diff options
Diffstat (limited to 'src/analysis/disass')
-rw-r--r-- | src/analysis/disass/area.c | 278 | ||||
-rw-r--r-- | src/analysis/disass/area.h | 25 | ||||
-rw-r--r-- | src/analysis/disass/disassembler.c | 45 | ||||
-rw-r--r-- | src/analysis/disass/fetch.c | 118 | ||||
-rw-r--r-- | src/analysis/disass/fetch.h | 19 |
5 files changed, 210 insertions, 275 deletions
diff --git a/src/analysis/disass/area.c b/src/analysis/disass/area.c index 9d8dcf5..0ec4ad4 100644 --- a/src/analysis/disass/area.c +++ b/src/analysis/disass/area.c @@ -28,15 +28,15 @@ -#if 0 /* Zone mémoire bien bornée */ -struct _mem_area +typedef struct _mem_area { mrange_t range; /* Couverture de la zone */ unsigned long *processed; /* Octets traités dans la zone */ + GArchInstruction **instructions; /* Instructions en place */ bool has_sym; /* Représentation via symbole ?*/ @@ -46,10 +46,10 @@ struct _mem_area GBinSymbol *symbol; /* Symbole associé à la zone */ }; -}; +} mem_area; + -#endif @@ -76,10 +76,10 @@ static bool mark_range_in_mem_area_as_processed(mem_area *, phys_t, phys_t, GArc /* Procède au désassemblage d'un contenu binaire non exécutable. */ -static void load_data_from_mem_area(mem_area *, mem_area *, size_t, const GLoadedBinary *, GProcContext *, const vmpa2t *, status_info *); +static void load_data_from_mem_area(mem_area *, mem_area *, size_t, const GLoadedBinary *, GProcContext *, const vmpa2t *, status_blob_info *); /* S'assure qu'une aire contient toutes ses instructions. */ -static void fill_mem_area(mem_area *, mem_area *, size_t, const GLoadedBinary *, GProcContext *, status_info *); +static void fill_mem_area(mem_area *, mem_area *, size_t, const GLoadedBinary *, GProcContext *, status_blob_info *); @@ -240,12 +240,12 @@ static void fini_mem_area(mem_area *area) static bool is_range_blank_in_mem_area(mem_area *area, phys_t start, phys_t len, GArchInstruction *instr) { bool result; /* Bilan à renvoyer */ - phys_t max; /* Point d'arrêt de la boucle */ + phys_t max; /* Point d'arrêt de la boucle */ phys_t i; /* Boucle de parcours */ size_t index; /* Cellule de tableau visée */ unsigned int remaining; /* Nombre de bits restants */ - max = start + len; + max = start + len; assert(max <= get_mrange_length(&area->range)); @@ -282,12 +282,12 @@ static bool is_range_blank_in_mem_area(mem_area *area, phys_t start, phys_t len, static bool mark_range_in_mem_area_as_processed(mem_area *area, phys_t start, phys_t len, GArchInstruction *instr) { - phys_t max; /* Point d'arrêt de la boucle */ + phys_t max; /* Point d'arrêt de la boucle */ phys_t i; /* Boucle de parcours */ size_t index; /* Cellule de tableau visée */ unsigned int remaining; /* Nombre de bits restants */ - max = start + len; + max = start + len; assert(max <= get_mrange_length(&area->range)); @@ -330,7 +330,7 @@ static bool mark_range_in_mem_area_as_processed(mem_area *area, phys_t start, ph * * ******************************************************************************/ -void load_code_from_mem_area(mem_area *area, mem_area *list, size_t count, const GLoadedBinary *binary, GProcContext *ctx, const vmpa2t *start, status_info *info) +void load_code_from_mem_area(mem_area *area, mem_area *list, size_t count, const GLoadedBinary *binary, GProcContext *ctx, const vmpa2t *start, status_blob_info *info) { @@ -379,7 +379,7 @@ void load_code_from_mem_area(mem_area *area, mem_area *list, size_t count, const