dbwodlf3/explain.txt

## explain.txt
================================================================================
SMC1.c
================================================================================
C언어.
    memcpy(ptr_key, instr10, 4);
Binary.
     801:	48 8d 05 4d 00 00 00 	lea    0x4d(%rip),%rax        # 855 <main+0x6b>
     808:	48 89 45 e8          	mov    %rax,-0x18(%rbp)
     ....
     85c:	48 8b 45 e8          	mov    -0x18(%rbp),%rax
     860:	89 10                	mov    %edx,(%rax)
LL파일.
    %1 = load i64, i64* @RSP_2312_5613298471c8, align 8, !tbaa !1220
    %10 = add i64 %1, -32
    %11 = inttoptr i64 %10 to i64*
    store i64 2133, i64* %11, align 8
    ....
    %15 = load i64, i64* @RBP_2328_5613298471c8, align 8
    %18 = add i64 %15, -24
    %19 = inttoptr i64 %18 to i32**
    %98 = load i32*, i32** %19, align 8
    store i32 %97, i32* %98, align 4
검출과정.
    %11 -> %10 -> %1 => function_name!stack!-24
    2133 ∈ [[function_name!stack!-24]]
    ....
    %19 -> %18 -> %15 => function_name!stack!-24
    %98 => %19 And 2133 is !code!
STACK 에 저장
    load -> add -> inttoptr -> store
SMC
    load -> add -> inttoptr -> load -> store

================================================================================
SMC3.c
================================================================================
C언어.
    ptr_gen_reg9 = (unsigned char*)main + GEN_OFFSET;
    ptr_tpl_reg11 = (unsigned char*)main + TPL_OFFSET;
....복잡함.
Binary.
 7dc:	48 8d 05 7a 01 00 00 	lea    0x17a(%rip),%rax        # 95d <main+0x1e3>
 7e3:	48 89 45 c0          	mov    %rax,-0x40(%rbp)

 7e7:	48 8d 05 5a 01 00 00 	lea    0x15a(%rip),%rax        # 948 <main+0x1ce>
 7ee:	48 89 45 c8          	mov    %rax,-0x38(%rbp)

 80e:	48 8b 55 c0          	mov    -0x40(%rbp),%rdx
 812:	48 01 ca             	add    %rcx,%rdx
 815:	0f b6 00             	movzbl (%rax),%eax
 818:	88 02                	mov    %al,(%rdx)

 85d:	48 8b 55 c0          	mov    -0x40(%rbp),%rdx
 861:	48 01 ca             	add    %rcx,%rdx
 864:	0f b6 00             	movzbl (%rax),%eax
 867:	88 02                	mov    %al,(%rdx)

 888:	48 8b 45 c0          	mov    -0x40(%rbp),%rax
 88c:	48 83 c0 02          	add    $0x2,%rax
 890:	01 ca                	add    %ecx,%edx
 892:	88 10                	mov    %dl,(%rax)

 8a9:	48 8b 45 c0          	mov    -0x40(%rbp),%rax
 8ad:	48 83 c0 05          	add    $0x5,%rax
 8b1:	01 ca                	add    %ecx,%edx
 8b3:	88 10                	mov    %dl,(%rax)

 8ec:	48 8b 55 c0          	mov    -0x40(%rbp),%rdx
 8f0:	48 01 ca             	add    %rcx,%rdx
 8f3:	0f b6 00             	movzbl (%rax),%eax
 8f6:	88 02                	mov    %al,(%rdx)

 904:	48 8b 45 c0          	mov    -0x40(%rbp),%rax
 908:	48 01 d0             	add    %rdx,%rax
 90b:	0f b6 10             	movzbl (%rax),%edx
 90e:	8b 45 b4             	mov    -0x4c(%rbp),%eax

 914:	48 8b 45 c0          	mov    -0x40(%rbp),%rax
 918:	48 01 c8             	add    %rcx,%rax
 91b:	83 ea 2d             	sub    $0x2d,%edx
 91e:	88 10                	mov    %dl,(%rax)

LL 파일
  %32 = add i64 %27, -64
  %33 = inttoptr i64 %32 to i64*
  store i64 2397, i64* %33, align 8

  %storemerge24 = phi i32 [ 0, %inst_77a ], [ %122, %inst_7fb ]
  %113 = sext i32 %storemerge24 to i64
  %116 = load i64, i64* %33, align 8
  %117 = add i64 %116, %113
  %120 = inttoptr i64 %117 to i8*
  store i8 %119, i8* %120, align 1

  %133 = load i64, i64* %33, align 8
  %134 = add i64 %133, 7
  store i64 %134, i64* %33, align 8

  %153 = load i64, i64* %33, align 8
  %154 = add i64 %153, %150
  %157 = inttoptr i64 %154 to i8*
  store i8 %156, i8* %157, align 1

  %170 = load i64, i64* %33, align 8
  %171 = add i64 %170, 2
  %172 = inttoptr i64 %171 to i8*
  store i8 %176, i8* %172, align 1

  %177 = load i64, i64* %33, align 8
  %178 = add i64 %177, 5
  %179 = inttoptr i64 %178 to i8*
  store i8 %188, i8* %179, align 1

  %189 = load i64, i64* %33, align 8
  %190 = add i64 %189, 12
  store i64 %190, i64* %33, align 8

  %197 = load i64, i64* %33, align 8
  %198 = add i64 %197, %196
  %199 = inttoptr i64 %198 to i8*
  store i8 %204, i8* %199, align 1

