diff options
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/Makefile.am | 2 | ||||
-rw-r--r-- | plugins/libcsem/Makefile.am | 13 | ||||
-rw-r--r-- | plugins/libcsem/exit.c | 122 | ||||
-rw-r--r-- | plugins/libcsem/exit.h | 37 | ||||
-rw-r--r-- | plugins/libcsem/semantic.c | 62 | ||||
-rw-r--r-- | plugins/libcsem/semantic.h | 39 |
6 files changed, 274 insertions, 1 deletions
diff --git a/plugins/Makefile.am b/plugins/Makefile.am index de8fa29..2fdd3ad 100644 --- a/plugins/Makefile.am +++ b/plugins/Makefile.am @@ -1,2 +1,2 @@ -SUBDIRS = androhelpers devdbg mobicore pychrysa python readelf stackvars +SUBDIRS = androhelpers devdbg libcsem mobicore pychrysa python readelf stackvars diff --git a/plugins/libcsem/Makefile.am b/plugins/libcsem/Makefile.am new file mode 100644 index 0000000..1c8ad9c --- /dev/null +++ b/plugins/libcsem/Makefile.am @@ -0,0 +1,13 @@ + +lib_LTLIBRARIES = liblibcsem.la + +liblibcsem_la_SOURCES = \ + exit.h exit.c \ + semantic.h semantic.c + +liblibcsem_la_CFLAGS = $(AM_CFLAGS) + + +AM_CPPFLAGS = $(LIBGTK_CFLAGS) $(LIBXML_CFLAGS) -I../../src + +AM_CFLAGS = $(DEBUG_CFLAGS) $(WARNING_FLAGS) $(COMPLIANCE_FLAGS) diff --git a/plugins/libcsem/exit.c b/plugins/libcsem/exit.c new file mode 100644 index 0000000..fbe0923 --- /dev/null +++ b/plugins/libcsem/exit.c @@ -0,0 +1,122 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * exit.c - définition des sorties comme points de non retour + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "exit.h" + + + +/* Modifie toutes les instructions appelant exit(). */ +static void mark_one_kind_of_exit_as_return(const GLoadedBinary *, const char *); + + + +/****************************************************************************** +* * +* Paramètres : binary = binaire dont le contenu est en cours de traitement. * +* * +* Description : Modifie toutes les instructions appelant exit(). * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void mark_one_kind_of_exit_as_return(const GLoadedBinary *binary, const char *fname) +{ + GBinFormat *format; /* Format du fichier binaire */ + GBinSymbol *symbol; /* Symbole de fonction trouvé */ + const mrange_t *range; /* Emplacement du symbole */ + GArchProcessor *proc; /* Architecture du binaire */ + GArchInstruction *instr; /* Instruction de sortie */ + GArchInstruction **sources; /* Instructions diverses liées */ + InstructionLinkType *types; /* Types de lien existants */ + size_t count; /* Nbre de sources affichées */ + size_t i; /* Boucle de parcours */ + + format = G_BIN_FORMAT(g_loaded_binary_get_format(binary)); + + if (!g_binary_format_find_symbol_by_label(format, fname, &symbol)) + goto mokoear_exit; + + if (g_binary_symbol_get_target_type(symbol) != STP_ROUTINE) + goto mokoear_done_with_sym; + + range = g_binary_symbol_get_range(symbol); + + proc = g_loaded_binary_get_processor(binary); + + instr = g_arch_processor_find_instr_by_address(proc, get_mrange_addr(range)); + + count = g_arch_instruction_get_sources(instr, &sources, &types); + + for (i = 0; i < count; i++) + { + if (types[i] != ILT_CALL) continue; + + g_arch_instruction_define_as_return(sources[i], true); + + } + + g_object_unref(G_OBJECT(proc)); + + mokoear_done_with_sym: + + g_object_unref(G_OBJECT(symbol)); + + mokoear_exit: + + //g_object_unref(G_OBJECT(format)); + + ; + +} + + +/****************************************************************************** +* * +* Paramètres : binary = binaire dont le contenu est en cours de traitement. * +* * +* Description : Modifie toutes les instructions appelant exit(). * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void mark_exit_calls_as_return_instructions(const GLoadedBinary *binary) +{ + const char **iter; /* Boucle de parcours */ + + static const char *exit_functions[] = { + "exit", + "_exit", + "_Exit", + NULL + }; + + for (iter = exit_functions; *iter != NULL; iter++) + mark_one_kind_of_exit_as_return(binary, *iter); + +} diff --git a/plugins/libcsem/exit.h b/plugins/libcsem/exit.h new file mode 100644 index 0000000..f580036 --- /dev/null +++ b/plugins/libcsem/exit.h @@ -0,0 +1,37 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * exit.h - prototypes pour la définition des sorties comme points de non retour + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_LIBCSEM_EXIT_H +#define _PLUGINS_LIBCSEM_EXIT_H + + +#include <analysis/binary.h> + + + +/* Modifie toutes les instructions appelant exit(). */ +void mark_exit_calls_as_return_instructions(const GLoadedBinary *); + + + +#endif /* _PLUGINS_LIBCSEM_EXIT_H */ diff --git a/plugins/libcsem/semantic.c b/plugins/libcsem/semantic.c new file mode 100644 index 0000000..2da2ea6 --- /dev/null +++ b/plugins/libcsem/semantic.c @@ -0,0 +1,62 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * semantic.c - prise en charge personnalisée de la bibliothèque C + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "semantic.h" + + +#include <plugins/plugin-def.h> + + +#include "exit.h" + + + +DEFINE_CHRYSALIDE_ACTIVE_PLUGIN("LibC semantics", "Register semantic information relative to the libc", "0.1.0", + PGA_DISASSEMBLY_HOOKED_POST); + + + +/****************************************************************************** +* * +* Paramètres : plugin = greffon à manipuler. * +* action = type d'action attendue. * +* binary = binaire dont le contenu est en cours de traitement. * +* * +* Description : Exécute une action pendant un désassemblage de binaire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +G_MODULE_EXPORT void process_binary_disassembly(const GPluginModule *plugin, PluginAction action, GLoadedBinary *binary) +{ + if (action == PGA_DISASSEMBLY_HOOKED_POST) + { + /* Traitement de appels à exit() ou fonctions similaires */ + mark_exit_calls_as_return_instructions(binary); + + } + +} diff --git a/plugins/libcsem/semantic.h b/plugins/libcsem/semantic.h new file mode 100644 index 0000000..72ce0ce --- /dev/null +++ b/plugins/libcsem/semantic.h @@ -0,0 +1,39 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * semantic.h - prototypes pour la prise en charge personnalisée de la bibliothèque C + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_LIBCSEM_SEMANTIC_H +#define _PLUGINS_LIBCSEM_SEMANTIC_H + + +#include <format/elf/elf.h> +#include <plugins/plugin.h> +#include <plugins/plugin-int.h> + + + +/* Exécute une action pendant un désassemblage de binaire. */ +G_MODULE_EXPORT void process_binary_disassembly(const GPluginModule *, PluginAction, GLoadedBinary *); + + + +#endif /* _PLUGINS_LIBCSEM_SEMANTIC_H */ |