From ff9d6470935529cece23378ef9e3aa0f573e5925 Mon Sep 17 00:00:00 2001 From: Cyrille Bagard Date: Mon, 23 Jul 2018 10:20:21 +0200 Subject: Linked callers with callees in Dalvik code. --- plugins/dalvik/link.c | 69 +++++++++++++++++++++++++++++++++++ plugins/dalvik/link.h | 3 ++ plugins/dalvik/v35/opdefs/invoke_6e.d | 6 +++ plugins/dalvik/v35/opdefs/invoke_6f.d | 6 +++ plugins/dalvik/v35/opdefs/invoke_70.d | 6 +++ plugins/dalvik/v35/opdefs/invoke_71.d | 6 +++ plugins/dalvik/v35/opdefs/invoke_72.d | 6 +++ plugins/dalvik/v35/opdefs/invoke_74.d | 6 +++ plugins/dalvik/v35/opdefs/invoke_75.d | 6 +++ plugins/dalvik/v35/opdefs/invoke_76.d | 6 +++ plugins/dalvik/v35/opdefs/invoke_77.d | 6 +++ plugins/dalvik/v35/opdefs/invoke_78.d | 6 +++ 12 files changed, 132 insertions(+) diff --git a/plugins/dalvik/link.c b/plugins/dalvik/link.c index 8e34485..3b5d43e 100644 --- a/plugins/dalvik/link.c +++ b/plugins/dalvik/link.c @@ -374,3 +374,72 @@ void handle_dalvik_packed_switch_links(GArchInstruction *instr, GArchProcessor * } } + + +/****************************************************************************** +* * +* Paramètres : instr = instruction ARMv7 à traiter. * +* proc = représentation de l'architecture utilisée. * +* context = contexte associé à la phase de désassemblage. * +* format = acès aux données du binaire d'origine. * +* * +* Description : Etablit une référence entre appelant et appelé. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void handle_links_between_caller_and_callee(GArchInstruction *instr, GArchProcessor *proc, GProcContext *context, GExeFormat *format) +{ + GArchOperand *op; /* Opérande numérique en place */ + uint32_t index; /* Indice dans la table Dex */ + GDexMethod *method; /* Méthode ciblée ici */ + GBinRoutine *routine; /* Routine liée à la méthode */ + const mrange_t *range; /* Zone d'occupation */ + GArchInstruction *target; /* Ligne visée par la référence*/ + + g_arch_instruction_lock_operands(instr); + + assert(_g_arch_instruction_count_operands(instr) == 2); + + op = _g_arch_instruction_get_operand(instr, 1); + + g_arch_instruction_unlock_operands(instr); + + assert(G_IS_DALVIK_POOL_OPERAND(op)); + + assert(g_dalvik_pool_operand_get_pool_type(G_DALVIK_POOL_OPERAND(op)) == DPT_METHOD); + + index = g_dalvik_pool_operand_get_index(G_DALVIK_POOL_OPERAND(op)); + + method = get_method_from_dex_pool(G_DEX_FORMAT(format), index); + + if (method != NULL) + { + routine = g_dex_method_get_routine(method); + range = g_binary_symbol_get_range(G_BIN_SYMBOL(routine)); + + if (range->addr.physical > 0) + { + target = g_arch_processor_find_instr_by_address(proc, get_mrange_addr(range)); + + if (target != NULL) + { + g_arch_instruction_link_with(instr, target, ILT_REF); + + g_object_unref(G_OBJECT(target)); + + } + + } + + g_object_unref(G_OBJECT(routine)); + g_object_unref(G_OBJECT(method)); + + } + + g_object_unref(G_OBJECT(op)); + +} diff --git a/plugins/dalvik/link.h b/plugins/dalvik/link.h index 3b4a91f..2f1ec6d 100644 --- a/plugins/dalvik/link.h +++ b/plugins/dalvik/link.h @@ -47,6 +47,9 @@ static inline void handle_dalvik_ifz_branch_as_link(GArchInstruction *ins, GArch /* Etablit tous les liens liés à un embranchement compressé. */ void handle_dalvik_packed_switch_links(GArchInstruction *, GArchProcessor *, GProcContext *, GExeFormat *); +/* Etablit une référence entre appelant et appelé. */ +void handle_links_between_caller_and_callee(GArchInstruction *, GArchProcessor *, GProcContext *, GExeFormat *); + #endif /* _PLUGINS_DALVIK_LINK_H */ diff --git a/plugins/dalvik/v35/opdefs/invoke_6e.d