copy_vmpa(&pos, get_mrange_addr(&area->range)); advance_vmpa(&pos, diff); - printf(" [%p] CODE start @ %u (len=%u)\n", area, (unsigned int)diff, (unsigned int)alen); + printf(" [%p] CODE start @ %u (len=%u)\n", area, (unsigned int)diff, (unsigned int)alen); for (i = diff; i < alen; i += diff) { @@ -391,7 +391,7 @@ void load_code_from_mem_area(mem_area *area, mem_area *list, size_t count, const instr = g_arch_processor_disassemble(proc, ctx, bin_data, &pos, bin_length); - //printf(" @ 0x%08x -> %p\n", (uint32_t)get_virt_addr(&prev), instr); + //printf(" @ 0x%08x -> %p\n", (uint32_t)get_virt_addr(&prev), instr); if (instr == NULL) break; @@ -414,15 +414,9 @@ void load_code_from_mem_area(mem_area *area, mem_area *list, size_t count, const mark_range_in_mem_areas_as_processed(list, count, instr); - //done += (new_phy - old_phy); - //gtk_extended_status_bar_update_activity(statusbar, id, done * 1.0 / sum); - - - - - - + inc_progessive_status(info, diff); + assert(!is_range_blank_in_mem_areas(list, count, &range)); } @@ -451,11 +445,11 @@ void load_code_from_mem_area(mem_area *area, mem_area *list, size_t count, const * * ******************************************************************************/ -static void load_data_from_mem_area(mem_area *area, mem_area *list, size_t count, const GLoadedBinary *binary, GProcContext *ctx, const vmpa2t *start, status_info *info) +static void load_data_from_mem_area(mem_area *area, mem_area *list, size_t count, const GLoadedBinary *binary, GProcContext *ctx, const vmpa2t *start, status_blob_info *info) { GBinFormat *format; /* Format du fichier binaire */ GArchProcessor *proc; /* Architecture du binaire */ - SourceEndian endianness; /* Boutisme de cette machine */ + SourceEndian endianness; /* Boutisme de cette machine */ off_t bin_length; /* Taille des données à lire */ bin_t *bin_data; /* Données binaires à lire */ phys_t diff; /* Volume de données traité */ @@ -476,7 +470,7 @@ static void load_data_from_mem_area(mem_area *area, mem_area *list, size_t count format = G_BIN_FORMAT(g_loaded_binary_get_format(binary)); proc = get_arch_processor_from_format(G_EXE_FORMAT(format)); - endianness = g_arch_processor_get_endianness(proc); + endianness = g_arch_processor_get_endianness(proc); bin_data = g_loaded_binary_get_data(binary, &bin_length); diff = compute_vmpa_diff(get_mrange_addr(&area->range), start); @@ -490,8 +484,8 @@ static void load_data_from_mem_area(mem_area *area, mem_area *list, size_t count copy_vmpa(&pos, get_mrange_addr(&area->range)); advance_vmpa(&pos, diff); - printf(" [%p] DATA start @ 0x%08x -> %u (len=%u)\n", - area, (unsigned int)get_phy_addr(&pos), (unsigned int)diff, (unsigned int)alen); + printf(" [%p] DATA start @ 0x%08x -> %u (len=%u)\n", + area, (unsigned int)get_phy_addr(&pos), (unsigned int)diff, (unsigned int)alen); for (i = diff; i < alen; i += diff) { @@ -499,53 +493,50 @@ static void load_data_from_mem_area(mem_area *area, mem_area *list, size_t count copy_vmpa(&prev, &pos); - instr = NULL; + instr = NULL; - if (instr == NULL && (i + 4) <= alen) - { - init_mrange(&range, &pos, 4); + if (instr == NULL && (i + 4) <= alen) + { + init_mrange(&range, &pos, 4); - if (is_range_blank_in_mem_areas(list, count, &range)) - instr = g_raw_instruction_new_array(bin_data, MDS_32_BITS, 1, &pos, bin_length, endianness); + if (is_range_blank_in_mem_areas(list, count, &range)) + instr = g_raw_instruction_new_array(bin_data, MDS_32_BITS, 1, &pos, bin_length, endianness); - } + } - if (instr == NULL && (i + 2) <= alen) - { - copy_vmpa(&pos, &prev); - init_mrange(&range, &pos, 2); + if (instr == NULL && (i + 2) <= alen) + { + copy_vmpa(&pos, &prev); + init_mrange(&range, &pos, 2); - if (is_range_blank_in_mem_areas(list, count, &range)) - instr = g_raw_instruction_new_array(bin_data, MDS_16_BITS, 1, &pos, bin_length, endianness); + if (is_range_blank_in_mem_areas(list, count, &range)) + instr = g_raw_instruction_new_array(bin_data, MDS_16_BITS, 1, &pos, bin_length, endianness); - } + } - if (instr == NULL/* && (i + 1) <= alen*/) - { - copy_vmpa(&pos, &prev); - init_mrange(&range, &pos, 1); + if (instr == NULL/* && (i + 1) <= alen*/) + { + copy_vmpa(&pos, &prev); + init_mrange(&range, &pos, 1); - if (is_range_blank_in_mem_areas(list, count, &range)) - instr = g_raw_instruction_new_array(bin_data, MDS_8_BITS, 1, &pos, bin_length, endianness); - else - { - printf(" break !! 0x%08x\n", - (unsigned int)get_phy_addr(&pos)); - assert(0); - break; - } + if (is_range_blank_in_mem_areas(list, count, &range)) + instr = g_raw_instruction_new_array(bin_data, MDS_8_BITS, 1, &pos, bin_length, endianness); + else + { + printf(" break !! 0x%08x\n", + (unsigned int)get_phy_addr(&pos)); + assert(0); + break; + } - } + } - assert(instr != NULL); + assert(instr != NULL); /* Enregistrement des positions et adresses */ diff = compute_vmpa_diff(&prev, &pos); - printf(" decomp @ 0x%08x -> ++ %u\n", - (unsigned int)get_phy_addr(&pos), (unsigned int)diff); - init_mrange(&range, &prev, diff); g_arch_instruction_set_range(instr, &range); @@ -554,10 +545,9 @@ static void load_data_from_mem_area(mem_area *area, mem_area *list, size_t count mark_range_in_mem_areas_as_processed(list, count, instr); - assert(!is_range_blank_in_mem_areas(list, count, &range)); + inc_progessive_status(info, diff); - //done += (new_phy - old_phy); - //gtk_extended_status_bar_update_activity(statusbar, id, done * 1.0 / sum); + assert(!is_range_blank_in_mem_areas(list, count, &range)); } @@ -581,40 +571,40 @@ static void load_data_from_mem_area(mem_area *area, mem_area *list, size_t count * * ******************************************************************************/ -static void fill_mem_area(mem_area *area, mem_area *list, size_t count, const GLoadedBinary *binary, GProcContext *ctx, status_info *info) +static void fill_mem_area(mem_area *area, mem_area *list, size_t count, const GLoadedBinary *binary, GProcContext *ctx, status_blob_info *info) { - phys_t len; /* Taille de la zone à remplir */ + phys_t len; /* Taille de la zone à remplir */ phys_t i; /* Boucle de parcours */ - vmpa2t start; /* Adresse de départ de combles*/ + vmpa2t start; /* Adresse de départ de combles*/ - printf(" === FILLING | 0x%08x (%u)...\n", - (unsigned int)get_phy_addr(get_mrange_addr(&area->range)), - (unsigned int)get_phy_addr(get_mrange_addr(&area->range))); + printf(" === FILLING | 0x%08x (%u)...