summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCyrille Bagard <nocbos@gmail.com>2018-06-06 16:34:00 (GMT)
committerCyrille Bagard <nocbos@gmail.com>2018-06-06 16:34:00 (GMT)
commit8827cf755762f70f0c4edb3bafe5d79b9fee0f15 (patch)
tree1417fac02b61c037f98f23a9c107f3bb4accaea7
parent4b36edf684b49eb5584f8f0c5aff3dd7aac2c834 (diff)
Hidden virtual addresses when code runs in a VM.
-rw-r--r--plugins/arm/v7/processor.c1
-rw-r--r--plugins/dalvik/processor.c1
-rw-r--r--plugins/pychrysalide/arch/processor.c52
-rw-r--r--src/analysis/binary.c2
-rw-r--r--src/arch/processor-int.h1
-rw-r--r--src/arch/processor.c19
-rw-r--r--src/arch/processor.h3
-rw-r--r--src/gui/panels/errors.c10
8 files changed, 88 insertions, 1 deletions
diff --git a/plugins/arm/v7/processor.c b/plugins/arm/v7/processor.c
index e708814..b7a73f4 100644
--- a/plugins/arm/v7/processor.c
+++ b/plugins/arm/v7/processor.c
@@ -129,6 +129,7 @@ static void g_armv7_processor_init(GArmV7Processor *proc)
parent->endianness = SRE_LITTLE;
parent->memsize = MDS_32_BITS;
parent->inssize = MDS_32_BITS;
+ parent->virt_space = true;
}
diff --git a/plugins/dalvik/processor.c b/plugins/dalvik/processor.c
index 93e66fa..8d24d5a 100644
--- a/plugins/dalvik/processor.c
+++ b/plugins/dalvik/processor.c
@@ -113,6 +113,7 @@ static void g_dalvik_processor_init(GDalvikProcessor *proc)
parent->endianness = SRE_LITTLE;
parent->memsize = MDS_32_BITS;
parent->inssize = MDS_16_BITS;
+ parent->virt_space = false;
}
diff --git a/plugins/pychrysalide/arch/processor.c b/plugins/pychrysalide/arch/processor.c
index 65431af..c2ee530 100644
--- a/plugins/pychrysalide/arch/processor.c
+++ b/plugins/pychrysalide/arch/processor.c
@@ -50,7 +50,8 @@
-
+/* Indique si l'architecture possède un espace virtuel ou non. */
+static PyObject *py_arch_processor_has_virtual_space(PyObject *, void *);
@@ -87,6 +88,51 @@ static bool define_python_arch_processor_constants(PyTypeObject *);
+
+
+
+
+
+
+
+
+
+
+/******************************************************************************
+* *
+* Paramètres : self = objet Python concerné par l'appel. *
+* closure = non utilisé ici. *
+* *
+* Description : Indique si l'architecture possède un espace virtuel ou non. *
+* *
+* Retour : True si un espace virtuel existe, False sinon. *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+static PyObject *py_arch_processor_has_virtual_space(PyObject *self, void *closure)
+{
+ PyObject *result; /* Instance Python à retourner */
+ GArchProcessor *proc; /* Architecture visée */
+ bool status; /* Bilan de consultation */
+
+ proc = G_ARCH_PROCESSOR(pygobject_get(self));
+
+ status = g_arch_processor_has_virtual_space(proc);
+
+ result = status ? Py_True : Py_False;
+ Py_INCREF(result);
+
+ return result;
+
+}
+
+
+
+
+
+
/* ---------------------------------------------------------------------------------- */
/* CONSERVATION DES SOUCIS DURANT LE CHARGEMENT */
/* ---------------------------------------------------------------------------------- */
@@ -396,6 +442,10 @@ PyTypeObject *get_python_arch_processor_type(void)
static PyGetSetDef py_arch_processor_getseters[] = {
{
+ "virtual_space", py_arch_processor_has_virtual_space, NULL,
+ "Tell if the processor provides a virtual address space.", NULL
+ },
+ {
"errors", py_arch_processor_get_errors, NULL,
"List of all detected errors which occurred during the disassembling process.", NULL
},
diff --git a/src/analysis/binary.c b/src/analysis/binary.c
index 54ad89b..498f5c4 100644
--- a/src/analysis/binary.c
+++ b/src/analysis/binary.c
