-cases/alias_overlap/ref-asm/gadget_alias_overlap_0x400001c_61e8290a-aa5a-4dcd-a3a3-71c23eafcd37.asm tests/test-cases/alias_overlap/ref-asm/gadget_alias_overlap_0x400001c_f0885b62-2203-430a-a2c8-0ea1d7198799.asm renamed to tests/test-cases/alias_overlap/ref-asm/gadget_alias_overlap_0x400001c_61e8290a-aa5a-4dcd-a3a3-71c23eafcd37.asm

@@ -4,14 +4,15 @@
 4000005  mov     rax, qword ptr [rdx+0x20]
 4000009  mov     rcx, qword ptr [rax]
 400000c  mov     r11, qword ptr [rcx+r8]
-4000010  movzx   r9d, word ptr [rdx+0x24] ; {Attacker@rdx} > {Attacker@0x4000010}
-4000015  mov     rbx, qword ptr [rdx+0x20] ; {Attacker@rdx} > {Attacker@0x4000015}
-4000019  mov     rsi, qword ptr [rbx] ; {Attacker@0x4000015} > {Secret@0x4000019}
-400001c  mov     r12, qword ptr [rsi+r9] ; {Secret@0x4000019, Attacker@0x4000010} > TRANSMISSION
+4000010  movzx   r9d, word ptr [rdx+0x24] ; {Attacker@rdx} -> {Attacker@0x4000010}
+4000015  mov     rbx, qword ptr [rdx+0x20] ; {Attacker@rdx} -> {Attacker@0x4000015}
+4000019  mov     rsi, qword ptr [rbx] ; {Attacker@0x4000015} -> {Secret@0x4000019}
+400001c  mov     r12, qword ptr [rsi+r9] ; {Attacker@0x4000010, Secret@0x4000019} -> TRANSMISSION
 4000020  jmp     0x400dead
 
 ------------------------------------------------
-uuid: f0885b62-2203-430a-a2c8-0ea1d7198799
+uuid: 61e8290a-aa5a-4dcd-a3a3-71c23eafcd37
+transmitter: TransmitterType.LOAD
 
 Secret Address:
   - Expr: <BV64 LOAD_64[<BV64 rdx + 0x20>]_25>

…df0fa1e2-1091-4573-bb8d-98eee32c0328.asm …e7b7c1a8-980f-4cc8-9b5d-1242d4a5d780.asmtests/test-cases/alias_overlap/ref-asm/gadget_alias_overlap_0x400001c_df0fa1e2-1091-4573-bb8d-98eee32c0328.asm renamed to tests/test-cases/alias_overlap/ref-asm/gadget_alias_overlap_0x400001c_e7b7c1a8-980f-4cc8-9b5d-1242d4a5d780.asm tests/test-cases/alias_overlap/ref-asm/gadget_alias_overlap_0x400001c_df0fa1e2-1091-4573-bb8d-98eee32c0328.asm renamed to tests/test-cases/alias_overlap/ref-asm/gadget_alias_overlap_0x400001c_e7b7c1a8-980f-4cc8-9b5d-1242d4a5d780.asm

@@ -4,14 +4,15 @@
 4000005  mov     rax, qword ptr [rdx+0x20]
 4000009  mov     rcx, qword ptr [rax]
 400000c  mov     r11, qword ptr [rcx+r8]
-4000010  movzx   r9d, word ptr [rdx+0x24] ; {Attacker@rdx} > {Secret@0x4000010}
-4000015  mov     rbx, qword ptr [rdx+0x20] ; {Attacker@rdx} > {Attacker@0x4000015}
-4000019  mov     rsi, qword ptr [rbx] ; {Attacker@0x4000015} > {Attacker@0x4000019}
-400001c  mov     r12, qword ptr [rsi+r9] ; {Secret@0x4000010, Attacker@0x4000019} > TRANSMISSION
+4000010  movzx   r9d, word ptr [rdx+0x24] ; {Attacker@rdx} -> {Secret@0x4000010}
+4000015  mov     rbx, qword ptr [rdx+0x20] ; {Attacker@rdx} -> {Attacker@0x4000015}
+4000019  mov     rsi, qword ptr [rbx] ; {Attacker@0x4000015} -> {Attacker@0x4000019}
+400001c  mov     r12, qword ptr [rsi+r9] ; {Secret@0x4000010, Attacker@0x4000019} -> TRANSMISSION
 4000020  jmp     0x400dead
 