\n", + (unsigned int)get_phy_addr(get_mrange_addr(&area->range)), + (unsigned int)get_phy_addr(get_mrange_addr(&area->range))); - /* Les symboles se doivent d'être indépendants ! */ - if (area->has_sym) return; + /* Les symboles se doivent d'être indépendants ! */ + if (area->has_sym) return; len = get_mrange_length(&area->range); for (i = 0; i < len; i++) { - if (is_range_blank_in_mem_area(area, i, 1, NULL)) - { - copy_vmpa(&start, get_mrange_addr(&area->range)); - advance_vmpa(&start, i); + if (is_range_blank_in_mem_area(area, i, 1, NULL)) + { + copy_vmpa(&start, get_mrange_addr(&area->range)); + advance_vmpa(&start, i); - if (area->exec) - load_code_from_mem_area(area, list, count, binary, ctx, &start, info); + if (area->exec) + load_code_from_mem_area(area, list, count, binary, ctx, &start, info); - if (is_range_blank_in_mem_area(area, i, 1, NULL)) - load_data_from_mem_area(area, list, count, binary, ctx, &start, info); + if (is_range_blank_in_mem_area(area, i, 1, NULL)) + load_data_from_mem_area(area, list, count, binary, ctx, &start, info); - } + } - if (is_range_blank_in_mem_area(area, i, 1, NULL)) - printf(" [%p] error with %u\n", area, (unsigned int)i); + if (is_range_blank_in_mem_area(area, i, 1, NULL)) + printf(" [%p] error with %u\n", area, (unsigned int)i); assert(!is_range_blank_in_mem_area(area, i, 1, NULL)); @@ -638,51 +628,51 @@ static void fill_mem_area(mem_area *area, mem_area *list, size_t count, const GL static GArchInstruction *get_instructions_from_mem_area(const mem_area *area) { GArchInstruction *result; /* Liste d'instr. à renvoyer */ - phys_t len; /* Nombre d'instructions au max*/ - phys_t i; /* Boucle de parcours */ + phys_t len; /* Nombre d'instructions au max*/ + phys_t i; /* Boucle de parcours */ GArchInstruction *instr; /* Instruction décodée */ result = NULL; - if (area->has_sym) - switch (g_binary_symbol_get_target_type(area->symbol)) - { - case STP_DATA: - result = g_binary_symbol_get_instruction(area->symbol); - g_object_ref(G_OBJECT(result)); - break; + if (area->has_sym) + switch (g_binary_symbol_get_target_type(area->symbol)) + { + case STP_DATA: + result = g_binary_symbol_get_instruction(area->symbol); + g_object_ref(G_OBJECT(result)); + break; - case STP_ROUTINE: - assert(false); - //instr = load_code_binary(binary, start, end, statusbar, id); - // + fill - break; + case STP_ROUTINE: + assert(false); + //instr = load_code_binary(binary, start, end, statusbar, id); + // + fill + break; - default: - assert(false); - break; + default: + assert(false); + break; - } + } - else - { - len = get_mrange_length(&area->range); + else + { + len = get_mrange_length(&area->range); - for (i = 0; i < len; i++) - { - instr = area->instructions[i]; + for (i = 0; i < len; i++) + { + instr = area->instructions[i]; - if (instr != NULL) - { - g_object_ref(G_OBJECT(instr)); - g_arch_instruction_add_to_list(&result, instr); - } + if (instr != NULL) + { + g_object_ref(G_OBJECT(instr)); + g_arch_instruction_add_to_list(&result, instr); + } - } + } - } + } - return result; + return result; } @@ -771,15 +761,15 @@ mem_area *compute_memory_areas(GExeFormat *format, phys_t bin_length, size_t *co for (i = 0; i < exe_count; i++) { - printf(" (init) AREA %zu :: 0x%08x + %u\n", - i, - (unsigned int)get_phy_addr(get_mrange_addr(&exe_ranges[i])), - (unsigned int)get_mrange_length(&exe_ranges[i])); + printf(" (init) AREA %zu :: 0x%08x + %u\n", + i, + (unsigned int)get_phy_addr(get_mrange_addr(&exe_ranges[i])), + (unsigned int)get_mrange_length(&exe_ranges[i])); - } + } - printf("----------------\n"); + printf("----------------\n"); @@ -850,12 +840,12 @@ mem_area *compute_memory_areas(GExeFormat *format, phys_t bin_length, size_t *co for (i = 0; i < *count; i++) { - printf(" (fini) AREA %zu :: 0x%08x + %u\n", - i, - (unsigned