@@ -1655,6 +1655,8 @@ static bool g_loaded_binary_analyze(GLoadedBinary *binary, wgroup_id_t gid, GtkS
goto glba_exit;
}
+ binary->col_display[BVW_BLOCK][BLC_VIRTUAL] = g_arch_processor_has_virtual_space(binary->proc);
+
/* Phase de désassemblage pur */
g_loaded_binary_connect_internal(binary);
diff --git a/src/arch/processor-int.h b/src/arch/processor-int.h
index cc39307..153f9ae 100644
--- a/src/arch/processor-int.h
+++ b/src/arch/processor-int.h
@@ -72,6 +72,7 @@ struct _GArchProcessor
SourceEndian endianness; /* Boutisme de l'architecture */
MemoryDataSize memsize; /* Taille de l'espace mémoire */
MemoryDataSize inssize; /* Taille min. d'encodage */
+ bool virt_space; /* Présence d'espace virtuel ? */
GArchInstruction **instructions; /* Instructions désassemblées */
size_t instr_count; /* Taille de la liste aplatie */
diff --git a/src/arch/processor.c b/src/arch/processor.c
index 92669ed..81bbd4f 100644
--- a/src/arch/processor.c
+++ b/src/arch/processor.c
@@ -320,6 +320,25 @@ MemoryDataSize g_arch_processor_get_instruction_size(const GArchProcessor *proc)
/******************************************************************************
* *
+* Paramètres : proc = processeur d'architecture à consulter. *
+* *
+* Description : Indique si l'architecture possède un espace virtuel ou non. *
+* *
+* Retour : true si un espace virtuel existe, false sinon. *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+bool g_arch_processor_has_virtual_space(const GArchProcessor *proc)
+{
+ return proc->virt_space;
+
+}
+
+
+/******************************************************************************
+* *
* Paramètres : proc = architecture visée par la procédure. *
* ctx = contexte lié à l'exécution du processeur. *
* content = flux de données à analyser. *
diff --git a/src/arch/processor.h b/src/arch/processor.h
index 31b2b69..40a610b 100644
--- a/src/arch/processor.h
+++ b/src/arch/processor.h
@@ -70,6 +70,9 @@ MemoryDataSize g_arch_processor_get_memory_size(const GArchProcessor *);
/* Fournit la taille min. des instructions d'une architecture. */
MemoryDataSize g_arch_processor_get_instruction_size(const GArchProcessor *);
+/* Indique si l'architecture possède un espace virtuel ou non. */
+bool g_arch_processor_has_virtual_space(const GArchProcessor *);
+
/* Désassemble une instruction dans un flux de données. */
GArchInstruction *g_arch_processor_disassemble(const GArchProcessor *, GProcContext *, const GBinContent *, vmpa2t *, GExeFormat *);
diff --git a/src/gui/panels/errors.c b/src/gui/panels/errors.c
index a529314..161d1ab 100644
--- a/src/gui/panels/errors.c
+++ b/src/gui/panels/errors.c
@@ -1139,6 +1139,8 @@ static void g_error_panel_conclude(GErrorPanel *panel, unsigned int uid, error_u
{
GtkBuilder *builder; /* Constructeur utilisé */
GtkTreeView *treeview; /* Arborescence graphique */
+ GArchProcessor *proc; /* Architecture du binaire */
+ GtkTreeViewColumn *virt_col; /* Colonne des espaces virtuels*/
GtkTreeModel *model; /* Source de données associée */
if (g_atomic_int_get(&G_PANEL_ITEM(panel)->switched) > 1)
@@ -1157,6 +1159,14 @@ static void g_error_panel_conclude(GErrorPanel *panel, unsigned int uid, error_u
treeview = GTK_TREE_VIEW(gtk_builder_get_object(builder, "treeview"));
+ proc = g_loaded_binary_get_processor(panel->binary);
+
+ virt_col = gtk_tree_view_get_column(treeview, 1);
+
+ gtk_tree_view_column_set_visible(virt_col, g_arch_processor_has_virtual_space(proc));
+
+ g_object_unref(G_OBJECT(proc));
+
model = GTK_TREE_MODEL(gtk_builder_get_object(builder, "filter"));
g_object_ref(G_OBJECT(model));