diff options
Diffstat (limited to 'src/analysis/disass')
-rw-r--r-- | src/analysis/disass/disassembler.c | 4 | ||||
-rw-r--r-- | src/analysis/disass/macro.c | 218 |
2 files changed, 206 insertions, 16 deletions
diff --git a/src/analysis/disass/disassembler.c b/src/analysis/disass/disassembler.c index 6147f3b..e7c972d 100644 --- a/src/analysis/disass/disassembler.c +++ b/src/analysis/disass/disassembler.c @@ -257,7 +257,7 @@ static void g_delayed_disassembly_process(GDelayedDisassembly *disass, GtkExtSta run_plugins_on_binary(disass->binary, PGA_BINARY_BOUNDED, true); /* Quatrième étape */ -#if 0 + id = gtk_extended_status_bar_push(statusbar, _("Grouping routines instructions..."), true); qsort(routines, routines_count, sizeof(GBinRoutine *), (__compar_fn_t)g_binary_routine_rcompare); @@ -267,7 +267,7 @@ static void g_delayed_disassembly_process(GDelayedDisassembly *disass, GtkExtSta gtk_extended_status_bar_remove(statusbar, id); run_plugins_on_binary(disass->binary, PGA_BINARY_GROUPED, true); -#endif + /* Cinquième étape */ id = gtk_extended_status_bar_push(statusbar, _("Printing disassembled code..."), true); diff --git a/src/analysis/disass/macro.c b/src/analysis/disass/macro.c index 7fda6b9..46dc0d3 100644 --- a/src/analysis/disass/macro.c +++ b/src/analysis/disass/macro.c @@ -41,6 +41,16 @@ typedef struct _branch_info } branch_info; +/** + * Macros pour le marquage des instructions traitées. + * Dans un soucis d'optimisation, on ne traite que les instructions + * démarrant un bloc. + */ +#define MACRO_MARK_AS_PROCESSED(_instr) g_object_set_data(G_OBJECT(_instr), "macro_done", _instr) +#define MACRO_IS_PROCESSED(_instr) (g_object_get_data(G_OBJECT(_instr), "macro_done") != NULL) +#define MACRO_CLEAR_PROCESSED(_instr) g_object_set_data(G_OBJECT(_instr), "macro_done", NULL) + + /* Indique si une adresse est retenue comme point de passage. */ static bool is_addr_in_branch(const branch_info *, const vmpa_t *, bool); @@ -50,6 +60,9 @@ static void find_next_jumps(GArchInstruction *, vmpa_t, vmpa_t, branch_info *); /* Retrouve le point de ralliement entre deux branches. */ static vmpa_t compute_first_common_addr(branch_info *, branch_info *); +/* Retrouve le point de ralliement entre un groupe de branches. */ +static vmpa_t compute_first_common_addr_in_group(const branch_info *, size_t); + /* Procède à la définition de bloc regroupant des instructions. */ static GInstrBlock *build_instruction_block(GArchInstruction *, vmpa_t, vmpa_t, vmpa_t); @@ -144,6 +157,7 @@ static void find_next_jumps(GArchInstruction *instrs, vmpa_t start, vmpa_t end, { case ILT_EXEC_FLOW: case ILT_JUMP: + case ILT_CASE_JUMP: case ILT_JUMP_IF_TRUE: case ILT_JUMP_IF_FALSE: g_arch_instruction_get_location(dests[i], NULL, NULL, &addr); @@ -204,6 +218,49 @@ static vmpa_t compute_first_common_addr(branch_info *a, branch_info *b) /****************************************************************************** * * +* Paramètres : list = liste d'ensembles de jalons à parcourir. * +* count = taille de cette liste. * +* * +* Description : Retrouve le point de ralliement entre un groupe de branches. * +* * +* Retour : Adresse commune aux branches. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static vmpa_t compute_first_common_addr_in_group(const branch_info *list, size_t count) +{ + vmpa_t result; /* Adresse trouvée à retourner */ + size_t i; /* Boucle de parcours #1 */ + bool keep; /* Candidate à garder ? */ + size_t j; /* Boucle de parcours #2 */ + + /* Valeur conceptuellement impossible à renvoyer */ + result = VMPA_MAX; + + //qsort(a->jumps, a->count, sizeof(vmpa_t), (__compar_fn_t)compare_vmpa); + //qsort(b->jumps, b->count, sizeof(vmpa_t), (__compar_fn_t)compare_vmpa); + + for (i = 0; i < list[0].count && result == VMPA_MAX; i++) + { + keep = true; + + for (j = 1; j < count && keep; j++) + keep = is_addr_in_branch(&list[j], &list[0].jumps[i], false); + + if (keep) + result = list[0].jumps[i]; + + } + + return