int)get_phy_addr(get_mrange_addr(&result[i].range)), - (unsigned int)get_mrange_length(&result[i].range)); + printf(" (fini) AREA %zu :: 0x%08x + %u\n", + i, + (unsigned int)get_phy_addr(get_mrange_addr(&result[i].range)), + (unsigned int)get_mrange_length(&result[i].range)); - } + } printf("--------------------\n"); @@ -916,15 +906,15 @@ mem_area *compute_memory_areas(GExeFormat *format, phys_t bin_length, size_t *co for (i = 0; i < *count; i++) { - printf(" (sect) AREA %zu :: 0x%08x + %u\n", - i, - (unsigned int)get_phy_addr(get_mrange_addr(&result[i].range)), - (unsigned int)get_mrange_length(&result[i].range)); + printf(" (sect) AREA %zu :: 0x%08x + %u\n", + i, + (unsigned int)get_phy_addr(get_mrange_addr(&result[i].range)), + (unsigned int)get_mrange_length(&result[i].range)); - } + } - //exit(0); + //exit(0); @@ -1103,11 +1093,6 @@ mem_area *find_memory_area_by_addr(mem_area *list, size_t count, const vmpa2t *a } - - - - - /****************************************************************************** * * * Paramètres : list = liste de zones délimitant des contenus à traiter. * @@ -1135,7 +1120,6 @@ static bool handle_bytes_map_in_mem_area(mem_area *list, size_t count, const mra result = false; area = find_memory_area_by_addr(list, count, get_mrange_addr(range)); - if (area == NULL) printf("NOT FOUND!\n"); if (area == NULL) return false; offset = compute_vmpa_diff(get_mrange_addr(&area->range), get_mrange_addr(range)); @@ -1148,7 +1132,7 @@ static bool handle_bytes_map_in_mem_area(mem_area *list, size_t count, const mra else { - assert(0); + assert(0); /* Traitement de la fin de la première aire */ @@ -1247,12 +1231,12 @@ static bool mark_range_in_mem_areas_as_processed(mem_area *list, size_t count, G * * ******************************************************************************/ -void ensure_all_mem_areas_are_filled(mem_area *list, size_t count, const GLoadedBinary *binary, GProcContext *ctx, status_info *info) +void ensure_all_mem_areas_are_filled(mem_area *list, size_t count, const GLoadedBinary *binary, GProcContext *ctx, status_blob_info *info) { - size_t i; /* Boucle de parcours */ + size_t i; /* Boucle de parcours */ - for (i = 0; i < count; i++) - fill_mem_area(&list[i], list, count, binary, ctx, info); + for (i = 0; i < count; i++) + fill_mem_area(&list[i], list, count, binary, ctx, info); } @@ -1273,17 +1257,17 @@ void ensure_all_mem_areas_are_filled(mem_area *list, size_t count, const GLoaded GArchInstruction *collect_instructions_from_mem_areas(mem_area *list, size_t count) { GArchInstruction *result; /* Liste d'instr. à renvoyer */ - size_t i; /* Boucle de parcours */ + size_t i; /* Boucle de parcours */ GArchInstruction *instr; /* Instruction(s) à insérer */ - result = NULL; + result = NULL; - for (i = 0; i < count; i++) - { - instr = get_instructions_from_mem_area(&list[i]); + for (i = 0; i < count; i++) + { + instr = get_instructions_from_mem_area(&list[i]); g_arch_instruction_merge_lists(&result, &instr); - } + } - return result; + return result; } diff --git a/src/analysis/disass/area.h b/src/analysis/disass/area.h index 58539ca..2e80b04 100644 --- a/src/analysis/disass/area.h +++ b/src/analysis/disass/area.h @@ -37,34 +37,15 @@ /* Zone mémoire bien bornée */ -typedef struct _mem_area -{ - mrange_t range; /* Couverture de la zone */ +typedef struct _mem_area mem_area; - unsigned long *processed; /* Octets traités dans la zone */ - GArchInstruction **instructions; /* Instructions en place */ - bool has_sym; /* Représentation via symbole ?