diff options
author | Cyrille Bagard <nocbos@gmail.com> | 2018-06-17 16:11:45 (GMT) |
---|---|---|
committer | Cyrille Bagard <nocbos@gmail.com> | 2018-06-17 16:11:45 (GMT) |
commit | 378be1ab322dce8e8377d692829d6877758e5960 (patch) | |
tree | 17dc518687a45649caa68304cc2a5750a0a50554 /plugins/lnxsyscalls/core.c | |
parent | 1f7e9506775f66a3a5f2859779d33b914eee8ef4 (diff) |
Annotated linux kernel syscalls using a new plugin.
Diffstat (limited to 'plugins/lnxsyscalls/core.c')
-rw-r--r-- | plugins/lnxsyscalls/core.c | 168 |
1 files changed, 168 insertions, 0 deletions
diff --git a/plugins/lnxsyscalls/core.c b/plugins/lnxsyscalls/core.c new file mode 100644 index 0000000..f28e776 --- /dev/null +++ b/plugins/lnxsyscalls/core.c @@ -0,0 +1,168 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * core.c - greffon détaillant les appels système + * + * Copyright (C) 2018 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "core.h" + + +#include <i18n.h> + + +#include <core/global.h> +#include <core/nproc.h> + + +#include "db.h" +#include "hops_armv7.h" +#include "hunter.h" + + + +DEFINE_CHRYSALIDE_PLUGIN("Linux System Calls", "Describes each Linux system call with its arguments", \ + "0.1.0", EMPTY_PG_LIST(.required), AL(PGA_PLUGIN_INIT, PGA_DISASSEMBLY_ENDED)); + + + +/****************************************************************************** +* * +* Paramètres : plugin = greffon à manipuler. * +* * +* Description : Prend acte du chargement du greffon. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +G_MODULE_EXPORT bool chrysalide_plugin_init(GPluginModule *plugin) +{ + bool result; /* Bilan à retourner */ + sqlite3 *db; /* Base de données présente */ + + db = open_syscalls_database(plugin); + + if (db != NULL) + { + introduce_syscalls_database(db, plugin); + + close_syscalls_database(db); + + result = true; + + } + + else + result = false; + + return result; + +} + +/****************************************************************************** +* * +* Paramètres : plugin = greffon à manipuler. * +* action = type d'action attendue. * +* binary = binaire dont le contenu est en cours de traitement.* +* status = barre de statut à tenir informée. * +* context = contexte de désassemblage. * +* * +* Description : Exécute une action pendant un désassemblage de binaire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +G_MODULE_EXPORT void process_binary_disassembly(const GPluginModule *plugin, PluginAction action, GLoadedBinary *binary, GtkStatusStack *status, GProcContext *context) +{ + GBinFormat *format; /* Format du binaire chargé */ + const char *arch; /* Architecture d'exécution */ + const hunting_ops *hops; /* Opérations particulières */ + size_t sym_count; /* Nombre de ces symboles */ + guint runs_count; /* Qté d'exécutions parallèles */ + size_t run_size; /* Volume réparti par exécution*/ + activity_id_t id; /* Identifiant de progression */ + GWorkQueue *queue; /* Gestionnaire de différés */ + wgroup_id_t gid; /* Identifiant pour les tâches */ + guint i; /* Boucle de parcours */ + size_t begin; /* Début de bloc de traitement */ + size_t end; /* Fin d'un bloc de traitement */ + GGateHunter *hunter; /* Tâche d'étude à programmer */ + + format = G_BIN_FORMAT(g_loaded_binary_get_format(binary)); + + arch = g_exe_format_get_target_machine(G_EXE_FORMAT(format)); + + if (strcmp(arch, "armv7") == 0) + hops = get_armv7_hunting_ops(); + + else + { + g_plugin_module_log_variadic_message(plugin, LMT_WARNING, + _("No suitable backend to track syscalls!")); + goto pbd_exit; + } + + g_binary_format_lock_symbols_rd(format); + + sym_count = g_binary_format_count_symbols(format); + + runs_count = get_max_online_threads(); + + run_size = sym_count / runs_count; + + id = gtk_status_stack_add_activity(status, _("Looking for Linux syscalls..."), sym_count); + + queue = get_work_queue(); + + gid = g_work_queue_define_work_group(queue); + + for (i = 0; i < runs_count; i++) + { + begin = i * run_size; + + if ((i + 1) == runs_count) + end = sym_count; + else + end = begin + run_size; + + hunter = g_gate_hunter_new(plugin, binary, context, begin, end, id, hops); + + g_work_queue_schedule_work(queue, G_DELAYED_WORK(hunter), gid); + + } + + g_work_queue_wait_for_completion(queue, gid); + + g_work_queue_delete_work_group(queue, gid); + + gtk_status_stack_remove_activity(status, id); + + g_binary_format_unlock_symbols_rd(format); + + pbd_exit: + + g_object_unref(G_OBJECT(format)); + +} |