summaryrefslogtreecommitdiff
path: root/plugins/dalvik
diff options
context:
space:
mode:
authorCyrille Bagard <nocbos@gmail.com>2018-07-10 18:08:17 (GMT)
committerCyrille Bagard <nocbos@gmail.com>2018-07-10 18:08:17 (GMT)
commiteca08119377ce38232581d444f48e28e0d02692b (patch)
tree5114641c42dfe8505bc92e762ac2c67955f25327 /plugins/dalvik
parente5ca6221a35ab26d170dbdfd4ec52e010864cf99 (diff)
Linked all used Dalvik strings with their origin.
Diffstat (limited to 'plugins/dalvik')
-rw-r--r--plugins/dalvik/link.c65
-rw-r--r--plugins/dalvik/link.h4
-rw-r--r--plugins/dalvik/v35/opdefs/const_1a.d6
-rw-r--r--plugins/dalvik/v35/opdefs/const_1b.d6
4 files changed, 81 insertions, 0 deletions
diff --git a/plugins/dalvik/link.c b/plugins/dalvik/link.c
index aaed263..c37abb8 100644
--- a/plugins/dalvik/link.c
+++ b/plugins/dalvik/link.c
@@ -34,8 +34,10 @@
#include <analysis/db/items/comment.h>
#include <arch/target.h>
#include <common/extstr.h>
+#include <plugins/dex/pool.h>
+#include "operands/pool.h"
#include "pseudo/switch.h"
@@ -63,6 +65,69 @@ typedef struct _case_comment
#define COMMENT_LINE_SEP "\n"
+
+/******************************************************************************
+* *
+* Paramètres : instr = instruction ARMv7 à traiter. *
+* proc = représentation de l'architecture utilisée. *
+* context = contexte associé à la phase de désassemblage. *
+* format = acès aux données du binaire d'origine. *
+* *
+* Description : Etablit une référence entre utilisation et origine de chaîne.*
+* *
+* Retour : - *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+void handle_links_for_dalvik_string(GArchInstruction *instr, GArchProcessor *proc, GProcContext *context, GExeFormat *format)
+{
+ GArchOperand *op; /* Opérande numérique en place */
+ uint32_t index; /* Indice dans la table Dex */
+ GBinSymbol *string; /* Emplacement de la chaîne */
+ const mrange_t *range; /* Zone d'occupation */
+ GArchInstruction *target; /* Ligne visée par la référence*/
+
+ g_arch_instruction_lock_operands(instr);
+
+ assert(_g_arch_instruction_count_operands(instr) == 2);
+
+ op = _g_arch_instruction_get_operand(instr, 1);
+
+ g_arch_instruction_unlock_operands(instr);
+
+ assert(G_IS_DALVIK_POOL_OPERAND(op));
+
+ assert(g_dalvik_pool_operand_get_pool_type(G_DALVIK_POOL_OPERAND(op)) == DPT_STRING);
+
+ index = g_dalvik_pool_operand_get_index(G_DALVIK_POOL_OPERAND(op));
+
+ string = get_string_symbol_from_dex_pool(G_DEX_FORMAT(format), index);
+
+ if (string != NULL)
+ {
+ range = g_binary_symbol_get_range(string);
+
+ target = g_arch_processor_find_instr_by_address(proc, get_mrange_addr(range));
+
+ if (target != NULL)
+ {
+ g_arch_instruction_link_with(instr, target, ILT_REF);
+
+ g_object_unref(G_OBJECT(target));
+
+ }
+
+ g_object_unref(G_OBJECT(string));
+
+ }
+
+ g_object_unref(G_OBJECT(op));
+
+}
+
+
/******************************************************************************
* *
* Paramètres : instr = instruction ARMv7 à traiter. *
diff --git a/plugins/dalvik/link.h b/plugins/dalvik/link.h
index 38dfd46..3b4a91f 100644
--- a/plugins/dalvik/link.h
+++ b/plugins/dalvik/link.h
@@ -29,6 +29,10 @@
+/* Etablit une référence entre utilisation et origine de chaîne. */
+void handle_links_for_dalvik_string(GArchInstruction *, GArchProcessor *, GProcContext *, GExeFormat *);
+
+
static inline void handle_dalvik_if_branch_as_link(GArchInstruction *ins, GArchProcessor *proc, GProcContext *ctx, GExeFormat *fmt)
{
handle_branch_as_link(ins, proc, ctx, fmt, 2);
diff --git a/plugins/dalvik/v35/opdefs/const_1a.d b/plugins/dalvik/v35/opdefs/const_1a.d
index 54101cd..ff01dbc 100644
--- a/plugins/dalvik/v35/opdefs/const_1a.d
+++ b/plugins/dalvik/v35/opdefs/const_1a.d
@@ -35,4 +35,10 @@
@format 21c | pool_string
+ @hooks {
+
+ link = handle_links_for_dalvik_string
+
+ }
+
}
diff --git a/plugins/dalvik/v35/opdefs/const_1b.d b/plugins/dalvik/v35/opdefs/const_1b.d
index 0aef637..9153206 100644
--- a/plugins/dalvik/v35/opdefs/const_1b.d
+++ b/plugins/dalvik/v35/opdefs/const_1b.d
@@ -35,4 +35,10 @@
@format 31c | pool_string
+ @hooks {
+
+ link = handle_links_for_dalvik_string
+
+ }
+
}