*/ - - union - { - bool exec; /* Zone exécutable ? */ - GBinSymbol *symbol; /* Symbole associé à la zone */ - }; - -} mem_area; - - - - -/* Zone mémoire bien bornée */ -//typedef struct _mem_area mem_area; /* Procède au désassemblage d'un contenu binaire exécutable. */ -void load_code_from_mem_area(mem_area *, mem_area *, size_t, const GLoadedBinary *, GProcContext *, const vmpa2t *, status_info *); +void load_code_from_mem_area(mem_area *, mem_area *, size_t, const GLoadedBinary *, GProcContext *, const vmpa2t *, status_blob_info *); @@ -86,7 +67,7 @@ mem_area *find_memory_area_by_addr(mem_area *, size_t, const vmpa2t *); /* S'assure que l'ensemble des aires est entièrement décodé. */ -void ensure_all_mem_areas_are_filled(mem_area *, size_t, const GLoadedBinary *, GProcContext *, status_info *); +void ensure_all_mem_areas_are_filled(mem_area *, size_t, const GLoadedBinary *, GProcContext *, status_blob_info *); /* Rassemble les instructions conservées dans des zones données. */ GArchInstruction *collect_instructions_from_mem_areas(mem_area *, size_t); diff --git a/src/analysis/disass/disassembler.c b/src/analysis/disass/disassembler.c index e20429c..77e64d7 100644 --- a/src/analysis/disass/disassembler.c +++ b/src/analysis/disass/disassembler.c @@ -29,7 +29,7 @@ #include <string.h> -#include <i18n.h> +#include <i18n.h> ///// #include "fetch.h" @@ -191,7 +191,7 @@ static GDelayedDisassembly *g_delayed_disassembly_new(GLoadedBinary *binary, GBi * Remarques : - * * * ******************************************************************************/ -#include "../../arch/vmpa.h" + #include <time.h> #include <sys/time.h> @@ -213,10 +213,6 @@ static void g_delayed_disassembly_process(GDelayedDisassembly *disass, GtkExtSta - vmpa2t base; - - - clock_t begin, end; double time_spent; @@ -229,10 +225,8 @@ static void g_delayed_disassembly_process(GDelayedDisassembly *disass, GtkExtSta /* Première étape */ - id = gtk_extended_status_bar_push(statusbar, _("Disassembling..."), true); - + //id = gtk_extended_status_bar_push(statusbar, _("Disassembling..."), true); - init_vmpa(&base, 0, 0); @@ -243,10 +237,7 @@ static void g_delayed_disassembly_process(GDelayedDisassembly *disass, GtkExtSta ustart += usage.ru_stime.tv_sec * 1000000 + usage.ru_stime.tv_usec; - //*disass->instrs = load_raw_binary(disass->binary, &base, 314744/*100*/, statusbar, id); - - - *disass->instrs = disassemble_binary_content(disass->binary, statusbar, id); + *disass->instrs = disassemble_binary_content(disass->binary, statusbar); @@ -271,19 +262,41 @@ static void g_delayed_disassembly_process(GDelayedDisassembly *disass, GtkExtSta - gtk_extended_status_bar_remove(statusbar, id); + //gtk_extended_status_bar_remove(statusbar, id); run_plugins_on_binary(disass->binary, PGA_BINARY_DISASSEMBLED, true); + do + { + GBinFormat *format; /* Format du fichier binaire */ + GArchInstruction *iter; /* Boucle de parcours */ + + + + format = G_BIN_FORMAT(g_loaded_binary_get_format(disass->binary)); + + for (iter = *disass->instrs; + iter != NULL; + iter = g_arch_instruction_get_next_iter(*disass->instrs, iter, 0)) + { + + g_arch_instruction_call_hook(iter, IPH_POST, /*ctx*/NULL, format); + + + } + + + + } while (0); /* Septième étape */ - id = gtk_extended_status_bar_push(statusbar, _("Printing