Extended the API to allow obfuscators detections.

author: Cyrille Bagard <nocbos@gmail.com> 2018-08-06 21:34:51 (GMT)
committer: Cyrille Bagard <nocbos@gmail.com> 2018-08-06 21:34:51 (GMT)
commit: b070fb755b9e32bfa80e8854606f431d285ca23e (patch)
tree: 4a5cf3b8e6516cf3b93ac1fc64c1d18008c0f3e2 /src
parent: c4b5b5d4d88dc60caad7a10b22c38cc796fdec08 (diff)
9 files changed, 84 insertions, 2 deletions
diff --git a/src/analysis/loaded.c b/src/analysis/loaded.c
index a035e5e..9b7a2ff 100644
--- a/src/analysis/loaded.c
+++ b/src/analysis/loaded.c
@@ -370,6 +370,34 @@ const char *g_loaded_content_describe(const GLoadedContent *content, bool full)
 }
 
 
+/******************************************************************************
+*                                                                             *
+*  Paramètres  : content = élément chargé à consulter.                        *
+*                version = précise si les versions doivent être recherchées.  *
+*                count   = nombre de types d'obscurcissement trouvés. [OUT]   *
+*                                                                             *
+*  Description : Etablit une liste d'obscurcissements présents.               *
+*                                                                             *
+*  Retour      : Désignations humaines correspondantes à libérer après usage  *
+*                                                                             *
+*  Remarques   : -                                                            *
+*                                                                             *
+******************************************************************************/
+
+char **g_loaded_content_detect_obfuscators(const GLoadedContent *content, bool version, size_t *count)
+{
+    char **result;                          /* Liste à retourner           */
+
+    result = NULL;
+    *count = 0;
+
+    detect_external_tools(PGA_DETECTION_OBFUSCATORS, content, version, &result, count);
+
+    return result;
+
+}
+
+
 
 /* ---------------------------------------------------------------------------------- */
 /*                             GESTION DYNAMIQUE DES VUES                             */
diff --git a/src/analysis/loaded.h b/src/analysis/loaded.h
index 71e1ff6..60d1fce 100644
--- a/src/analysis/loaded.h
+++ b/src/analysis/loaded.h
@@ -79,6 +79,9 @@ bool g_loaded_content_analyze_and_wait(GLoadedContent *);
 /* Fournit le désignation associée à l'élément chargé. */
 const char *g_loaded_content_describe(const GLoadedContent *, bool);
 
+/* Etablit une liste d'obscurcissements présents. */
+char **g_loaded_content_detect_obfuscators(const GLoadedContent *, bool, size_t *);
+
 
 
 /* --------------------------- GESTION DYNAMIQUE DES VUES --------------------------- */
diff --git a/src/analysis/routine.c b/src/analysis/routine.c
index 3b47930..edb9cb3 100644
--- a/src/analysis/routine.c
+++ b/src/analysis/routine.c
@@ -491,7 +491,7 @@ size_t g_binary_routine_get_args_count(const GBinRoutine *routine)
 *                                                                             *
 ******************************************************************************/
 
-GBinVariable *g_binary_routine_get_arg(GBinRoutine *routine, size_t index)
+GBinVariable *g_binary_routine_get_arg(const GBinRoutine *routine, size_t index)
 {
     GBinVariable *result;                   /* Argument à retourner        */
 
diff --git a/src/analysis/routine.h b/src/analysis/routine.h
index e1512a8..1a2cd92 100644
--- a/src/analysis/routine.h
+++ b/src/analysis/routine.h
@@ -105,7 +105,7 @@ void g_binary_routine_add_arg(GBinRoutine *, GBinVariable *);
 size_t g_binary_routine_get_args_count(const GBinRoutine *);
 
 /* Fournit un argument d'une routine. */
-GBinVariable *g_binary_routine_get_arg(GBinRoutine *, size_t);
+GBinVariable *g_binary_routine_get_arg(const GBinRoutine *, size_t);
 
 /* Retire un argument d'une routine. */
 void g_binary_routine_remove_arg(GBinRoutine *, size_t);
diff --git a/src/plugins/pglist.h b/src/plugins/pglist.h
index b2635eb..7cc4416 100644
--- a/src/plugins/pglist.h
+++ b/src/plugins/pglist.h
@@ -109,6 +109,11 @@ GPluginModule **get_all_plugins_for_action(PluginAction, size_t *);
 #define process_disassembly_event(a, b, s, c) \
     process_all_plugins_for(a, g_plugin_module_process_disassembly_event, b, s, c)
 
+/* DPS_DETECTION */
+
+#define detect_external_tools(a, cnt, v, n, c) \
+    process_all_plugins_for(a, g_plugin_module_detect_external_tools, cnt, v, n, c)
+
 
 
 #endif  /* _PLUGINS_PGLIST_H */
diff --git a/src/plugins/plugin-def.h b/src/plugins/plugin-def.h
index 6bc2086..b8b0e0d 100644
--- a/src/plugins/plugin-def.h
+++ b/src/plugins/plugin-def.h
@@ -83,6 +83,7 @@ typedef uint32_t plugin_action_t;
 #define DPS_CONTENT             DEFINE_PLUGIN_SUB_CATEGORY(0)
 #define DPS_FORMAT              DEFINE_PLUGIN_SUB_CATEGORY(1)
 #define DPS_DISASSEMBLY         DEFINE_PLUGIN_SUB_CATEGORY(2)
+#define DPS_DETECTION           DEFINE_PLUGIN_SUB_CATEGORY(3)
 
