From 8827cf755762f70f0c4edb3bafe5d79b9fee0f15 Mon Sep 17 00:00:00 2001
From: Cyrille Bagard <nocbos@gmail.com>
Date: Wed, 6 Jun 2018 18:34:00 +0200
Subject: Hidden virtual addresses when code runs in a VM.

---
 plugins/arm/v7/processor.c            |  1 +
 plugins/dalvik/processor.c            |  1 +
 plugins/pychrysalide/arch/processor.c | 52 ++++++++++++++++++++++++++++++++++-
 src/analysis/binary.c                 |  2 ++
 src/arch/processor-int.h              |  1 +
 src/arch/processor.c                  | 19 +++++++++++++
 src/arch/processor.h                  |  3 ++
 src/gui/panels/errors.c               | 10 +++++++
 8 files changed, 88 insertions(+), 1 deletion(-)

diff --git a/plugins/arm/v7/processor.c b/plugins/arm/v7/processor.c
index e708814..b7a73f4 100644
--- a/plugins/arm/v7/processor.c
+++ b/plugins/arm/v7/processor.c
@@ -129,6 +129,7 @@ static void g_armv7_processor_init(GArmV7Processor *proc)
     parent->endianness = SRE_LITTLE;
     parent->memsize = MDS_32_BITS;
     parent->inssize = MDS_32_BITS;
+    parent->virt_space = true;
 
 }
 
diff --git a/plugins/dalvik/processor.c b/plugins/dalvik/processor.c
index 93e66fa..8d24d5a 100644
--- a/plugins/dalvik/processor.c
+++ b/plugins/dalvik/processor.c
@@ -113,6 +113,7 @@ static void g_dalvik_processor_init(GDalvikProcessor *proc)
     parent->endianness = SRE_LITTLE;
     parent->memsize = MDS_32_BITS;
     parent->inssize = MDS_16_BITS;
+    parent->virt_space = false;
 
 }
 
diff --git a/plugins/pychrysalide/arch/processor.c b/plugins/pychrysalide/arch/processor.c
index 65431af..c2ee530 100644
--- a/plugins/pychrysalide/arch/processor.c
+++ b/plugins/pychrysalide/arch/processor.c
@@ -50,7 +50,8 @@
 
 
 
-
+/* Indique si l'architecture possède un espace virtuel ou non. */
+static PyObject *py_arch_processor_has_virtual_space(PyObject *, void *);
 
 
 
@@ -87,6 +88,51 @@ static bool define_python_arch_processor_constants(PyTypeObject *);
 
 
 
+
+
+
+
+
+
+
+
+
+
+/******************************************************************************
+*                                                                             *
+*  Paramètres  : self    = objet Python concerné par l'appel.                 *
+*                closure = non utilisé ici.                                   *
+*                                                                             *
+*  Description : Indique si l'architecture possède un espace virtuel ou non.  *
+*                                                                             *
+*  Retour      : True si un espace virtuel existe, False sinon.               *
+*                                                                             *
+*  Remarques   : -                                                            *
+*                                                                             *
+******************************************************************************/
+
+static PyObject *py_arch_processor_has_virtual_space(PyObject *self, void *closure)
+{
+    PyObject *result;                       /* Instance Python à retourner */
+    GArchProcessor *proc;                   /* Architecture visée          */
+    bool status;                            /* Bilan de consultation       */
+
+    proc = G_ARCH_PROCESSOR(pygobject_get(self));
+
+    status = g_arch_processor_has_virtual_space(proc);
+
+    result = status ? Py_True : Py_False;
+    Py_INCREF(result);
+
+    return result;
+
+}
+
+
+
+
+
+
 /* ---------------------------------------------------------------------------------- */
 /*                    CONSERVATION DES SOUCIS DURANT LE CHARGEMENT                    */
 /* ---------------------------------------------------------------------------------- */
@@ -396,6 +442,10 @@ PyTypeObject *get_python_arch_processor_type(void)
 
     static PyGetSetDef py_arch_processor_getseters[] = {
         {
+            "virtual_space", py_arch_processor_has_virtual_space, NULL,
+            "Tell if the processor provides a virtual address space.", NULL
+        },
+        {
             "errors", py_arch_processor_get_errors, NULL,
             "List of all detected errors which occurred during the disassembling process.", NULL
         },
diff --git a/src/analysis/binary.c b/src/analysis/binary.c
index 54ad89b..498f5c4 100644
--- a/src/analysis/binary.c
+++ b/src/analysis/binary.c
@@ -1655,6 +1655,8 @@ static bool g_loaded_binary_analyze(GLoadedBinary *binary, wgroup_id_t gid, GtkS
         goto glba_exit;
     }
 