 ------------------------------------------------
-uuid: df0fa1e2-1091-4573-bb8d-98eee32c0328
+uuid: e7b7c1a8-980f-4cc8-9b5d-1242d4a5d780
+transmitter: TransmitterType.LOAD
 
 Secret Address:
   - Expr: <BV64 rdx + 0x24>

…8552ad76-c42a-4c8e-8f65-3da3f0594310.asm …95c145bd-0719-4194-af16-028a8b2ed308.asmtests/test-cases/alias_partially_independent/ref-asm/gadget_alias_partially_independent_0x400000a_8552ad76-c42a-4c8e-8f65-3da3f0594310.asm renamed to tests/test-cases/alias_partially_independent/ref-asm/gadget_alias_partially_independent_0x400000a_95c145bd-0719-4194-af16-028a8b2ed308.asm tests/test-cases/alias_partially_independent/ref-asm/gadget_alias_partially_independent_0x400000a_8552ad76-c42a-4c8e-8f65-3da3f0594310.asm renamed to tests/test-cases/alias_partially_independent/ref-asm/gadget_alias_partially_independent_0x400000a_95c145bd-0719-4194-af16-028a8b2ed308.asm

@@ -2,8 +2,8 @@
          alias_partially_independent:
 4000000  mov     esi, edi
 4000002  add     rsi, r12
-4000005  mov     rax, qword ptr [r12+0x28] ; {Attacker@r12} > {Secret@0x4000005}
-400000a  mov     r9, qword ptr [rsi+rax] ; {Secret@0x4000005, Attacker@rdi, Attacker@r12} > TRANSMISSION
+4000005  mov     rax, qword ptr [r12+0x28] ; {Attacker@r12} -> {Secret@0x4000005}
+400000a  mov     r9, qword ptr [rsi+rax] ; {Secret@0x4000005, Attacker@rdi, Attacker@r12} -> TRANSMISSION
 400000e  mov     esi, edi
 4000010  add     rsi, r12
 4000013  mov     eax, dword ptr [r12+0x28]
@@ -15,7 +15,8 @@
 400002c  jmp     0x400dead
 
 ------------------------------------------------
-uuid: 8552ad76-c42a-4c8e-8f65-3da3f0594310
+uuid: 95c145bd-0719-4194-af16-028a8b2ed308
+transmitter: TransmitterType.LOAD
 
 Secret Address:
   - Expr: <BV64 r12 + 0x28>
@@ -34,7 +35,7 @@ Transmission:
   - Expr: <BV64 (0#32 .. rdi[31:0]) + r12 + LOAD_64[<BV64 r12 + 0x28>]_20>
   - Range: (0x0,0xffffffffffffffff, 0x1) Exact: True
 
-Register Requirements: {<BV64 r12>, <BV64 rdi>}
+Register Requirements: {<BV64 rdi>, <BV64 r12>}
 Constraints: []
 Branches: []
 ------------------------------------------------

…ce32cbcf-13cc-4849-a9f8-535854b27aa3.asm …1ee1a0fa-31ef-4c40-989a-b105bb36f84e.asmtests/test-cases/alias_partially_independent/ref-asm/gadget_alias_partially_independent_0x4000018_ce32cbcf-13cc-4849-a9f8-535854b27aa3.asm renamed to tests/test-cases/alias_partially_independent/ref-asm/gadget_alias_partially_independent_0x4000018_1ee1a0fa-31ef-4c40-989a-b105bb36f84e.asm tests/test-cases/alias_partially_independent/ref-asm/gadget_alias_partially_independent_0x4000018_ce32cbcf-13cc-4849-a9f8-535854b27aa3.asm renamed to tests/test-cases/alias_partially_independent/ref-asm/gadget_alias_partially_independent_0x4000018_1ee1a0fa-31ef-4c40-989a-b105bb36f84e.asm