================================================================================
SMC4.c
================================================================================
C언어.
    ptr_reg4 = (unsigned char*)main + GGEN;
    ptr_reg9 = (unsigned char*)main + START;
    ....
    해석이 잘 안됨..
Binary.
    82d:	48 8d 05 d9 00 00 00 	lea    0xd9(%rip),%rax        # 90d <main+0x103>
    834:	48 89 45 b0          	mov    %rax,-0x50(%rbp)
    ....
     887:	48 8b 45 b0          	mov    -0x50(%rbp),%rax
     88b:	48 01 c2             	add    %rax,%rdx
     88e:	8b 45 a8             	mov    -0x58(%rbp),%eax
    ....
     8c1:	48 8b 45 b0          	mov    -0x50(%rbp),%rax
     8c5:	48 01 c2             	add    %rax,%rdx
     8c8:	8b 45 a8             	mov    -0x58(%rbp),%eax
    ....
     8e9:	48 8d 05 31 ff ff ff 	lea    -0xcf(%rip),%rax        # 821 <main+0x17>
     8f0:	48 89 45 b0          	mov    %rax,-0x50(%rbp)
     ....
     등등..
LL파일.
    %14 = add i64 %13, -80
    %15 = inttoptr i64 %14 to i64*
    store i64 2317, i64* %15, align 8
    ....
    %66 = load i64, i64* %15, align 8
    %67 = add i64 %66, %65
    %71 = inttoptr i64 %67 to i8*
    store i8 %70, i8* %71, align 1
STACK 에 저장
    load -> add -> inttoptr -> store
SMC
    load(포인터) -> add (변수, 변수)-> inttoptr -> store
    변수에 대한 분석이 필요로함(그래서 지금 수준에서는 분석 안됨)

================================================================================
SMC5.c
================================================================================
C언어.
    ptr_h = (unsigned char*)main + OFFSET_H;
    ptr_g = (unsigned char*)main + OFFSET_G;
    ....
    for(i=0; i < SIZE_G; i++) ptr_g[i] = instr10[i];
    ....
    for (i=0; i < SIZE_H; i++) ptr_g[i] = instr9[i];
    ....
    for (i=0; i< SIZE_H; i++) ptr_h[i] = instr11[i];
    ....
    ptr_g[21] = ptr_g[21] + BEFORE_INST;

Binary.
    7aa:	48 8d 05 57 01 00 00 	lea    0x157(%rip),%rax        # 908 <main+0x18e>
    7b1:	48 89 05 70 08 20 00 	mov    %rax,0x200870(%rip)        # 201028 <ptr_h>
    7b8:	48 8d 05 12 01 00 00 	lea    0x112(%rip),%rax        # 8d1 <main+0x157>
    7bf:	48 89 05 5a 08 20 00 	mov    %rax,0x20085a(%rip)        # 201020 <ptr_g>
    ....

    863:	48 8b 0d b6 07 20 00 	mov    0x2007b6(%rip),%rcx        # 201020 <ptr_g>
    86a:	8b 85 38 ff ff ff    	mov    -0xc8(%rbp),%eax
    870:	48 98                	cltq
    872:	48 01 c8             	add    %rcx,%rax
    875:	88 10                	mov    %dl,(%rax)

    8e3:	48 8b 0d 36 07 20 00 	mov    0x200736(%rip),%rcx        # 201020 <ptr_g>
    8ea:	8b 85 38 ff ff ff    	mov    -0xc8(%rbp),%eax
    8f0:	48 98                	cltq
    8f2:	48 01 c8             	add    %rcx,%rax
    8f5:	88 10                	mov    %dl,(%rax)

    957:	48 8b 0d ca 06 20 00 	mov    0x2006ca(%rip),%rcx        # 201028 <ptr_h>
    95e:	8b 85 38 ff ff ff    	mov    -0xc8(%rbp),%eax
    964:	48 98                	cltq
    966:	48 01 c8             	add    %rcx,%rax
    969:	88 10                	mov    %dl,(%rax)

    9a2:	48 8b 05 77 06 20 00 	mov    0x200677(%rip),%rax        # 201020 <ptr_g>
    9a9:	48 83 c0 15          	add    $0x15,%rax
    9ad:	83 ea 08             	sub    $0x8,%edx
    9b0:	88 10                	mov    %dl,(%rax)

LL파일.
    store i64 2312, i64* bitcast (i8* @data_201028 to i64*), align 8
    store i64 2257, i64* bitcast (i8* @data_201020 to i64*), align 32

    %98 = load i64, i64* bitcast (i8* @data_201020 to i64*), align 32
    %99 = add i64 %98, %93
    %100 = inttoptr i64 %99 to i8*
    store i8 %96, i8* %100, align 1

    %138 = load i64, i64* bitcast (i8* @data_201020 to i64*), align 32
    %139 = add i64 %138, %133
    %140 = inttoptr i64 %139 to i8*
    store i8 %136, i8* %140, align 1

    %163 = load i64, i64* bitcast (i8* @data_201028 to i64*), align 8
    %164 = add i64 %163, %158
    %165 = inttoptr i64 %164 to i8*
    store i8 %161, i8* %165, align 1

    %173 = load i64, i64* bitcast (i8* @data_201020 to i64*), align 32
    %174 = add i64 %173, 21
    %175 = inttoptr i64 %174 to i8*
    store i8 %180, i8* %175, align 1


비고.
    전역변수를 사용한 경우가 나타남....
    복잡함.
    zext 도 나타나고 어려움.(코드가 복잡함)

