In the previous post I discussed one way to go about gathering a trace for emulation. In this I’m going to talk about how we go about emulating such a trace, how and why we hook functions as they are emulated and how symbolic operations are performed.
As before, this post is accompanied by a video which demonstrates the code in action. Unlike the previous post I’ve decided to skip the paragraphs of rambling and instead most of the info is in the actual video itself =)
– Introducing symbolic data via function hooks
– Performing computations on symbolic data
(You probably want to click the “Watch on YouTube” option on the bottom right of the video and set the quality to 720p. Btw, near the end of the video I said something along the lines of “one of the advantages of whitebox fuzzing over symbolic emulation”. That makes no sense =) What I meant to say was “one of the advantages of whitebox fuzzing over normal symbolic execution”.)
4 thoughts on “Anatomy of a Symbolic Emulator, Part 2: Introducing Symbolic Data”
The youtube video doesn’t play at anything better than 360p which makes the text unreadable.
Click the ‘Watch on YouTube’ option, set the quality to 720p and then make it full screen. Let me know if that doesn’t work for whatever reason.
HD is available when viewed with IE9. For some reason FF11 on win7 doesn’t have the HD resolutions available for just this video. Thanks.
Ah, that’s annoying. I never checked with FF. It works OK with Chrome as well btw. It might be worth noting that I’m using the HTML5 version rather than Flash http://www.youtube.com/html5
Comments are closed.