disassembled code..."), true); + //id = gtk_extended_status_bar_push(statusbar, _("Printing disassembled code..."), true); qsort(routines, routines_count, sizeof(GBinRoutine *), (__compar_fn_t)g_binary_routine_compare); @@ -315,7 +328,7 @@ static void g_delayed_disassembly_process(GDelayedDisassembly *disass, GtkExtSta printf("[[ TIME ]] Printing :: %.2g (%.2g)\n", time_spent, (uend - ustart) / 1000000.0); - gtk_extended_status_bar_remove(statusbar, id); + //gtk_extended_status_bar_remove(statusbar, id); run_plugins_on_binary(disass->binary, PGA_BINARY_PRINTED, true); diff --git a/src/analysis/disass/fetch.c b/src/analysis/disass/fetch.c index 8bddaa1..2e9eb81 100644 --- a/src/analysis/disass/fetch.c +++ b/src/analysis/disass/fetch.c @@ -2,7 +2,7 @@ /* Chrysalide - Outil d'analyse de fichiers binaires * fetch.c - récupération d'instructions à partir de binaire brut * - * Copyright (C) 2010-2013 Cyrille Bagard + * Copyright (C) 2010-2014 Cyrille Bagard * * This file is part of Chrysalide. * @@ -24,19 +24,15 @@ #include "fetch.h" -#include "area.h" - - - - -/* Suit un flot d'exécution pour désassembler du code. */ -static void follow_execution_flow(const GLoadedBinary *, GProcContext *, mem_area *, size_t, status_info *, virt_t); - +#include <i18n.h> +#include "area.h" +/* Suit un flot d'exécution pour désassembler du code. */ +static void follow_execution_flow(const GLoadedBinary *, GProcContext *, mem_area *, size_t, status_blob_info *, virt_t); @@ -57,23 +53,11 @@ static void follow_execution_flow(const GLoadedBinary *, GProcContext *, mem_are * * ******************************************************************************/ -static void follow_execution_flow(const GLoadedBinary *binary, GProcContext *ctx, mem_area *areas, size_t count, status_info *info, virt_t virt) +static void follow_execution_flow(const GLoadedBinary *binary, GProcContext *ctx, mem_area *areas, size_t count, status_blob_info *info, virt_t virt) { - - - - - vmpa2t addr; /* Conversion en pleine adresse*/ - - mem_area *area; /* Zone de désassemblage */ - - - - - g_proc_context_push_drop_point(ctx, virt); while (g_proc_context_has_drop_points(ctx)) @@ -81,45 +65,15 @@ static void follow_execution_flow(const GLoadedBinary *binary, GProcContext *ctx virt = g_proc_context_pop_drop_point(ctx); init_vmpa(&addr, VMPA_NO_PHYSICAL, virt); - area = find_memory_area_by_addr(areas, count, &addr); - /* - printf("found area = %p\n", area); - - printf(" ... 0x%08x - 0x%08x + %u\n", - area->range.addr.physical, - area->range.addr.virtual, - area->range.length); - */ - - load_code_from_mem_area(area, areas, count, binary, ctx, &addr, info); - - - //exit(0); - } } - - - - - - - - - - - - - - - /****************************************************************************** * * * Paramètres : binary = représentation de binaire chargé. * @@ -134,51 +88,42 @@ static void follow_execution_flow(const GLoadedBinary *binary, GProcContext *ctx * * ******************************************************************************/ -GArchInstruction *disassemble_binary_content(const GLoadedBinary *binary, GtkExtStatusBar *statusbar, bstatus_id_t id) +GArchInstruction *disassemble_binary_content(const GLoadedBinary *binary, GtkExtStatusBar *statusbar) { GArchInstruction *result; /* Instruction désassemblées */ - GBinFormat *format; /* Format du fichier binaire */ GArchProcessor *proc; /* Architecture du