Jun Xu

I fully agree QSYM is also a very good choice, but I did not see a major difference in "scalability" between KLEE and QSYM. And the truth is our klee-concolic-executor...

It is not that surprising: QSYM interprets every machine instruction but KLEE just interprets every LLVM IR instruction. The number of machine instructions is many times of LLVM IR instructions....

> I remember a paper last year evaluate the inflation rate of LLVM instruction and machine instruction and it does not look like the difference between the amount of these...

@pgoodman In fact, we do not quite understand why McSEMA alters the default INF_AF options in IDA: https://github.com/trailofbits/mcsema/blob/master/tools/mcsema_disass/ida7/get_cfg.py#L1623

@cyanpencil I tested the code on the Quick PDF Library (x64, PIE, symbols): https://www.debenu.com/products/development/debenu-pdf-library/?__hstc=16885030.d1c7d6c178e7392c96be82a9ed0d552e.1605134306956.1605192347633.1605711983878.4&__hssc=16885030.5.1605711983878&__hsfp=4103256049 Just FYI, I noticed more issues from the current version of Retrowrite: -- The statement at...

BTW, I just committed a new version to my local repo at https://github.com/junxzm1990/retrowrite I just played some *quick* and "dirty" tricks to make it work with some preliminary tests on...

Just fixed more issues. Now my local version can work Quick PDF Library, using both g++ and clang++ to reassemble the disassembled results.

@diagprov the outputs you posted look like symbols. Can you post the relocations? I should have fixed the problems related to "LC0" in my local fork at https://github.com/junxzm1990/retrowrite. I hoped...

I think you can fill the "addr struct" with a fake address (e.g. INADDR_ANY) and set the "socklen_t \* addrlen" correspondingly. That's what I did.

I am still "borrowing" the preeny code. When all set, I will PR.