================================================================================
SMC6.c
================================================================================
C언어.
    ptr_main = (unsigned char*)main + 194; // 182
    ptr_alter = (unsigned char*)main + 288; // 273
    ....
    for(i=0; i<SIZE_ALTER; i++) ptr_alter[i] = instr8[i];
    for(i=0; i<SIZE_MAIN; i++) ptr_main[i] = instr9[i];
Binary.
    778:	48 8d 05 7d 00 00 00 	lea    0x7d(%rip),%rax        # 7fc <main+0xc2>
    77f:	48 89 85 60 ff ff ff 	mov    %rax,-0xa0(%rbp)
    786:	48 8d 05 cd 00 00 00 	lea    0xcd(%rip),%rax        # 85a <main+0x120>
    78d:	48 89 85 68 ff ff ff 	mov    %rax,-0x98(%rbp)
    ....
    83d:	48 8b 85 68 ff ff ff 	mov    -0x98(%rbp),%rax
    844:	48 01 c8             	add    %rcx,%rax
    847:	88 10                	mov    %dl,(%rax)
    ....
    8e9:	48 8b 85 60 ff ff ff 	mov    -0xa0(%rbp),%rax
    8f0:	48 01 c8             	add    %rcx,%rax
    8f3:	88 10                	mov    %dl,(%rax)
LL파일.
    %13 = load i64, i64* @RBP_2328_55c4db8f11c8, align 8
    %18 = add i64 %13, -160
    %19 = inttoptr i64 %18 to i64*
    store i64 2044, i64* %19, align 8
    %20 = add i64 %13, -152
    %21 = inttoptr i64 %20 to i64*
    store i64 2138, i64* %21, align 8
    ....
    %135 = load i64, i64* %19, align 8
    %136 = add i64 %135, %131
    %137 = inttoptr i64 %136 to i8*
    store i8 %134, i8* %137, align 1
    ....
    %82 = load i64, i64* %21, align 8
    %83 = add i64 %82, %78
    %84 = inttoptr i64 %83 to i8*
    store i8 %81, i8* %84, align 1
STACK 에 저장
    load -> add -> inttoptr -> store
SMC
    load(포인터) -> add (변수, 변수)-> inttoptr -> store

================================================================================
SMC7.c
================================================================================
C언어.
    ptr_new  = (unsigned char*) main + NEW;
    ....
    for(i=0; i<SIZE_LOOP; i++)
        (ptr_new + offset)[i] = ptr_loop[i];
Binary.
    770:	48 8d 05 43 00 00 00 	lea    0x43(%rip),%rax        # 7ba <main+0x70>
    777:	48 89 45 f8          	mov    %rax,-0x8(%rbp)
    ....
    7a0:	48 8b 55 f8          	mov    -0x8(%rbp),%rdx
    7a4:	48 01 ca             	add    %rcx,%rdx
    7a7:	0f b6 00             	movzbl (%rax),%eax
    7aa:	88 02                	mov    %al,(%rdx)
LL파일.
    %31 = load i64, i64* @RBP_2328_56426cb411c8, align 8
    %36 = add i64 %31, -8
    %37 = inttoptr i64 %36 to i64*
    store i64 1978, i64* %37, align 8
    ....
    %46 = load i64, i64* %37, align 8
    %47 = add i64 %45, %46
    %50 = inttoptr i64 %47 to i8*
    store i8 %49, i8* %50, align 1
STACK 에 저장
    load -> add -> inttoptr -> store
SMC
    load(포인터) -> add (변수, 변수)-> inttoptr -> store

================================================================================
SMC8.c
================================================================================