 // GUI -> project
 // binary loaded
@@ -172,6 +173,13 @@ typedef enum _PluginAction
     /* Désassemblage fini */
     PGA_DISASSEMBLY_ENDED       = DPC_BINARY_PROCESSING | DPS_DISASSEMBLY | DEFINE_PLUGIN_ACTION(9),
 
+    /**
+     * DPC_BINARY_PROCESSING | DPS_DETECTION
+     */
+
+    /* Intervention en toute fin d'analyse de contenu chargé */
+    PGA_DETECTION_OBFUSCATORS = DPC_BINARY_PROCESSING | DPS_DETECTION | DEFINE_PLUGIN_ACTION(0),
+
 
 
 
diff --git a/src/plugins/plugin-int.h b/src/plugins/plugin-int.h
index 04b87bb..d04d9ab 100644
--- a/src/plugins/plugin-int.h
+++ b/src/plugins/plugin-int.h
@@ -59,6 +59,9 @@ typedef bool (* pg_handle_format_fc) (const GPluginModule *, PluginAction, GBinF
 /* Procède à un préchargement de format de fichier. */
 typedef bool (* pg_preload_format_fc) (const GPluginModule *, PluginAction, GBinFormat *, GPreloadInfo *, GtkStatusStack *);
 
+/* Effectue la détection d'effets d'outils externes. */
+typedef void (* pg_detect_tools_fc) (const GPluginModule *, PluginAction, const GLoadedContent *, bool, char ***, size_t *);
+
 
 
 
@@ -124,6 +127,8 @@ struct _GPluginModule
     pg_handle_format_fc handle_format;      /* Manipulation du format      */
     pg_preload_format_fc preload_format;    /* Préchargement d'un format   */
 
+    pg_detect_tools_fc detect;              /* Lancement de détections     */
+
 };
 
 
diff --git a/src/plugins/plugin.c b/src/plugins/plugin.c
index de9c953..7780f43 100644
--- a/src/plugins/plugin.c
+++ b/src/plugins/plugin.c
@@ -373,6 +373,12 @@ GPluginModule *g_plugin_module_new(const gchar *filename)
                             goto bad_plugin;
                         break;
 
+                    case DPS_DETECTION:
+                        if (!load_plugin_symbol(result->module,
+                                                "chrysalide_plugin_detect_external_tools", &result->detect))
+                            goto bad_plugin;
+                        break;
+
                     default:
                         log_variadic_message(LMT_WARNING,
                                              _("Unknown sub-category '0x%02x' in plugin '%s'..."), sub, filename);
@@ -847,3 +853,27 @@ void g_plugin_module_process_disassembly_event(const GPluginModule *plugin, Plug
     plugin->process_disass(plugin, action, binary, status, context);
 
 }
+
+
+/******************************************************************************
+*                                                                             *
+*  Paramètres  : plugin  = greffon à manipuler.                               *
+*                action  = type d'action attendue.                            *
+*                content = élément chargé à consulter.                        *
+*                version = précise si les versions doivent être recherchées.  *
+*                names   = désignations humaines correspondantes, à libérer.  *
+*                count   = nombre de types d'obscurcissement trouvés. [OUT]   *
+*                                                                             *
+*  Description : Effectue la détection d'effets d'outils externes.            *
+*                                                                             *
+*  Retour      : -                                                            *
+*                                                                             *
+*  Remarques   : -                                                            *
+*                                                                             *
+******************************************************************************/
+
+void g_plugin_module_detect_external_tools(const GPluginModule *plugin, PluginAction action, const GLoadedContent *content, bool version, char ***names, size_t *count)
+{
+    plugin->detect(plugin, action, content, version, names, count);
+
+}
diff --git a/src/plugins/plugin.h b/src/plugins/plugin.h
index d0aeb28..a73cc6f 100644
--- a/src/plugins/plugin.h
+++ b/src/plugins/plugin.h
@@ -106,6 +106,9 @@ bool g_plugin_module_preload_binary_format(const GPluginModule *, PluginAction,
 /* Exécute une action pendant un désassemblage de binaire. */
 void g_plugin_module_process_disassembly_event(const GPluginModule *, PluginAction, GLoadedBinary *, GtkStatusStack *, GProcContext *);
 
+/* Effectue la détection d'effets d'outils externes. */
+void g_plugin_module_detect_external_tools(const GPluginModule *, PluginAction, const GLoadedContent *, bool, char ***, size_t *);
+
 
 
 #endif  /* _PLUGINS_PLUGIN_H */
author	Cyrille Bagard <nocbos@gmail.com>	2018-08-06 21:34:51 (GMT)
committer	Cyrille Bagard <nocbos@gmail.com>	2018-08-06 21:34:51 (GMT)
commit	b070fb755b9e32bfa80e8854606f431d285ca23e (patch)
tree	4a5cf3b8e6516cf3b93ac1fc64c1d18008c0f3e2 /src
parent	c4b5b5d4d88dc60caad7a10b22c38cc796fdec08 (diff)