b/plugins/dalvik/v35/opdefs/invoke_6e.d index 80bac4b..3f5e9da 100644 --- a/plugins/dalvik/v35/opdefs/invoke_6e.d +++ b/plugins/dalvik/v35/opdefs/invoke_6e.d @@ -49,4 +49,10 @@ In Dex files version 037 or later, if the method_id refers to an i @format 35c | pool_meth + @hooks { + + link = handle_links_between_caller_and_callee + + } + } diff --git a/plugins/dalvik/v35/opdefs/invoke_6f.d b/plugins/dalvik/v35/opdefs/invoke_6f.d index 580e0d1..ad9cc9b 100644 --- a/plugins/dalvik/v35/opdefs/invoke_6f.d +++ b/plugins/dalvik/v35/opdefs/invoke_6f.d @@ -49,4 +49,10 @@ In Dex files version 037 or later, if the method_id refers to an i @format 35c | pool_meth + @hooks { + + link = handle_links_between_caller_and_callee + + } + } diff --git a/plugins/dalvik/v35/opdefs/invoke_70.d b/plugins/dalvik/v35/opdefs/invoke_70.d index 4a168e9..aad6c19 100644 --- a/plugins/dalvik/v35/opdefs/invoke_70.d +++ b/plugins/dalvik/v35/opdefs/invoke_70.d @@ -49,4 +49,10 @@ In Dex files version 037 or later, if the method_id refers to an i @format 35c | pool_meth + @hooks { + + link = handle_links_between_caller_and_callee + + } + } diff --git a/plugins/dalvik/v35/opdefs/invoke_71.d b/plugins/dalvik/v35/opdefs/invoke_71.d index dc67423..d28ff54 100644 --- a/plugins/dalvik/v35/opdefs/invoke_71.d +++ b/plugins/dalvik/v35/opdefs/invoke_71.d @@ -49,4 +49,10 @@ In Dex files version 037 or later, if the method_id refers to an i @format 35c | pool_meth + @hooks { + + link = handle_links_between_caller_and_callee + + } + } diff --git a/plugins/dalvik/v35/opdefs/invoke_72.d b/plugins/dalvik/v35/opdefs/invoke_72.d index e38e64f..fe7eb2c 100644 --- a/plugins/dalvik/v35/opdefs/invoke_72.d +++ b/plugins/dalvik/v35/opdefs/invoke_72.d @@ -49,4 +49,10 @@ In Dex files version 037 or later, if the method_id refers to an i @format 35c | pool_meth + @hooks { + + link = handle_links_between_caller_and_callee + + } + } diff --git a/plugins/dalvik/v35/opdefs/invoke_74.d b/plugins/dalvik/v35/opdefs/invoke_74.d index 3d44a11..0a105cb 100644 --- a/plugins/dalvik/v35/opdefs/invoke_74.d +++ b/plugins/dalvik/v35/opdefs/invoke_74.d @@ -35,4 +35,10 @@ @format 3rc | pool_meth + @hooks { + + link = handle_links_between_caller_and_callee + + } + } diff --git a/plugins/dalvik/v35/opdefs/invoke_75.d b/plugins/dalvik/v35/opdefs/invoke_75.d index 16e0e2b..0596bb0 100644 --- a/plugins/dalvik/v35/opdefs/invoke_75.d +++ b/plugins/dalvik/v35/opdefs/invoke_75.d @@ -35,4 +35,10 @@ @format 3rc | pool_meth + @hooks { + + link = handle_links_between_caller_and_callee + + } + } diff --git a/plugins/dalvik/v35/opdefs/invoke_76.d b/plugins/dalvik/v35/opdefs/invoke_76.d index 597b3aa..2aa3dbc 100644 --- a/plugins/dalvik/v35/opdefs/invoke_76.d +++ b/plugins/dalvik/v35/opdefs/invoke_76.d @@ -35,4 +35,10 @@ @format 3rc | pool_meth + @hooks { + + link = handle_links_between_caller_and_callee + + } + } diff --git a/plugins/dalvik/v35/opdefs/invoke_77.d b/plugins/dalvik/v35/opdefs/invoke_77.d index feabd12..c972bea 100644 --- a/plugins/dalvik/v35/opdefs/invoke_77.d +++ b/plugins/dalvik/v35/opdefs/invoke_77.d @@ -35,4 +35,10 @@ @format 3rc | pool_meth + @hooks { + + link = handle_links_between_caller_and_callee + + } + } diff --git a/plugins/dalvik/v35/opdefs/invoke_78.d b/plugins/dalvik/v35/opdefs/invoke_78.d index e5ed03b..d7ee370 100644 --- a/plugins/dalvik/v35/opdefs/invoke_78.d +++ b/plugins/dalvik/v35/opdefs/invoke_78.d @@ -35,4 +35,10 @@ @format 3rc | pool_meth + @hooks { + + link = handle_links_between_caller_and_callee + + } + } -- cgit v0.11.2-87-g4458