C언어.
    ptr_body_reg10 = (unsigned char*)main + BODY;
    ....
    for (i = 0; i < SIZE_OF_ADD; i++) (ptr_body_reg10 + OFFSET_12)[i] = reg9[i]; // SIZE 68
    for(i = 0; i < SIZE_OF_ADD; i++) (ptr_body_reg10 + OFFSET_16)[i] = reg8[i]; // SIZE 71
    for(i = 0; i < SIZE_OF_SW; i++) (ptr_body_reg10 + OFFSET_20)[i] = reg9[i]; // SIZE 68
    for(i = 0; i < SIZE_OF_SW; i++) (ptr_body_reg10 + OFFSET_8)[i] = reg8[i]; // SIZE 71
Binary.
    76a:	48 8d 05 07 00 00 00 	lea    0x7(%rip),%rax        # 778 <main+0x3e>
    771:	48 89 85 48 ff ff ff 	mov    %rax,-0xb8(%rbp)
    ....
    817:	48 8d 90 d9 00 00 00 	lea    0xd9(%rax),%rdx
    81e:	48 8b 85 48 ff ff ff 	mov    -0xb8(%rbp),%rax
    825:	48 01 c2             	add    %rax,%rdx
    828:	8b 85 40 ff ff ff    	mov    -0xc0(%rbp),%eax
    82e:	48 98                	cltq
    830:	0f b6 44 05 a0       	movzbl -0x60(%rbp,%rax,1),%eax
    835:	88 02                	mov    %al,(%rdx)
    ....
    90c:	48 8b 85 48 ff ff ff 	mov    -0xb8(%rbp),%rax
    913:	48 01 d0             	add    %rdx,%rax
    916:	0f b6 10             	movzbl (%rax),%edx
    919:	8b 85 40 ff ff ff    	mov    -0xc0(%rbp),%eax
    91f:	48 98                	cltq
    921:	88 94 05 50 ff ff ff 	mov    %dl,-0xb0(%rbp,%rax,1)
    ....
    953:	48 8b 85 48 ff ff ff 	mov    -0xb8(%rbp),%rax
    95a:	48 01 c2             	add    %rax,%rdx
    95d:	8b 85 40 ff ff ff    	mov    -0xc0(%rbp),%eax
    963:	48 98                	cltq
    965:	0f b6 44 05 a0       	movzbl -0x60(%rbp,%rax,1),%eax
    96a:	88 02                	mov    %al,(%rdx)
    ....
    997:	48 8b 85 48 ff ff ff 	mov    -0xb8(%rbp),%rax
    99e:	48 01 c2             	add    %rax,%rdx
    9a1:	8b 85 40 ff ff ff    	mov    -0xc0(%rbp),%eax
    9a7:	48 98                	cltq
    9a9:	0f b6 84 05 50 ff ff 	movzbl -0xb0(%rbp,%rax,1),%eax
    9b0:	ff
    9b1:	88 02                	mov    %al,(%rdx)
LL파일.
    %13 = load i64, i64* @RBP_2328_56295d8dd1c8, align 8
    %16 = add i64 %13, -184
    %17 = inttoptr i64 %16 to i64*
    store i64 1912, i64* %17, align 8
    ....
    %72 = load i64, i64* %17, align 8
    %73 = add i64 %71, %72
    %74 = add i64 %22, %70
    %75 = inttoptr i64 %74 to i8*
    %76 = load i8, i8* %75, align 1
    %77 = inttoptr i64 %73 to i8*
    store i8 %76, i8* %77, align 1
    ....
    %94 = load i64, i64* %17, align 8
    %95 = add i64 %93, %94
    %96 = add i64 %25, %92
    %97 = inttoptr i64 %96 to i8*
    %98 = load i8, i8* %97, align 1
    %99 = inttoptr i64 %95 to i8*
    store i8 %98, i8* %99, align 1
    ....
    %116 = load i64, i64* %17, align 8
    %117 = add i64 %115, %116
    %118 = inttoptr i64 %117 to i8*
    %119 = load i8, i8* %118, align 1
    %120 = add i64 %26, %114
    %121 = inttoptr i64 %120 to i8*
    store i8 %119, i8* %121, align 1
    ....
    %136 = load i64, i64* %17, align 8
    %137 = add i64 %135, %136
    %138 = inttoptr i64 %137 to i8*
    %139 = load i8, i8* %138, align 1
    %140 = add i64 %27, %134
    %141 = inttoptr i64 %140 to i8*
    store i8 %139, i8* %141, align 1
STACK 에 저장
    load -> add -> inttoptr -> store
SMC
    load(포인터) -> add (변수, 변수)-> inttoptr -> store

================================================================================
SMC9.c
================================================================================
이건 Pattern 1.2 으로 검출이 되지 않음.
C언어.
    unsigned char *foo_code = (unsigned char *)malloc(sizeof(unsigned char) * 55);
    memcpy(foo_code, foo, 55);
    ....
    memcpy(foo, foo_code, 55);
    ....
    memcpy(foo, foo_code, 55);
Binary.
    893:	e8 98 fe ff ff       	callq  730 <malloc@plt>
    898:	48 89 45 f8          	mov    %rax,-0x8(%rbp)
    ....
    89c:	48 8b 45 f8          	mov    -0x8(%rbp),%rax
    8a0:	ba 37 00 00 00       	mov    $0x37,%edx
    8a5:	48 8d 35 b1 00 00 00 	lea    0xb1(%rip),%rsi        # 95d <foo>
    8ac:	48 89 c7             	mov    %rax,%rdi
    8af:	e8 6c fe ff ff       	callq  720 <memcpy@plt>
    ....
    8e8:	48 8b 45 f8          	mov    -0x8(%rbp),%rax
    8ec:	ba 37 00 00 00       	mov    $0x37,%edx
    8f1:	48 89 c6             	mov    %rax,%rsi
    8f4:	48 8d 3d 62 00 00 00 	lea    0x62(%rip),%rdi        # 95d <foo>
    8fb:	e8 20 fe ff ff       	callq  720 <memcpy@plt>
    ....
    934:	48 8b 45 f8          	mov    -0x8(%rbp),%rax
    938:	ba 37 00 00 00       	mov    $0x37,%edx
    93d:	48 89 c6             	mov    %rax,%rsi
    940:	48 8d 3d 16 00 00 00 	lea    0x16(%rip),%rdi        # 95d <foo>
    947:	e8 d4 fd ff ff       	callq  720 <memcpy@plt>
LL파일.
    %34 = call fastcc %struct.Memory* @ext_201058_malloc(%struct.Memory* %30)
    %35 = load i64, i64* @RBP_2328_55762dd8a1c8, align 8
    %36 = add i64 %35, -8
    %37 = load i64, i64* @RAX_2216_55762dd8a1c8, align 8
    %38 = inttoptr i64 %36 to i64*
    store i64 %37, i64* %38, align 8
    ....
    %37 = load i64, i64* @RAX_2216_55762dd8a1c8, align 8                      !! 주의 !!
    store i64 2397, i64* @RSI_2280_55762dd8a1c8, align 8, !tbaa !1216
    store i64 %37, i64* @RDI_2296_55762dd8a1c8, align 8, !tbaa !1216
    %42 = call fastcc %struct.Memory* @ext_201050_memcpy(%struct.Memory* %34)
    ....
    store i64 %108, i64* @RSI_2280_55762dd8a1c8, align 8, !tbaa !1216
    store i64 2397, i64* @RDI_2296_55762dd8a1c8, align 8, !tbaa !1216      !! SMC에서는 RDI 가 중요함.. !!
    %111 = call fastcc %struct.Memory* @ext_201050_memcpy(%struct.Memory* %42)
    ....
    store i64 %127, i64* @RSI_2280_55762dd8a1c8, align 8, !tbaa !1216
    store i64 2397, i64* @RDI_2296_55762dd8a1c8, align 8, !tbaa !1216
    %130 = call fastcc %struct.Memory* @ext_201050_memcpy(%struct.Memory* %111)
	================================================================================
	SMC1.c
	================================================================================
	C언어.
	memcpy(ptr_key, instr10, 4);
	Binary.
	801: 48 8d 05 4d 00 00 00 lea 0x4d(%rip),%rax # 855 <main+0x6b>
	808: 48 89 45 e8 mov %rax,-0x18(%rbp)
	....
	85c: 48 8b 45 e8 mov -0x18(%rbp),%rax
	860: 89 10 mov %edx,(%rax)
	LL파일.
	%1 = load i64, i64* @RSP_2312_5613298471c8, align 8, !tbaa !1220
	%10 = add i64 %1, -32
	%11 = inttoptr i64 %10 to i64*
	store i64 2133, i64* %11, align 8
	....
	%15 = load i64, i64* @RBP_2328_5613298471c8, align 8
	%18 = add i64 %15, -24
	%19 = inttoptr i64 %18 to i32**
	%98 = load i32, i32* %19, align 8
	store i32 %97, i32* %98, align 4
	검출과정.
	%11 -> %10 -> %1 => function_name!stack!-24
	2133 ∈ [[function_name!stack!-24]]
	....
	%19 -> %18 -> %15 => function_name!stack!-24
	%98 => %19 And 2133 is !code!
	STACK 에 저장
	load -> add -> inttoptr -> store
	SMC
	load -> add -> inttoptr -> load -> store

