diff options
author | Cyrille Bagard <nocbos@gmail.com> | 2014-08-05 20:19:08 (GMT) |
---|---|---|
committer | Cyrille Bagard <nocbos@gmail.com> | 2014-08-05 20:19:08 (GMT) |
commit | 56ee4d3ecddeee05f11083fcc1595e3756b91790 (patch) | |
tree | 5ec6e5449214093280629047c36016a0de09cbeb /src/analysis/disass | |
parent | a2eb5483fe74923e488013b2d8b94ded6340499e (diff) |
Defined the first steps for a new disassembling approach.
git-svn-id: svn://svn.gna.org/svn/chrysalide/trunk@387 abbe820e-26c8-41b2-8c08-b7b2b41f8b0a
Diffstat (limited to 'src/analysis/disass')
-rw-r--r-- | src/analysis/disass/disassembler.c | 156 | ||||
-rw-r--r-- | src/analysis/disass/fetch.c | 122 | ||||
-rw-r--r-- | src/analysis/disass/fetch.h | 7 | ||||
-rw-r--r-- | src/analysis/disass/output.c | 4 |
4 files changed, 280 insertions, 9 deletions
diff --git a/src/analysis/disass/disassembler.c b/src/analysis/disass/disassembler.c index 8020e02..9344089 100644 --- a/src/analysis/disass/disassembler.c +++ b/src/analysis/disass/disassembler.c @@ -191,9 +191,149 @@ static GDelayedDisassembly *g_delayed_disassembly_new(GLoadedBinary *binary, GBi * Remarques : - * * * ******************************************************************************/ +#include "../../arch/vmpa.h" +#include <time.h> + +#include <sys/time.h> +#include <sys/resource.h> static void g_delayed_disassembly_process(GDelayedDisassembly *disass, GtkExtStatusBar *statusbar) { + + + unsigned int valid; /* Instructions traduites */ + unsigned int db; /* Instructions non décodées */ + unsigned int valid_sum; /* Instructions traduites */ + unsigned int instr_sum; /* Instructions totales */ + size_t i; /* Boucle de parcours */ + + GBinRoutine **routines; /* Liste des routines trouvées */ + size_t routines_count; /* Nombre de ces routines */ + bstatus_id_t id; /* Identifiant de statut */ + + + + vmpa2t base; + + + + clock_t begin, end; + double time_spent; + + + struct rusage usage; + unsigned long ustart; + unsigned long uend; + + + + /* Première étape */ + + id = gtk_extended_status_bar_push(statusbar, _("Disassembling..."), true); + + + init_vmpa(&base, 0, 0); + + + + begin = clock(); + + getrusage(RUSAGE_THREAD, &usage); + ustart = usage.ru_utime.tv_sec * 1000000 + usage.ru_utime.tv_usec; + ustart += usage.ru_stime.tv_sec * 1000000 + usage.ru_stime.tv_usec; + + + *disass->instrs = load_raw_binary(disass->binary, &base, 100, statusbar, id); + + /* + *disass->instrs = disassemble_binary_parts(disass->binary, disass->parts, disass->count, + statusbar, id); + */ + + + + getrusage(RUSAGE_THREAD, &usage); + uend = usage.ru_utime.tv_sec * 1000000 + usage.ru_utime.tv_usec; + uend += usage.ru_stime.tv_sec * 1000000 + usage.ru_stime.tv_usec; + + + end = clock(); + + time_spent = (double)(end - begin) / CLOCKS_PER_SEC; + + printf("[[ TIME ]] Disassembly :: %.2g (%.2g)\n", time_spent, (uend - ustart) / 1000000.0); + + + + + gtk_extended_status_bar_remove(statusbar, id); + + + run_plugins_on_binary(disass->binary, PGA_BINARY_DISASSEMBLED, true); + + + + + + + /* Septième étape */ + + id = gtk_extended_status_bar_push(statusbar, _("Printing disassembled code..."), true); + + qsort(routines, routines_count, sizeof(GBinRoutine *), (__compar_fn_t)g_binary_routine_compare); + + + begin = clock(); + + + getrusage(RUSAGE_THREAD, &usage); + ustart = usage.ru_utime.tv_sec * 1000000 + usage.ru_utime.tv_usec; + ustart += usage.ru_stime.tv_sec * 1000000 + usage.ru_stime.tv_usec; + + + print_disassembled_instructions(disass->buffer, disass->format, *disass->instrs, + routines, routines_count, statusbar, id); + + + + + + getrusage(RUSAGE_THREAD, &usage); + uend = usage.ru_utime.tv_sec * 1000000 + usage.ru_utime.tv_usec; + uend += usage.ru_stime.tv_sec * 1000000 + usage.ru_stime.tv_usec; + + + end = clock(); + + time_spent = (double)(end - begin) / CLOCKS_PER_SEC; + + printf("[[ TIME ]] Printing :: %.2g (%.2g)\n", time_spent, (uend - ustart) / 1000000.0); + + + gtk_extended_status_bar_remove(statusbar, id); + + run_plugins_on_binary(disass->binary, PGA_BINARY_PRINTED, true); + + + +} + + +/****************************************************************************** +* * +* Paramètres : disass = analyse à mener. * +* statusbar = barre de statut à tenir informée. * +* * +* Description : Assure le désassemblage en différé. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_delayed_disassembly_process_old(GDelayedDisassembly *disass, GtkExtStatusBar *statusbar) +{ #ifdef DEBUG unsigned int valid; /* Instructions traduites */ unsigned int db; /* Instructions non décodées */ @@ -339,20 +479,20 @@ static void build_disass_prologue(GCodeBuffer *buffer, const char *filename, con output = g_asm_output_new(); line = g_lang_output_start_comments(output, buffer); - if (line != NULL) g_buffer_line_start_merge_at(line, BLC_ADDRESS); + if (line != NULL) g_buffer_line_start_merge_at(line, BLC_PHYSICAL); /* Introduction */ line = g_lang_output_continue_comments(output, buffer, SL(_("Disassembly generated by Chrysalide"))); - g_buffer_line_start_merge_at(line, BLC_ADDRESS); + g_buffer_line_start_merge_at(line, BLC_PHYSICAL); line = g_lang_output_continue_comments(output, buffer, SL(_("Chrysalide is free software - © 2008-2014 Cyrille Bagard"))); - g_buffer_line_start_merge_at(line, BLC_ADDRESS); + g_buffer_line_start_merge_at(line, BLC_PHYSICAL); line = g_lang_output_continue_comments(output, buffer, NULL, 0); - g_buffer_line_start_merge_at(line, BLC_ADDRESS); + g_buffer_line_start_merge_at(line, BLC_PHYSICAL); /* Fichier */ @@ -362,7 +502,7 @@ static void build_disass_prologue(GCodeBuffer *buffer, const char *filename, con snprintf(content, len, "%s%s", _("File: "), filename); line = g_lang_output_continue_comments(output, buffer, content, len - 1); - g_buffer_line_start_merge_at(line, BLC_ADDRESS); + g_buffer_line_start_merge_at(line, BLC_PHYSICAL); free(content); @@ -381,19 +521,19 @@ static void build_disass_prologue(GCodeBuffer *buffer, const char *filename, con g_checksum_free(checksum); line = g_lang_output_continue_comments(output, buffer, content, len - 1); - g_buffer_line_start_merge_at(line, BLC_ADDRESS); + g_buffer_line_start_merge_at(line, BLC_PHYSICAL); free(content); /* Ligne de séparation */ line = g_lang_output_continue_comments(output, buffer, NULL, 0); - g_buffer_line_start_merge_at(line, BLC_ADDRESS); + g_buffer_line_start_merge_at(line, BLC_PHYSICAL); /* Conclusion */ line = g_lang_output_end_comments(output, buffer); - if (line != NULL) g_buffer_line_start_merge_at(line, BLC_ADDRESS); + if (line != NULL) g_buffer_line_start_merge_at(line, BLC_PHYSICAL); g_object_unref(G_OBJECT(output)); diff --git a/src/analysis/disass/fetch.c b/src/analysis/disass/fetch.c index 17eea6a..4686fe2 100644 --- a/src/analysis/disass/fetch.c +++ b/src/analysis/disass/fetch.c @@ -23,6 +23,117 @@ #include "fetch.h" + +#include "../../arch/artificial.h" + + + + + + + + +/****************************************************************************** +* * +* Paramètres : binary = représentation de binaire chargé. * +* parts = parties binaires à désassembler. * +* count = nombre de parties à traiter. * +* statusbar = barre de statut avec progression à mettre à jour.