Hi Buddhika,
I am sorry for the late response. In terms of how ParseAPI handle indirect
control flows, ParseAPI will try to resolve indirect jumps and if these
indirect jumps correspond to a switch statement in the source code,
ParseAPI typically can finds the indirect jump targets. You can get these
targets by traverse the control flow graph, as shown in the example of the
ParseAPI manual and you can check the edge type of control flow edges to
determine whether they are indirect or not. For indirect calls and indirect
tail calls, ParseAPI has little support to resolve their targets.
For your purpose of implementing a control flow integrity prototype, you
either allow indirect calls to call all functions (disallowing calling any
non-function-entry address), or you will need to do other analysis on top
of Dyninst to better estimate the possible call targets.
Hope this helps.
Thanks,
--Xiaozhu
On Fri, Nov 10, 2017 at 7:56 AM, Buddhika Chamith Kahawitage Don <
budka...@umail.iu.edu> wrote:
> Hi All,
>
> I am thinking of implementing a control flow integrity prototype for which
> I require doing some static analysis to approximate control flow targets of
> indirect control flow instructions.
>
> How does parseAPI handle indirect control flows when deriving the CFG?
> What facilities does the API provide me order to obtain such information?
> (e.g: which control flows are indirect and what are the possible targets
> given an indirect control flow instruction)
>
> Regards
> Buddhika
>
> ___
> Dyninst-api mailing list
> Dyninst-api@cs.wisc.edu
> https://lists.cs.wisc.edu/mailman/listinfo/dyninst-api
>
___
Dyninst-api mailing list
Dyninst-api@cs.wisc.edu
https://lists.cs.wisc.edu/mailman/listinfo/dyninst-api