	================================================================================
	SMC3.c
	================================================================================
	C언어.
	ptr_gen_reg9 = (unsigned char*)main + GEN_OFFSET;
	ptr_tpl_reg11 = (unsigned char*)main + TPL_OFFSET;
	....복잡함.
	Binary.
	7dc: 48 8d 05 7a 01 00 00 lea 0x17a(%rip),%rax # 95d <main+0x1e3>
	7e3: 48 89 45 c0 mov %rax,-0x40(%rbp)

	7e7: 48 8d 05 5a 01 00 00 lea 0x15a(%rip),%rax # 948 <main+0x1ce>
	7ee: 48 89 45 c8 mov %rax,-0x38(%rbp)

	80e: 48 8b 55 c0 mov -0x40(%rbp),%rdx
	812: 48 01 ca add %rcx,%rdx
	815: 0f b6 00 movzbl (%rax),%eax
	818: 88 02 mov %al,(%rdx)

	85d: 48 8b 55 c0 mov -0x40(%rbp),%rdx
	861: 48 01 ca add %rcx,%rdx
	864: 0f b6 00 movzbl (%rax),%eax
	867: 88 02 mov %al,(%rdx)

	888: 48 8b 45 c0 mov -0x40(%rbp),%rax
	88c: 48 83 c0 02 add $0x2,%rax
	890: 01 ca add %ecx,%edx
	892: 88 10 mov %dl,(%rax)

	8a9: 48 8b 45 c0 mov -0x40(%rbp),%rax
	8ad: 48 83 c0 05 add $0x5,%rax
	8b1: 01 ca add %ecx,%edx
	8b3: 88 10 mov %dl,(%rax)

	8ec: 48 8b 55 c0 mov -0x40(%rbp),%rdx
	8f0: 48 01 ca add %rcx,%rdx
	8f3: 0f b6 00 movzbl (%rax),%eax
	8f6: 88 02 mov %al,(%rdx)

	904: 48 8b 45 c0 mov -0x40(%rbp),%rax
	908: 48 01 d0 add %rdx,%rax
	90b: 0f b6 10 movzbl (%rax),%edx
	90e: 8b 45 b4 mov -0x4c(%rbp),%eax

	914: 48 8b 45 c0 mov -0x40(%rbp),%rax
	918: 48 01 c8 add %rcx,%rax
	91b: 83 ea 2d sub $0x2d,%edx
	91e: 88 10 mov %dl,(%rax)

	LL 파일
	%32 = add i64 %27, -64
	%33 = inttoptr i64 %32 to i64*
	store i64 2397, i64* %33, align 8

	%storemerge24 = phi i32 [ 0, %inst_77a ], [ %122, %inst_7fb ]
	%113 = sext i32 %storemerge24 to i64
	%116 = load i64, i64* %33, align 8
	%117 = add i64 %116, %113
	%120 = inttoptr i64 %117 to i8*
	store i8 %119, i8* %120, align 1

	%133 = load i64, i64* %33, align 8
	%134 = add i64 %133, 7
	store i64 %134, i64* %33, align 8

	%153 = load i64, i64* %33, align 8
	%154 = add i64 %153, %150
	%157 = inttoptr i64 %154 to i8*
	store i8 %156, i8* %157, align 1

	%170 = load i64, i64* %33, align 8
	%171 = add i64 %170, 2
	%172 = inttoptr i64 %171 to i8*
	store i8 %176, i8* %172, align 1

	%177 = load i64, i64* %33, align 8
	%178 = add i64 %177, 5
	%179 = inttoptr i64 %178 to i8*
	store i8 %188, i8* %179, align 1

	%189 = load i64, i64* %33, align 8
	%190 = add i64 %189, 12
	store i64 %190, i64* %33, align 8

	%197 = load i64, i64* %33, align 8
	%198 = add i64 %197, %196
	%199 = inttoptr i64 %198 to i8*
	store i8 %204, i8* %199, align 1

