summaryrefslogtreecommitdiff
path: root/plugins
diff options
context:
space:
mode:
authorCyrille Bagard <nocbos@gmail.com>2020-03-01 22:54:45 (GMT)
committerCyrille Bagard <nocbos@gmail.com>2020-03-01 22:54:45 (GMT)
commit0c638aecff9482b93621d77279ac77a8788584e9 (patch)
treec207e648c9d8f8429a29ba1c364fb2293dd4274b /plugins
parenteb68c77804d9b85bc9b3c5a87ba3f64dd83afce1 (diff)
Given some priority to Elf PLT entries during the disassembly process.
Diffstat (limited to 'plugins')
-rw-r--r--plugins/arm/v7/context.c1
-rw-r--r--plugins/elf/symbols.c37
-rw-r--r--plugins/mobicore/symbols.c4
-rw-r--r--plugins/pychrysalide/arch/constants.c42
-rw-r--r--plugins/pychrysalide/arch/constants.h3
-rw-r--r--plugins/pychrysalide/arch/context.c4
-rw-r--r--plugins/pychrysalide/format/format.c6
7 files changed, 77 insertions, 20 deletions
diff --git a/plugins/arm/v7/context.c b/plugins/arm/v7/context.c
index ed9cf2f..f028f05 100644
--- a/plugins/arm/v7/context.c
+++ b/plugins/arm/v7/context.c
@@ -216,6 +216,7 @@ static void g_armv7_context_push_drop_point(GArmV7Context *ctx, DisassPriorityLe
switch (level)
{
case DPL_ENTRY_POINT:
+ case DPL_FORMAT_POINT:
case DPL_SYMBOL:
if (addr & 0x1)
diff --git a/plugins/elf/symbols.c b/plugins/elf/symbols.c
index 2a164a0..004ac6a 100644
--- a/plugins/elf/symbols.c
+++ b/plugins/elf/symbols.c
@@ -109,10 +109,10 @@ static bool load_imported_elf_symbols(GElfFormat *, wgroup_id_t, GtkStatusStack
/* Enregistre un point d'entrée au sein d'un binaire ELF. */
-static bool register_elf_entry_point(GElfFormat *, virt_t, GBinRoutine *);
+static bool register_elf_entry_point(GElfFormat *, virt_t, GBinRoutine *, DisassPriorityLevel);
/* Désigne tous les points d'entrée par une étiquette dédiée. */
-static bool load_elf_entry_points_from_array(GElfFormat *, const elf_dyn *, const elf_dyn *, const char *);
+static bool load_elf_entry_points_from_array(GElfFormat *, const elf_dyn *, const elf_dyn *, const char *, DisassPriorityLevel);
/* Enumère tous les points d'entrée principaux d'un binaire ELF. */
static bool load_all_elf_basic_entry_points(GElfFormat *, GtkStatusStack *);
@@ -295,7 +295,7 @@ static bool do_elf_symbol_loading(GElfLoading *loading, GElfFormat *format, bool
/* Comptabilisation pour le désassemblage brut */
- g_binary_format_register_code_point(base, original_virt, false);
+ g_binary_format_register_code_point(base, original_virt, DPL_SYMBOL);
break;
@@ -982,6 +982,10 @@ static GBinSymbol *do_elf_relocation_convert(GElfLoading *loading, GElfFormat *f
g_binary_symbol_set_status(result, SSS_IMPORTED);
+ /* Comptabilisation pour le désassemblage brut */
+
+ g_binary_format_register_code_point(G_BIN_FORMAT(format), start.virtual, DPL_FORMAT_POINT);
+
exit:
return result;
@@ -1165,6 +1169,7 @@ static bool load_imported_elf_symbols(GElfFormat *format, wgroup_id_t gid, GtkSt
* Paramètres : format = description de l'exécutable à compléter. *
* vaddr = adresse virtuelle du symbole à insérer. *
* routine = représentation de la fonction repérée. *
+* level = indication de priorité et d'origine de l'adresse. *
* *
* Description : Enregistre un point d'entrée au sein d'un binaire ELF. *
* *
@@ -1174,7 +1179,7 @@ static bool load_imported_elf_symbols(GElfFormat *format, wgroup_id_t gid, GtkSt
* *
******************************************************************************/
-static bool register_elf_entry_point(GElfFormat *format, virt_t vaddr, GBinRoutine *routine)
+static bool register_elf_entry_point(GElfFormat *format, virt_t vaddr, GBinRoutine *routine, DisassPriorityLevel level)
{
bool result; /* Bilan à renvoyer */
virt_t final_vaddr; /* Adresse virtuelle retenue */
@@ -1226,7 +1231,7 @@ static bool register_elf_entry_point(GElfFormat *format, virt_t vaddr, GBinRouti
g_object_unref(G_OBJECT(symbol));
/* Comptabilisation pour le désassemblage brut */
- g_binary_format_register_code_point(base, vaddr, true);
+ g_binary_format_register_code_point(base, vaddr, level);
exit:
@@ -1241,6 +1246,7 @@ static bool register_elf_entry_point(GElfFormat *format, virt_t vaddr, GBinRouti