binaire */ - GProcContext *ctx; /* Contexte de désassemblage */ - - status_info *info; - off_t length; /* Taille des données à lire */ mem_area *areas; /* Zone de productions */ size_t count; /* Nombre de ces zones */ - - + status_blob_info *info; /* Informations de progression */ virt_t virt; /* Point d'accroche virtuelle */ - GBinSymbol **symbols; /* Symboles à représenter */ size_t sym_count; /* Qté de symboles présents */ - size_t i; /* Boucle de parcours */ - - - const mrange_t *range; /* Couverture d'un symbole */ const vmpa2t *addr; /* Point de départ du symbole */ - - - + double done; /* Portion de travail accompli */ format = G_BIN_FORMAT(g_loaded_binary_get_format(binary)); proc = get_arch_processor_from_format(G_EXE_FORMAT(format)); - ctx = g_arch_processor_get_context(proc); - info = NULL; - - /* Définition à la découpe des parties à traiter */ g_loaded_binary_get_data(binary, &length); areas = compute_memory_areas(G_EXE_FORMAT(format), length, &count); + /** + * Première phase de désassemblage : suivi des chemins tracés. + */ + + info = init_progessive_status(statusbar, + _("Disassembling following the execution flow..."), + 0, length); + /* Insertion du point de départ */ virt = g_binary_format_get_entry_point(format); @@ -202,15 +147,36 @@ GArchInstruction *disassemble_binary_content(const GLoadedBinary *binary, GtkExt } + done = get_current_progessive_status(info); + + fini_progessive_status(info); + + /** + * Seconde phase : on comble les trous laissés. + */ + + info = init_progessive_status(statusbar, + _("Disassembling the remaining instructions..."), + done, length); + + ensure_all_mem_areas_are_filled(areas, count, binary, ctx, info); + + fini_progessive_status(info); - ensure_all_mem_areas_are_filled(areas, count, binary, ctx, info); + /** + * Troisième et dernière phase : récolte des fruits. + */ + info = init_progessive_status(statusbar, + _("Collecting disassembled instructions..."), + 0, length); + result = collect_instructions_from_mem_areas(areas, count); - result = collect_instructions_from_mem_areas(areas, count); + fini_progessive_status(info); - /* free */ + /* free */ - return result; + return result; } diff --git a/src/analysis/disass/fetch.h b/src/analysis/disass/fetch.h index 96d04a2..0270f78 100644 --- a/src/analysis/disass/fetch.h +++ b/src/analysis/disass/fetch.h @@ -2,7 +2,7 @@ /* Chrysalide - Outil d'analyse de fichiers binaires * fetch.h - prototypes pour la récupération d'instructions à partir de binaire brut * - * Copyright (C) 2010-2013 Cyrille Bagard + * Copyright (C) 2010-2014 Cyrille Bagard * * This file is part of Chrysalide. * @@ -21,27 +21,18 @@ */ -#ifndef _ANALYSIS_DISASS_INSTR_H -#define _ANALYSIS_DISASS_INSTR_H +#ifndef _ANALYSIS_DISASS_FETCH_H +#define _ANALYSIS_DISASS_FETCH_H #include "../binary.h" -#include "../../format/part.h" #include "../../gtkext/gtkextstatusbar.h" - - -/* Procède au désassemblage basique d'un contenu binaire. */ -GArchInstruction *disassemble_binary_content(const GLoadedBinary *, GtkExtStatusBar *, bstatus_id_t); - - - - /* Procède au désassemblage basique d'un contenu binaire. */ -GArchInstruction *disassemble_binary_parts(const GLoadedBinary *, GBinPart **, size_t, GtkExtStatusBar *, bstatus_id_t); +GArchInstruction *disassemble_binary_content(const GLoadedBinary *, GtkExtStatusBar *); -#endif /* _ANALYSIS_DISASS_INSTR_H */ +#endif /* _ANALYSIS_DISASS_FETCH_H */ |