	================================================================================
	SMC4.c
	================================================================================
	C언어.
	ptr_reg4 = (unsigned char*)main + GGEN;
	ptr_reg9 = (unsigned char*)main + START;
	....
	해석이 잘 안됨..
	Binary.
	82d: 48 8d 05 d9 00 00 00 lea 0xd9(%rip),%rax # 90d <main+0x103>
	834: 48 89 45 b0 mov %rax,-0x50(%rbp)
	....
	887: 48 8b 45 b0 mov -0x50(%rbp),%rax
	88b: 48 01 c2 add %rax,%rdx
	88e: 8b 45 a8 mov -0x58(%rbp),%eax
	....
	8c1: 48 8b 45 b0 mov -0x50(%rbp),%rax
	8c5: 48 01 c2 add %rax,%rdx
	8c8: 8b 45 a8 mov -0x58(%rbp),%eax
	....
	8e9: 48 8d 05 31 ff ff ff lea -0xcf(%rip),%rax # 821 <main+0x17>
	8f0: 48 89 45 b0 mov %rax,-0x50(%rbp)
	....
	등등..
	LL파일.
	%14 = add i64 %13, -80
	%15 = inttoptr i64 %14 to i64*
	store i64 2317, i64* %15, align 8
	....
	%66 = load i64, i64* %15, align 8
	%67 = add i64 %66, %65
	%71 = inttoptr i64 %67 to i8*
	store i8 %70, i8* %71, align 1
	STACK 에 저장
	load -> add -> inttoptr -> store
	SMC
	load(포인터) -> add (변수, 변수)-> inttoptr -> store
	변수에 대한 분석이 필요로함(그래서 지금 수준에서는 분석 안됨)

	================================================================================
	SMC5.c
	================================================================================
	C언어.
	ptr_h = (unsigned char*)main + OFFSET_H;
	ptr_g = (unsigned char*)main + OFFSET_G;
	....
	for(i=0; i < SIZE_G; i++) ptr_g[i] = instr10[i];
	....
	for (i=0; i < SIZE_H; i++) ptr_g[i] = instr9[i];
	....
	for (i=0; i< SIZE_H; i++) ptr_h[i] = instr11[i];
	....
	ptr_g[21] = ptr_g[21] + BEFORE_INST;

	Binary.
	7aa: 48 8d 05 57 01 00 00 lea 0x157(%rip),%rax # 908 <main+0x18e>
	7b1: 48 89 05 70 08 20 00 mov %rax,0x200870(%rip) # 201028 <ptr_h>
	7b8: 48 8d 05 12 01 00 00 lea 0x112(%rip),%rax # 8d1 <main+0x157>
	7bf: 48 89 05 5a 08 20 00 mov %rax,0x20085a(%rip) # 201020 <ptr_g>
	....

	863: 48 8b 0d b6 07 20 00 mov 0x2007b6(%rip),%rcx # 201020 <ptr_g>
	86a: 8b 85 38 ff ff ff mov -0xc8(%rbp),%eax
	870: 48 98 cltq
	872: 48 01 c8 add %rcx,%rax
	875: 88 10 mov %dl,(%rax)

	8e3: 48 8b 0d 36 07 20 00 mov 0x200736(%rip),%rcx # 201020 <ptr_g>
	8ea: 8b 85 38 ff ff ff mov -0xc8(%rbp),%eax
	8f0: 48 98 cltq
	8f2: 48 01 c8 add %rcx,%rax
	8f5: 88 10 mov %dl,(%rax)

	957: 48 8b 0d ca 06 20 00 mov 0x2006ca(%rip),%rcx # 201028 <ptr_h>
	95e: 8b 85 38 ff ff ff mov -0xc8(%rbp),%eax
	964: 48 98 cltq
	966: 48 01 c8 add %rcx,%rax
	969: 88 10 mov %dl,(%rax)

	9a2: 48 8b 05 77 06 20 00 mov 0x200677(%rip),%rax # 201020 <ptr_g>
	9a9: 48 83 c0 15 add $0x15,%rax
	9ad: 83 ea 08 sub $0x8,%edx
	9b0: 88 10 mov %dl,(%rax)

	LL파일.
	store i64 2312, i64* bitcast (i8* @data_201028 to i64*), align 8
	store i64 2257, i64* bitcast (i8* @data_201020 to i64*), align 32

	%98 = load i64, i64* bitcast (i8* @data_201020 to i64*), align 32
	%99 = add i64 %98, %93
	%100 = inttoptr i64 %99 to i8*
	store i8 %96, i8* %100, align 1

	%138 = load i64, i64* bitcast (i8* @data_201020 to i64*), align 32
	%139 = add i64 %138, %133
	%140 = inttoptr i64 %139 to i8*
	store i8 %136, i8* %140, align 1

	%163 = load i64, i64* bitcast (i8* @data_201028 to i64*), align 8
	%164 = add i64 %163, %158
	%165 = inttoptr i64 %164 to i8*
	store i8 %161, i8* %165, align 1

	%173 = load i64, i64* bitcast (i8* @data_201020 to i64*), align 32
	%174 = add i64 %173, 21
	%175 = inttoptr i64 %174 to i8*
	store i8 %180, i8* %175, align 1








	비고.
	전역변수를 사용한 경우가 나타남....
	복잡함.
	zext 도 나타나고 어려움.(코드가 복잡함)