* array = indications quant au tableau à charger. *
* size = indications quant à la taille de ce tableau. *
* prefix = désignation de base des éléments du tableau. *
+* level = indication de priorité et d'origine de l'adresse. *
* *
* Description : Désigne tous les points d'entrée par une étiquette dédiée. *
* *
@@ -1250,7 +1256,7 @@ static bool register_elf_entry_point(GElfFormat *format, virt_t vaddr, GBinRouti
* *
******************************************************************************/
-static bool load_elf_entry_points_from_array(GElfFormat *format, const elf_dyn *array, const elf_dyn *size, const char *prefix)
+static bool load_elf_entry_points_from_array(GElfFormat *format, const elf_dyn *array, const elf_dyn *size, const char *prefix, DisassPriorityLevel level)
{
bool result; /* Bilan à renvoyer */
GBinFormat *base; /* Autre version du format */
@@ -1313,7 +1319,7 @@ static bool load_elf_entry_points_from_array(GElfFormat *format, const elf_dyn *
snprintf(fullname, sizeof(fullname), "%s%u", prefix, i);
routine = g_binary_format_decode_routine(base, fullname);
- result = register_elf_entry_point(format, ep, routine);
+ result = register_elf_entry_point(format, ep, routine, level);
}
@@ -1363,7 +1369,7 @@ static bool load_all_elf_basic_entry_points(GElfFormat *format, GtkStatusStack *
if (ep != 0x0)
{
routine = g_binary_format_decode_routine(base, "entry_point");
- result = register_elf_entry_point(format, ep, routine);
+ result = register_elf_entry_point(format, ep, routine, DPL_ENTRY_POINT);
if (!result) goto exit;
}
@@ -1381,7 +1387,7 @@ static bool load_all_elf_basic_entry_points(GElfFormat *format, GtkStatusStack *
if (ep != 0x0)
{
routine = g_binary_format_decode_routine(base, "init_function");
- result = register_elf_entry_point(format, ep, routine);
+ result = register_elf_entry_point(format, ep, routine, DPL_ENTRY_POINT);
if (!result) goto exit;
}
@@ -1394,7 +1400,7 @@ static bool load_all_elf_basic_entry_points(GElfFormat *format, GtkStatusStack *
if (ep != 0x0)
{
routine = g_binary_format_decode_routine(base, "termination_function");
- result = register_elf_entry_point(format, ep, routine);
+ result = register_elf_entry_point(format, ep, routine, DPL_FORMAT_POINT);
if (!result) goto exit;
}
@@ -1404,7 +1410,8 @@ static bool load_all_elf_basic_entry_points(GElfFormat *format, GtkStatusStack *
{
if (_find_elf_dynamic_item_by_type(format, &dynamic, DT_INIT_ARRAYSZ, &item_b))
{
- result = load_elf_entry_points_from_array(format, &item_a, &item_b, "init_array_function_");
+ result = load_elf_entry_points_from_array(format, &item_a, &item_b,
+ "init_array_function_", DPL_ENTRY_POINT);
if (!result) goto exit;
}
@@ -1414,7 +1421,8 @@ static bool load_all_elf_basic_entry_points(GElfFormat *format, GtkStatusStack *
{
if (_find_elf_dynamic_item_by_type(format, &dynamic, DT_FINI_ARRAYSZ, &item_b))
{
- result = load_elf_entry_points_from_array(format, &item_a, &item_b, "fini_array_function_");
+ result = load_elf_entry_points_from_array(format, &item_a, &item_b,
+ "fini_array_function_", DPL_FORMAT_POINT);
if (!result) goto exit;
}
@@ -1424,7 +1432,8 @@ static bool load_all_elf_basic_entry_points(GElfFormat *format, GtkStatusStack *
{
if (_find_elf_dynamic_item_by_type(format, &dynamic, DT_PREINIT_ARRAYSZ, &item_b))
{
- result = load_elf_entry_points_from_array(format, &item_a, &item_b, "preinit_array_function_");
+ result = load_elf_entry_points_from_array(format, &item_a, &item_b,
+ "preinit_array_function_", DPL_ENTRY_POINT);
if (!result) goto exit;
}
@@ -1437,7 +1446,7 @@ static bool load_all_elf_basic_entry_points(GElfFormat *format, GtkStatusStack *
if (ep != 0x0)
{
routine = g_binary_format_decode_routine(base, "plt_entry");
- result = register_elf_entry_point(format, ep, routine);
+ result = register_elf_entry_point(format, ep, routine, DPL_FORMAT_POINT);
}
}
diff --git a/plugins/mobicore/symbols.c b/plugins/mobicore/symbols.c
index a0425ee..2523cbc 100644
--- a/plugins/mobicore/symbols.c
