I'm trying to match up call arguments with *_DEF's. My aim is to build a taint analysis engine to track (along the code) what variables are under user control (i.e. to track user input variables obtained by means of functions along the code).
For example, in the case of an fgets, the first parameter has to be marked as tainted and hereafter the engine has to propagate this information along the code. Therefore, in order to do this, I need a function that returns the *DEF variable which corresponds to a specific function argument for marking it as tainted. About global variables, I'd like to not considering them, i.e. by removing them before executing my pass and by restoring them after my pass. I'll try to use the suggestions of Diego. Thanks, Davide.