result; + +} + + +/****************************************************************************** +* * * Paramètres : instrs = ensemble des instructions d'assemblage. * * start = adresse de début du bloc. * * end = adresse de fin du bloc (exclusive). * @@ -220,6 +277,7 @@ static vmpa_t compute_first_common_addr(branch_info *a, branch_info *b) static GInstrBlock *build_instruction_block(GArchInstruction *instrs, vmpa_t start, vmpa_t end, vmpa_t stop) { GInstrBlock *result; /* Regroupement à retourner */ + branch_info main_branch; /* Flot d'exécution complet */ GArchInstruction *first; /* Première instruction */ GArchInstruction *last; /* Dernière instruction */ GArchInstruction *iter; /* Boucle de parcours */ @@ -227,17 +285,26 @@ static GInstrBlock *build_instruction_block(GArchInstruction *instrs, vmpa_t sta GArchInstruction **dests; /* Instr. visée par une autre */ InstructionLinkType *types; /* Type de lien entre lignes */ size_t dcount; /* Nombre de liens de dest. */ - size_t i; /* Boucle de parcours */ + size_t i; /* Boucle de parcours #1 */ GInstrBlock *block; /* Nouveau bloc mis en place */ + branch_info *cases_branches; /* Branches d'un aiguillage */ + size_t cases_count; /* Nombre d'aiguillages */ branch_info true_branch; /* Branche 'condition vraie' */ branch_info false_branch; /* Branche 'condition fausse' */ + branch_info *excep_branches; /* Branches d'exceptions */ + size_t excep_count; /* Nombre d'exceptions */ vmpa_t next_addr; /* Prochaine instruction visée */ + size_t j; /* Boucle de parcours #2 */ + vmpa_t stop_addr; /* Adresse de fin de bloc */ result = NULL; first = NULL; last = NULL; + memset(&main_branch, 0, sizeof(branch_info)); + find_next_jumps(instrs, start, end, &main_branch); + //printf("[+] blocking 0x%08llx -> 0x%08llx... stop @ 0x%08llx\n", start, end, stop); for (iter = g_arch_instruction_find_by_address(instrs, start, true); @@ -247,15 +314,14 @@ static GInstrBlock *build_instruction_block(GArchInstruction *instrs, vmpa_t sta g_arch_instruction_get_location(iter, NULL, NULL, &addr); if (addr == stop) break; + /* On s'arrêter si l'instruction est déjà décompilée */ + if (MACRO_IS_PROCESSED(iter)) break; + if (first == NULL) first = iter; last = iter; - /* On s'arrêter si l'instruction est déjà décompilée */ - if (g_object_get_data(G_OBJECT(iter), "decomp_done") != NULL) break; - g_object_set_data(G_OBJECT(iter), "decomp_done", iter); - /* On n'approfondit que les chemins qui se séparent */ if (!g_arch_instruction_has_destinations(iter)) { @@ -268,8 +334,12 @@ static GInstrBlock *build_instruction_block(GArchInstruction *instrs, vmpa_t sta dcount = g_arch_instruction_get_destinations(iter, &dests, &types); next_addr = 0; + cases_branches = NULL; + cases_count = 0; memset(&true_branch, 0, sizeof(branch_info)); memset(&false_branch, 0, sizeof(branch_info)); + excep_branches = NULL; + excep_count = 0; for (i = 0; i < dcount; i++) switch (types[i]) @@ -281,6 +351,7 @@ static GInstrBlock *build_instruction_block(GArchInstruction *instrs, vmpa_t sta result = g_virtual_block_new(); block = g_flow_block_new(instrs, first, iter); + MACRO_MARK_AS_PROCESSED(first); g_virtual_block_add_child(G_VIRTUAL_BLOCK(result), block); first = NULL; @@ -288,6 +359,17 @@ static GInstrBlock *build_instruction_block(GArchInstruction *instrs, vmpa_t sta break; + case ILT_CASE_JUMP: + + g_arch_instruction_get_location(dests[i], NULL, NULL, &addr); + + cases_branches = (branch_info *)realloc(cases_branches, + ++cases_count * sizeof(branch_info)); + memset(&cases_branches[cases_count - 1], 0, sizeof(branch_info)); + find_next_jumps(instrs, addr, end, &cases_branches[cases_count - 1]); + + break; + case ILT_JUMP_IF_TRUE: g_arch_instruction_get_location(dests[i], NULL, NULL, &addr); find_next_jumps(instrs, addr, end, &true_branch); @@ -298,12 +380,97 @@ static GInstrBlock *build_instruction_block(GArchInstruction *instrs, vmpa_t sta