* +* id = identifiant du message affiché à l'utilisateur. * +* * +* Description : Procède au désassemblage basique d'un contenu binaire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +GArchInstruction *load_raw_binary(const GLoadedBinary *binary, const vmpa2t *base, off_t end, GtkExtStatusBar *statusbar, bstatus_id_t id) +{ + GArchInstruction *result; /* Liste d'instr. à renvoyer */ + GBinFormat *format; /* Format du fichier binaire */ + GArchProcessor *proc; /* Architecture du binaire */ + off_t bin_length; /* Taille des données à lire */ + bin_t *bin_data; /* Données binaires à lire */ + vmpa2t *pos; /* Boucle de parcours */ + vmpa2t *prev; /* Boucle de parcours */ + off_t old_phy; /* Ancienne position physique */ + GArchInstruction *instr; /* Instruction décodée */ + off_t new_phy; /* Nouvelle position physique */ + + result = NULL; + + format = G_BIN_FORMAT(g_loaded_binary_get_format(binary)); + proc = get_arch_processor_from_format(G_EXE_FORMAT(format)); + bin_data = g_loaded_binary_get_data(binary, &bin_length); + + end = bin_length; + + pos = local_dup_vmpa(base); + prev = local_dup_vmpa(base); + + old_phy = get_phy_addr(prev); + + while (old_phy < end) + { + instr = g_db_instruction_new_from_data(bin_data, pos, end, proc); + if (instr == NULL) break; + + new_phy = get_phy_addr(pos); + + g_arch_instruction_set_location(instr, prev, new_phy - old_phy); + g_arch_instruction_add_to_list(&result, instr); + + copy_vmpa(prev, pos); + old_phy = get_phy_addr(prev); + + //done += (new_phy - old_phy); + //gtk_extended_status_bar_update_activity(statusbar, id, done * 1.0 / sum); + + } + + return result; + +} + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + #ifdef DEBUG # include "../../arch/artificial.h" #endif @@ -139,3 +250,14 @@ GArchInstruction *disassemble_binary_parts(const GLoadedBinary *binary, GBinPart return result; } + + + + + + + + + + + diff --git a/src/analysis/disass/fetch.h b/src/analysis/disass/fetch.h index 87f3134..ff62ce8 100644 --- a/src/analysis/disass/fetch.h +++ b/src/analysis/disass/fetch.h @@ -30,6 +30,13 @@ #include "../../gtkext/gtkextstatusbar.h" + + +GArchInstruction *load_raw_binary(const GLoadedBinary *binary, const vmpa2t *base, off_t end, GtkExtStatusBar *statusbar, bstatus_id_t id); + + + + /* Procède au désassemblage basique d'un contenu binaire. */ GArchInstruction *disassemble_binary_parts(const GLoadedBinary *, GBinPart **, size_t, GtkExtStatusBar *, bstatus_id_t); diff --git a/src/analysis/disass/output.c b/src/analysis/disass/output.c index fd7efce..97f9989 100644 --- a/src/analysis/disass/output.c +++ b/src/analysis/disass/output.c @@ -76,6 +76,7 @@ void print_disassembled_instructions(GCodeBuffer *buffer, const GExeFormat *form iter != NULL; iter = g_arch_instruction_get_next_iter(instrs, iter, VMPA_MAX)) { +#if 0 g_arch_instruction_get_location(iter, NULL, NULL, &iaddr); /* Ajout des prototypes de fonction */ @@ -87,10 +88,11 @@ void print_disassembled_instructions(GCodeBuffer *buffer, const GExeFormat *form g_binary_routine_output_info(routines[i], output, buffer); } +#endif g_arch_instruction_print(iter, buffer, msize, content, ASX_INTEL); - gtk_extended_status_bar_update_activity(statusbar, id, (iaddr - start) * 1.0 / (end - start)); + //gtk_extended_status_bar_update_activity(statusbar, id, (iaddr - start) * 1.0 / (end - start)); } |