	================================================================================
	SMC6.c
	================================================================================
	C언어.
	ptr_main = (unsigned char*)main + 194; // 182
	ptr_alter = (unsigned char*)main + 288; // 273
	....
	for(i=0; i<SIZE_ALTER; i++) ptr_alter[i] = instr8[i];
	for(i=0; i<SIZE_MAIN; i++) ptr_main[i] = instr9[i];
	Binary.
	778: 48 8d 05 7d 00 00 00 lea 0x7d(%rip),%rax # 7fc <main+0xc2>
	77f: 48 89 85 60 ff ff ff mov %rax,-0xa0(%rbp)
	786: 48 8d 05 cd 00 00 00 lea 0xcd(%rip),%rax # 85a <main+0x120>
	78d: 48 89 85 68 ff ff ff mov %rax,-0x98(%rbp)
	....
	83d: 48 8b 85 68 ff ff ff mov -0x98(%rbp),%rax
	844: 48 01 c8 add %rcx,%rax
	847: 88 10 mov %dl,(%rax)
	....
	8e9: 48 8b 85 60 ff ff ff mov -0xa0(%rbp),%rax
	8f0: 48 01 c8 add %rcx,%rax
	8f3: 88 10 mov %dl,(%rax)
	LL파일.
	%13 = load i64, i64* @RBP_2328_55c4db8f11c8, align 8
	%18 = add i64 %13, -160
	%19 = inttoptr i64 %18 to i64*
	store i64 2044, i64* %19, align 8
	%20 = add i64 %13, -152
	%21 = inttoptr i64 %20 to i64*
	store i64 2138, i64* %21, align 8
	....
	%135 = load i64, i64* %19, align 8
	%136 = add i64 %135, %131
	%137 = inttoptr i64 %136 to i8*
	store i8 %134, i8* %137, align 1
	....
	%82 = load i64, i64* %21, align 8
	%83 = add i64 %82, %78
	%84 = inttoptr i64 %83 to i8*
	store i8 %81, i8* %84, align 1
	STACK 에 저장
	load -> add -> inttoptr -> store
	SMC
	load(포인터) -> add (변수, 변수)-> inttoptr -> store

	================================================================================
	SMC7.c
	================================================================================
	C언어.
	ptr_new = (unsigned char*) main + NEW;
	....
	for(i=0; i<SIZE_LOOP; i++)
	(ptr_new + offset)[i] = ptr_loop[i];
	Binary.
	770: 48 8d 05 43 00 00 00 lea 0x43(%rip),%rax # 7ba <main+0x70>
	777: 48 89 45 f8 mov %rax,-0x8(%rbp)
	....
	7a0: 48 8b 55 f8 mov -0x8(%rbp),%rdx
	7a4: 48 01 ca add %rcx,%rdx
	7a7: 0f b6 00 movzbl (%rax),%eax
	7aa: 88 02 mov %al,(%rdx)
	LL파일.
	%31 = load i64, i64* @RBP_2328_56426cb411c8, align 8
	%36 = add i64 %31, -8
	%37 = inttoptr i64 %36 to i64*
	store i64 1978, i64* %37, align 8
	....
	%46 = load i64, i64* %37, align 8
	%47 = add i64 %45, %46
	%50 = inttoptr i64 %47 to i8*
	store i8 %49, i8* %50, align 1
	STACK 에 저장
	load -> add -> inttoptr -> store
	SMC
	load(포인터) -> add (변수, 변수)-> inttoptr -> store

	================================================================================
	SMC8.c
	================================================================================

