diff options
author | Cyrille Bagard <nocbos@gmail.com> | 2018-07-10 18:08:17 (GMT) |
---|---|---|
committer | Cyrille Bagard <nocbos@gmail.com> | 2018-07-10 18:08:17 (GMT) |
commit | eca08119377ce38232581d444f48e28e0d02692b (patch) | |
tree | 5114641c42dfe8505bc92e762ac2c67955f25327 /plugins/dalvik | |
parent | e5ca6221a35ab26d170dbdfd4ec52e010864cf99 (diff) |
Linked all used Dalvik strings with their origin.
Diffstat (limited to 'plugins/dalvik')
-rw-r--r-- | plugins/dalvik/link.c | 65 | ||||
-rw-r--r-- | plugins/dalvik/link.h | 4 | ||||
-rw-r--r-- | plugins/dalvik/v35/opdefs/const_1a.d | 6 | ||||
-rw-r--r-- | plugins/dalvik/v35/opdefs/const_1b.d | 6 |
4 files changed, 81 insertions, 0 deletions
diff --git a/plugins/dalvik/link.c b/plugins/dalvik/link.c index aaed263..c37abb8 100644 --- a/plugins/dalvik/link.c +++ b/plugins/dalvik/link.c @@ -34,8 +34,10 @@ #include <analysis/db/items/comment.h> #include <arch/target.h> #include <common/extstr.h> +#include <plugins/dex/pool.h> +#include "operands/pool.h" #include "pseudo/switch.h" @@ -63,6 +65,69 @@ typedef struct _case_comment #define COMMENT_LINE_SEP "\n" + +/****************************************************************************** +* * +* Paramètres : instr = instruction ARMv7 à traiter. * +* proc = représentation de l'architecture utilisée. * +* context = contexte associé à la phase de désassemblage. * +* format = acès aux données du binaire d'origine. * +* * +* Description : Etablit une référence entre utilisation et origine de chaîne.* +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void handle_links_for_dalvik_string(GArchInstruction *instr, GArchProcessor *proc, GProcContext *context, GExeFormat *format) +{ + GArchOperand *op; /* Opérande numérique en place */ + uint32_t index; /* Indice dans la table Dex */ + GBinSymbol *string; /* Emplacement de la chaîne */ + const mrange_t *range; /* Zone d'occupation */ + GArchInstruction *target; /* Ligne visée par la référence*/ + + g_arch_instruction_lock_operands(instr); + + assert(_g_arch_instruction_count_operands(instr) == 2); + + op = _g_arch_instruction_get_operand(instr, 1); + + g_arch_instruction_unlock_operands(instr); + + assert(G_IS_DALVIK_POOL_OPERAND(op)); + + assert(g_dalvik_pool_operand_get_pool_type(G_DALVIK_POOL_OPERAND(op)) == DPT_STRING); + + index = g_dalvik_pool_operand_get_index(G_DALVIK_POOL_OPERAND(op)); + + string = get_string_symbol_from_dex_pool(G_DEX_FORMAT(format), index); + + if (string != NULL) + { + range = g_binary_symbol_get_range(string); + + target = g_arch_processor_find_instr_by_address(proc, get_mrange_addr(range)); + + if (target != NULL) + { + g_arch_instruction_link_with(instr, target, ILT_REF); + + g_object_unref(G_OBJECT(target)); + + } + + g_object_unref(G_OBJECT(string)); + + } + + g_object_unref(G_OBJECT(op)); + +} + + /****************************************************************************** * * * Paramètres : instr = instruction ARMv7 à traiter. * diff --git a/plugins/dalvik/link.h b/plugins/dalvik/link.h index 38dfd46..3b4a91f 100644 --- a/plugins/dalvik/link.h +++ b/plugins/dalvik/link.h @@ -29,6 +29,10 @@ +/* Etablit une référence entre utilisation et origine de chaîne. */ +void handle_links_for_dalvik_string(GArchInstruction *, GArchProcessor *, GProcContext *, GExeFormat *); + + static inline void handle_dalvik_if_branch_as_link(GArchInstruction *ins, GArchProcessor *proc, GProcContext *ctx, GExeFormat *fmt) { handle_branch_as_link(ins, proc, ctx, fmt, 2); diff --git a/plugins/dalvik/v35/opdefs/const_1a.d b/plugins/dalvik/v35/opdefs/const_1a.d index 54101cd..ff01dbc 100644 --- a/plugins/dalvik/v35/opdefs/const_1a.d +++ b/plugins/dalvik/v35/opdefs/const_1a.d @@ -35,4 +35,10 @@ @format 21c | pool_string + @hooks { + + link = handle_links_for_dalvik_string + + } + } diff --git a/plugins/dalvik/v35/opdefs/const_1b.d b/plugins/dalvik/v35/opdefs/const_1b.d index 0aef637..9153206 100644 --- a/plugins/dalvik/v35/opdefs/const_1b.d +++ b/plugins/dalvik/v35/opdefs/const_1b.d @@ -35,4 +35,10 @@ @format 31c | pool_string + @hooks { + + link = handle_links_for_dalvik_string + + } + } |