+++ b/plugins/mobicore/symbols.c
@@ -68,9 +68,7 @@ static void register_mclf_entry_point(GMCLFFormat *format, virt_t vaddr, phys_t
/* Comptabilisation pour le désassemblage brut */
- base->entry_points = (virt_t *)realloc(base->entry_points, ++base->ep_count * sizeof(virt_t));
-
- base->entry_points[base->ep_count - 1] = vaddr;
+ g_binary_format_register_code_point(base, vaddr, DPL_ENTRY_POINT);
/* Comptabilisation en tant que symbole */
diff --git a/plugins/pychrysalide/arch/constants.c b/plugins/pychrysalide/arch/constants.c
index b7dd8a1..f738ec3 100644
--- a/plugins/pychrysalide/arch/constants.c
+++ b/plugins/pychrysalide/arch/constants.c
@@ -150,3 +150,45 @@ bool define_arch_vmpa_constants(PyTypeObject *type)
return result;
}
+
+
+/******************************************************************************
+* *
+* Paramètres : type = type dont le dictionnaire est à compléter. *
+* *
+* Description : Définit les constantes relatives aux contextes. *
+* *
+* Retour : true en cas de succès de l'opération, false sinon. *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+bool define_proc_context_constants(PyTypeObject *type)
+{
+ bool result; /* Bilan à retourner */
+ PyObject *values; /* Groupe de valeurs à établir */
+
+ values = PyDict_New();
+
+ result = add_const_to_group(values, "ENTRY_POINT", DPL_ENTRY_POINT);
+ if (result) result = add_const_to_group(values, "FORMAT_POINT", DPL_FORMAT_POINT);
+ if (result) result = add_const_to_group(values, "SYMBOL", DPL_SYMBOL);
+ if (result) result = add_const_to_group(values, "OTHER", DPL_OTHER);
+ if (result) result = add_const_to_group(values, "COUNT", DPL_COUNT);
+
+ if (!result)
+ {
+ Py_DECREF(values);
+ goto exit;
+ }
+
+ result = attach_constants_group_to_type(type, true, "DisassPriorityLevel", values,
+ "Level of priority for a given point during the" \
+ " disassembling process.");
+
+ exit:
+
+ return result;
+
+}
diff --git a/plugins/pychrysalide/arch/constants.h b/plugins/pychrysalide/arch/constants.h
index ecd6ce8..f047c56 100644
--- a/plugins/pychrysalide/arch/constants.h
+++ b/plugins/pychrysalide/arch/constants.h
@@ -37,6 +37,9 @@ bool define_arch_instruction_constants(PyTypeObject *);
/* Définit les constantes relatives aux emplacements. */
bool define_arch_vmpa_constants(PyTypeObject *);
+/* Définit les constantes relatives aux contextes. */
+bool define_proc_context_constants(PyTypeObject *);
+
#endif /* _PLUGINS_PYCHRYSALIDE_ARCH_CONSTANTS_H */
diff --git a/plugins/pychrysalide/arch/context.c b/plugins/pychrysalide/arch/context.c
index 4428075..f7c6549 100644
--- a/plugins/pychrysalide/arch/context.c
+++ b/plugins/pychrysalide/arch/context.c
@@ -32,6 +32,7 @@
#include <arch/context.h>
+#include "constants.h"
#include "../access.h"
#include "../helpers.h"
@@ -111,6 +112,9 @@ bool ensure_python_proc_context_is_registered(void)
if (!register_class_for_pygobject(dict, G_TYPE_PROC_CONTEXT, type, &PyGObject_Type))
return false;
+ if (!define_proc_context_constants(type))
+ return false;
+
}
return true;
diff --git a/plugins/pychrysalide/format/format.c b/plugins/pychrysalide/format/format.c
index 6cd706c..3709f6d 100644
--- a/plugins/pychrysalide/format/format.c
+++ b/plugins/pychrysalide/format/format.c
@@ -118,16 +118,16 @@ static bool define_python_binary_format_constants(PyTypeObject *);
static PyObject *py_binary_format_register_code_point(PyObject *self, PyObject *args)
{
unsigned long long pt; /* Adresse virtuelle du point */
- int entry; /* Nature du point fourni */
+ unsigned long level; /* Nature du point fourni */
int ret; /* Bilan de lecture des args. */
GBinFormat *format; /* Format de binaire manipulé */
- ret = PyArg_ParseTuple(args, "Kp", &pt, &entry);
+ ret = PyArg_ParseTuple(args, "Kk", &pt, &level);
if (!ret) return NULL;
format = G_BIN_FORMAT(pygobject_get(self));
- g_binary_format_register_code_point(format, pt, entry);
+ g_binary_format_register_code_point(format, pt, level);
Py_RETURN_NONE;
generated by cgit v0.11.2-87-g4458 at 2024-04-28 14:59:23 (GMT)