+    binary->col_display[BVW_BLOCK][BLC_VIRTUAL] = g_arch_processor_has_virtual_space(binary->proc);
+
     /* Phase de désassemblage pur */
 
     g_loaded_binary_connect_internal(binary);
diff --git a/src/arch/processor-int.h b/src/arch/processor-int.h
index cc39307..153f9ae 100644
--- a/src/arch/processor-int.h
+++ b/src/arch/processor-int.h
@@ -72,6 +72,7 @@ struct _GArchProcessor
     SourceEndian endianness;                /* Boutisme de l'architecture  */
     MemoryDataSize memsize;                 /* Taille de l'espace mémoire  */
     MemoryDataSize inssize;                 /* Taille min. d'encodage      */
+    bool virt_space;                        /* Présence d'espace virtuel ? */
 
     GArchInstruction **instructions;        /* Instructions désassemblées  */
     size_t instr_count;                     /* Taille de la liste aplatie  */
diff --git a/src/arch/processor.c b/src/arch/processor.c
index 92669ed..81bbd4f 100644
--- a/src/arch/processor.c
+++ b/src/arch/processor.c
@@ -320,6 +320,25 @@ MemoryDataSize g_arch_processor_get_instruction_size(const GArchProcessor *proc)
 
 /******************************************************************************
 *                                                                             *
+*  Paramètres  : proc = processeur d'architecture à consulter.                *
+*                                                                             *
+*  Description : Indique si l'architecture possède un espace virtuel ou non.  *
+*                                                                             *
+*  Retour      : true si un espace virtuel existe, false sinon.               *
+*                                                                             *
+*  Remarques   : -                                                            *
+*                                                                             *
+******************************************************************************/
+
+bool g_arch_processor_has_virtual_space(const GArchProcessor *proc)
+{
+    return proc->virt_space;
+
+}
+
+
+/******************************************************************************
+*                                                                             *
 *  Paramètres  : proc    = architecture visée par la procédure.               *
 *                ctx     = contexte lié à l'exécution du processeur.          *
 *                content = flux de données à analyser.                        *
diff --git a/src/arch/processor.h b/src/arch/processor.h
index 31b2b69..40a610b 100644
--- a/src/arch/processor.h
+++ b/src/arch/processor.h
@@ -70,6 +70,9 @@ MemoryDataSize g_arch_processor_get_memory_size(const GArchProcessor *);
 /* Fournit la taille min. des instructions d'une architecture. */
 MemoryDataSize g_arch_processor_get_instruction_size(const GArchProcessor *);
 
+/* Indique si l'architecture possède un espace virtuel ou non. */
+bool g_arch_processor_has_virtual_space(const GArchProcessor *);
+
 /* Désassemble une instruction dans un flux de données. */
 GArchInstruction *g_arch_processor_disassemble(const GArchProcessor *, GProcContext *, const GBinContent *, vmpa2t *, GExeFormat *);
 
diff --git a/src/gui/panels/errors.c b/src/gui/panels/errors.c
index a529314..161d1ab 100644
--- a/src/gui/panels/errors.c
+++ b/src/gui/panels/errors.c
@@ -1139,6 +1139,8 @@ static void g_error_panel_conclude(GErrorPanel *panel, unsigned int uid, error_u
 {
     GtkBuilder *builder;                    /* Constructeur utilisé        */
     GtkTreeView *treeview;                  /* Arborescence graphique      */
+    GArchProcessor *proc;                   /* Architecture du binaire     */
+    GtkTreeViewColumn *virt_col;            /* Colonne des espaces virtuels*/
     GtkTreeModel *model;                    /* Source de données associée  */
 
     if (g_atomic_int_get(&G_PANEL_ITEM(panel)->switched) > 1)
@@ -1157,6 +1159,14 @@ static void g_error_panel_conclude(GErrorPanel *panel, unsigned int uid, error_u
 
     treeview = GTK_TREE_VIEW(gtk_builder_get_object(builder, "treeview"));
 
+    proc = g_loaded_binary_get_processor(panel->binary);
+
+    virt_col = gtk_tree_view_get_column(treeview, 1);
+
+    gtk_tree_view_column_set_visible(virt_col, g_arch_processor_has_virtual_space(proc));
+
+    g_object_unref(G_OBJECT(proc));
+
     model = GTK_TREE_MODEL(gtk_builder_get_object(builder, "filter"));
 
     g_object_ref(G_OBJECT(model));
-- 
cgit v0.11.2-87-g4458