find_next_jumps(instrs, addr, end, &false_branch); break; + case ILT_CATCH_EXCEPTION: + + g_arch_instruction_get_location(dests[i], NULL, NULL, &addr); + + excep_branches = (branch_info *)realloc(excep_branches, + ++excep_count * sizeof(branch_info)); + memset(&excep_branches[excep_count - 1], 0, sizeof(branch_info)); + find_next_jumps(instrs, addr, end, &excep_branches[excep_count - 1]); + + break; + default: - next_addr = VMPA_MAX; + if (next_addr == 0) + next_addr = VMPA_MAX; break; } + /* Post-traitements de ILT_CASE_JUMP */ + if (cases_count > 0) + { + if (result == NULL) + result = g_virtual_block_new(); + + if (first != NULL) + { + block = g_flow_block_new(instrs, first, iter); + MACRO_MARK_AS_PROCESSED(first); + g_virtual_block_add_child(G_VIRTUAL_BLOCK(result), block); + first = NULL; + } + + //printf(" --- cases --- start\n"); + + next_addr = compute_first_common_addr_in_group(cases_branches, cases_count); + //printf(" stop :: 0x%08llx\n", next_addr); + + for (j = 0; j < cases_count; j++) + { + //printf(" ## %zu\n", j); + + block = build_instruction_block(instrs, cases_branches[j].jumps[0], end, next_addr); + + if (block != NULL) + + g_virtual_block_add_child(G_VIRTUAL_BLOCK(result), block); + + free(cases_branches[j].jumps); + + } + + //printf(" --- cases --- end\n"); + + + free(cases_branches); + + } + + /* Post-traitements de ILT_CATCH_EXCEPTION */ + if (excep_count > 0) + { + if (result == NULL) + result = g_virtual_block_new(); + + if (first != NULL) + { + block = g_flow_block_new(instrs, first, iter); + MACRO_MARK_AS_PROCESSED(first); + g_virtual_block_add_child(G_VIRTUAL_BLOCK(result), block); + first = NULL; + } + + for (j = 0; j < excep_count; j++) + { + stop_addr = compute_first_common_addr(&main_branch, &excep_branches[j]); + //next_addr = MIN(next_addr, end); + + block = build_instruction_block(instrs, excep_branches[j].jumps[0], end, stop_addr); + + if (block != NULL) + + g_virtual_block_add_child(G_VIRTUAL_BLOCK(result), block); + + free(excep_branches[j].jumps); + + } + + free(excep_branches); + + } + if (next_addr == VMPA_MAX) { iter = g_arch_instruction_get_next_iter(instrs, iter, end); @@ -318,14 +485,24 @@ static GInstrBlock *build_instruction_block(GArchInstruction *instrs, vmpa_t sta if (result == NULL) result = g_virtual_block_new(); - block = g_flow_block_new(instrs, first, iter); - g_virtual_block_add_child(G_VIRTUAL_BLOCK(result), block); - first = NULL; + if (first != NULL) + { + block = g_flow_block_new(instrs, first, iter); + MACRO_MARK_AS_PROCESSED(first); + g_virtual_block_add_child(G_VIRTUAL_BLOCK(result), block); + first = NULL; + } block = build_instruction_block(instrs, true_branch.jumps[0], end, next_addr); + + if (block != NULL) + g_virtual_block_add_child(G_VIRTUAL_BLOCK(result), block); block = build_instruction_block(instrs, false_branch.jumps[0], end, next_addr); + + if (block != NULL) + g_virtual_block_add_child(G_VIRTUAL_BLOCK(result), block); free(true_branch.jumps); @@ -342,15 +519,27 @@ static GInstrBlock *build_instruction_block(GArchInstruction *instrs, vmpa_t sta if (first != NULL && last != NULL) { - block = g_flow_block_new(instrs, first, last); + if (!MACRO_IS_PROCESSED(first)) + { + //printf("--close?--\n"); + block = g_flow_block_new(instrs, first, last); + MACRO_MARK_AS_PROCESSED(first); + //printf("--close!--\n"); - if (result == NULL) - result = block; - else - g_virtual_block_add_child(G_VIRTUAL_BLOCK(result), block); + if (result == NULL) + result = block; + else + g_virtual_block_add_child(G_VIRTUAL_BLOCK(result), block); + } } + if (result == NULL) + { + //printf("WARNING :: null !\n"); + //exit(0); + } + return result; } @@ -389,6 +578,7 @@ void group_routines_instructions(GArchInstruction *list, GBinRoutine **routines, block = build_instruction_block(list, start, end, VMPA_MAX); + g_binary_routine_set_basic_blocks(routines[i], block); gtk_extended_status_bar_update_activity(statusbar, id, (i + 1) * 1.0 / count); |