From 85c7e2921dc28d78b9c1882af78f88e9ce956fca Mon Sep 17 00:00:00 2001 From: Cyrille Bagard Date: Tue, 19 Jun 2018 19:45:06 +0200 Subject: Improved the Linux syscalls hunt. --- plugins/lnxsyscalls/collect.c | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/plugins/lnxsyscalls/collect.c b/plugins/lnxsyscalls/collect.c index a71e833..87f5fa2 100644 --- a/plugins/lnxsyscalls/collect.c +++ b/plugins/lnxsyscalls/collect.c @@ -524,16 +524,26 @@ bool look_for_registers(tracked_path *path, size_t sid, GArchProcessor *proc, co /* Traitement de l'instruction courante */ - operand = g_arch_instruction_get_operand(instr, 0); + g_arch_instruction_lock_operands(instr); - if (G_IS_REGISTER_OPERAND(operand)) + if (_g_arch_instruction_count_operands(instr) > 0) { - reg = g_register_operand_get_register(G_REGISTER_OPERAND(operand)); + operand = _g_arch_instruction_get_operand(instr, 0); - mark_register_in_tracker(path, sid, reg, instr); + if (G_IS_REGISTER_OPERAND(operand)) + { + reg = g_register_operand_get_register(G_REGISTER_OPERAND(operand)); + + mark_register_in_tracker(path, sid, reg, instr); + + } + + g_object_unref(G_OBJECT(operand)); } + g_arch_instruction_unlock_operands(instr); + /* Détermination de l'instruction suivante */ g_arch_instruction_lock_src(instr); @@ -553,7 +563,6 @@ bool look_for_registers(tracked_path *path, size_t sid, GArchProcessor *proc, co case ILT_CASE_JUMP: case ILT_JUMP_IF_TRUE: case ILT_JUMP_IF_FALSE: - case ILT_LOOP: if (first) { @@ -565,6 +574,12 @@ bool look_for_registers(tracked_path *path, size_t sid, GArchProcessor *proc, co { next = fork_register_tracker(path, sid, proc, link->linked); look_for_registers(path, next, proc, hops); + + /** + * Rechargement car un fork_register_tracker() a pu déplacer la liste via realloc(). + */ + stack = &path->stacks[sid]; + } break; -- cgit v0.11.2-87-g4458