@@ -6,16 +6,17 @@
 400000a  mov     r9, qword ptr [rsi+rax]
 400000e  mov     esi, edi
 4000010  add     rsi, r12
-4000013  mov     eax, dword ptr [r12+0x28] ; {Attacker@r12} > {Secret@0x4000013}
-4000018  mov     r10, qword ptr [rsi+rax] ; {Secret@0x4000013, Attacker@rdi, Attacker@r12} > TRANSMISSION
+4000013  mov     eax, dword ptr [r12+0x28] ; {Attacker@r12} -> {Secret@0x4000013}
+4000018  mov     r10, qword ptr [rsi+rax] ; {Secret@0x4000013, Attacker@rdi, Attacker@r12} -> TRANSMISSION
 400001c  mov     esi, edi
 400001e  add     rsi, qword ptr [r12+0x20]
 4000023  mov     rax, qword ptr [r12+0x28]
 4000028  mov     r11, qword ptr [rsi+rax]
 400002c  jmp     0x400dead
 
 ------------------------------------------------
-uuid: ce32cbcf-13cc-4849-a9f8-535854b27aa3
+uuid: 1ee1a0fa-31ef-4c40-989a-b105bb36f84e
+transmitter: TransmitterType.LOAD
 
 Secret Address:
   - Expr: <BV64 r12 + 0x28>
@@ -34,7 +35,7 @@ Transmission:
   - Expr: <BV64 (0#32 .. rdi[31:0]) + r12 + (0#32 .. LOAD_32[<BV64 r12 + 0x28>]_22)>
   - Range: (0x0,0xffffffffffffffff, 0x1) Exact: True
 
-Register Requirements: {<BV64 r12>, <BV64 rdi>}
+Register Requirements: {<BV64 rdi>, <BV64 r12>}
 Constraints: []
 Branches: []
 ------------------------------------------------

…89aceeab-5c21-40a5-9b60-518403997e92.asm …68bf3d4f-18cc-41ff-951e-0f7d73089faa.asmtests/test-cases/alias_partially_independent/ref-asm/gadget_alias_partially_independent_0x4000028_89aceeab-5c21-40a5-9b60-518403997e92.asm renamed to tests/test-cases/alias_partially_independent/ref-asm/gadget_alias_partially_independent_0x4000028_68bf3d4f-18cc-41ff-951e-0f7d73089faa.asm tests/test-cases/alias_partially_independent/ref-asm/gadget_alias_partially_independent_0x4000028_89aceeab-5c21-40a5-9b60-518403997e92.asm renamed to tests/test-cases/alias_partially_independent/ref-asm/gadget_alias_partially_independent_0x4000028_68bf3d4f-18cc-41ff-951e-0f7d73089faa.asm

@@ -9,13 +9,14 @@
 4000013  mov     eax, dword ptr [r12+0x28]
 4000018  mov     r10, qword ptr [rsi+rax]
 400001c  mov     esi, edi
-400001e  add     rsi, qword ptr [r12+0x20] ; {Attacker@r12} > {Secret@0x400001e}
-4000023  mov     rax, qword ptr [r12+0x28] ; {Attacker@r12} > {Attacker@0x4000023}
-4000028  mov     r11, qword ptr [rsi+rax] ; {Attacker@0x4000023, Secret@0x400001e, Attacker@rdi} > TRANSMISSION
+400001e  add     rsi, qword ptr [r12+0x20] ; {Attacker@r12} -> {Secret@0x400001e}
+4000023  mov     rax, qword ptr [r12+0x28] ; {Attacker@r12} -> {Attacker@0x4000023}
+4000028  mov     r11, qword ptr [rsi+rax] ; {Secret@0x400001e, Attacker@rdi, Attacker@0x4000023} -> TRANSMISSION
 400002c  jmp     0x400dead
 
 ------------------------------------------------
-uuid: 89aceeab-5c21-40a5-9b60-518403997e92
+uuid: 68bf3d4f-18cc-41ff-951e-0f7d73089faa
+transmitter: TransmitterType.LOAD
 
 Secret Address:
   - Expr: <BV64 r12 + 0x20>
@@ -34,7 +35,7 @@ Transmission:
   - Expr: <BV64 (0#32 .. rdi[31:0]) + LOAD_64[<BV64 r12 + 0x20>]_24 + LOAD_64[<BV64 r12 + 0x28>]_25>
   - Range: (0x0,0xffffffffffffffff, 0x1) Exact: True
 
-Register Requirements: {<BV64 r12>, <BV64 rdi>}
+Register Requirements: {<BV64 rdi>, <BV64 r12>}
 Constraints: []
 Branches: []
 ------------------------------------------------