	C언어.
	ptr_body_reg10 = (unsigned char*)main + BODY;
	....
	for (i = 0; i < SIZE_OF_ADD; i++) (ptr_body_reg10 + OFFSET_12)[i] = reg9[i]; // SIZE 68
	for(i = 0; i < SIZE_OF_ADD; i++) (ptr_body_reg10 + OFFSET_16)[i] = reg8[i]; // SIZE 71
	for(i = 0; i < SIZE_OF_SW; i++) (ptr_body_reg10 + OFFSET_20)[i] = reg9[i]; // SIZE 68
	for(i = 0; i < SIZE_OF_SW; i++) (ptr_body_reg10 + OFFSET_8)[i] = reg8[i]; // SIZE 71
	Binary.
	76a: 48 8d 05 07 00 00 00 lea 0x7(%rip),%rax # 778 <main+0x3e>
	771: 48 89 85 48 ff ff ff mov %rax,-0xb8(%rbp)
	....
	817: 48 8d 90 d9 00 00 00 lea 0xd9(%rax),%rdx
	81e: 48 8b 85 48 ff ff ff mov -0xb8(%rbp),%rax
	825: 48 01 c2 add %rax,%rdx
	828: 8b 85 40 ff ff ff mov -0xc0(%rbp),%eax
	82e: 48 98 cltq
	830: 0f b6 44 05 a0 movzbl -0x60(%rbp,%rax,1),%eax
	835: 88 02 mov %al,(%rdx)
	....
	90c: 48 8b 85 48 ff ff ff mov -0xb8(%rbp),%rax
	913: 48 01 d0 add %rdx,%rax
	916: 0f b6 10 movzbl (%rax),%edx
	919: 8b 85 40 ff ff ff mov -0xc0(%rbp),%eax
	91f: 48 98 cltq
	921: 88 94 05 50 ff ff ff mov %dl,-0xb0(%rbp,%rax,1)
	....
	953: 48 8b 85 48 ff ff ff mov -0xb8(%rbp),%rax
	95a: 48 01 c2 add %rax,%rdx
	95d: 8b 85 40 ff ff ff mov -0xc0(%rbp),%eax
	963: 48 98 cltq
	965: 0f b6 44 05 a0 movzbl -0x60(%rbp,%rax,1),%eax
	96a: 88 02 mov %al,(%rdx)
	....
	997: 48 8b 85 48 ff ff ff mov -0xb8(%rbp),%rax
	99e: 48 01 c2 add %rax,%rdx
	9a1: 8b 85 40 ff ff ff mov -0xc0(%rbp),%eax
	9a7: 48 98 cltq
	9a9: 0f b6 84 05 50 ff ff movzbl -0xb0(%rbp,%rax,1),%eax
	9b0: ff
	9b1: 88 02 mov %al,(%rdx)
	LL파일.
	%13 = load i64, i64* @RBP_2328_56295d8dd1c8, align 8
	%16 = add i64 %13, -184
	%17 = inttoptr i64 %16 to i64*
	store i64 1912, i64* %17, align 8
	....
	%72 = load i64, i64* %17, align 8
	%73 = add i64 %71, %72
	%74 = add i64 %22, %70
	%75 = inttoptr i64 %74 to i8*
	%76 = load i8, i8* %75, align 1
	%77 = inttoptr i64 %73 to i8*
	store i8 %76, i8* %77, align 1
	....
	%94 = load i64, i64* %17, align 8
	%95 = add i64 %93, %94
	%96 = add i64 %25, %92
	%97 = inttoptr i64 %96 to i8*
	%98 = load i8, i8* %97, align 1
	%99 = inttoptr i64 %95 to i8*
	store i8 %98, i8* %99, align 1
	....
	%116 = load i64, i64* %17, align 8
	%117 = add i64 %115, %116
	%118 = inttoptr i64 %117 to i8*
	%119 = load i8, i8* %118, align 1
	%120 = add i64 %26, %114
	%121 = inttoptr i64 %120 to i8*
	store i8 %119, i8* %121, align 1
	....
	%136 = load i64, i64* %17, align 8
	%137 = add i64 %135, %136
	%138 = inttoptr i64 %137 to i8*
	%139 = load i8, i8* %138, align 1
	%140 = add i64 %27, %134
	%141 = inttoptr i64 %140 to i8*
	store i8 %139, i8* %141, align 1
	STACK 에 저장
	load -> add -> inttoptr -> store
	SMC
	load(포인터) -> add (변수, 변수)-> inttoptr -> store

	================================================================================
	SMC9.c
	================================================================================
	이건 Pattern 1.2 으로 검출이 되지 않음.
	C언어.
	unsigned char foo_code = (unsigned char )malloc(sizeof(unsigned char) * 55);
	memcpy(foo_code, foo, 55);
	....
	memcpy(foo, foo_code, 55);
	....
	memcpy(foo, foo_code, 55);
	Binary.
	893: e8 98 fe ff ff callq 730 <malloc@plt>
	898: 48 89 45 f8 mov %rax,-0x8(%rbp)
	....
	89c: 48 8b 45 f8 mov -0x8(%rbp),%rax
	8a0: ba 37 00 00 00 mov $0x37,%edx
	8a5: 48 8d 35 b1 00 00 00 lea 0xb1(%rip),%rsi # 95d <foo>
	8ac: 48 89 c7 mov %rax,%rdi
	8af: e8 6c fe ff ff callq 720 <memcpy@plt>
	....
	8e8: 48 8b 45 f8 mov -0x8(%rbp),%rax
	8ec: ba 37 00 00 00 mov $0x37,%edx
	8f1: 48 89 c6 mov %rax,%rsi
	8f4: 48 8d 3d 62 00 00 00 lea 0x62(%rip),%rdi # 95d <foo>
	8fb: e8 20 fe ff ff callq 720 <memcpy@plt>
	....
	934: 48 8b 45 f8 mov -0x8(%rbp),%rax
	938: ba 37 00 00 00 mov $0x37,%edx
	93d: 48 89 c6 mov %rax,%rsi
	940: 48 8d 3d 16 00 00 00 lea 0x16(%rip),%rdi # 95d <foo>
	947: e8 d4 fd ff ff callq 720 <memcpy@plt>
	LL파일.
	%34 = call fastcc %struct.Memory* @ext_201058_malloc(%struct.Memory* %30)
	%35 = load i64, i64* @RBP_2328_55762dd8a1c8, align 8
	%36 = add i64 %35, -8
	%37 = load i64, i64* @RAX_2216_55762dd8a1c8, align 8
	%38 = inttoptr i64 %36 to i64*
	store i64 %37, i64* %38, align 8
	....
	%37 = load i64, i64* @RAX_2216_55762dd8a1c8, align 8 !! 주의 !!
	store i64 2397, i64* @RSI_2280_55762dd8a1c8, align 8, !tbaa !1216
	store i64 %37, i64* @RDI_2296_55762dd8a1c8, align 8, !tbaa !1216
	%42 = call fastcc %struct.Memory* @ext_201050_memcpy(%struct.Memory* %34)
	....
	store i64 %108, i64* @RSI_2280_55762dd8a1c8, align 8, !tbaa !1216
	store i64 2397, i64* @RDI_2296_55762dd8a1c8, align 8, !tbaa !1216 !! SMC에서는 RDI 가 중요함.. !!
	%111 = call fastcc %struct.Memory* @ext_201050_memcpy(%struct.Memory* %42)
	....
	store i64 %127, i64* @RSI_2280_55762dd8a1c8, align 8, !tbaa !1216
	store i64 2397, i64* @RDI_2296_55762dd8a1c8, align 8, !tbaa !1216
	%130 = call fastcc %struct.Memory* @ext_201050_memcpy(%struct.Memory* %111)