Ponce
Search…
Ponce
Introduction
USAGE
Symbolic and Taint engines
Enable/Disable Ponce
Symbolize/Taint data
Solve conditions
Blacklisting library functions
Shortcuts
EXAMPLES
Symbolic engine
Taint engine
Negate & Inject
Negate, Inject & Restore
MISC
Ponce limitations
Building
FAQ
Debugging
Port to IDA version
Powered By
GitBook
Negate, Inject & Restore
In the next example we are using the snapshot engine:
Passing a file as argument.
We select we want to use the symbolic engine.
We taint the buffer that
fread()
reads from the file.
We create a snapshot in the function that parses the buffer read from the file.
When a condition is evaluated we negate it, inject the solution in memory and restore the snapshot with it.
The solution will be "valid" so we will satisfy the existent conditions.
x64_fread_test_negate_restore_inject.gif
EXAMPLES - Previous
Negate & Inject
Next - MISC
Ponce limitations
Last modified
2yr ago
Copy link