From 8827cf755762f70f0c4edb3bafe5d79b9fee0f15 Mon Sep 17 00:00:00 2001 From: Cyrille Bagard <nocbos@gmail.com> Date: Wed, 6 Jun 2018 18:34:00 +0200 Subject: Hidden virtual addresses when code runs in a VM. --- plugins/arm/v7/processor.c | 1 + plugins/dalvik/processor.c | 1 + plugins/pychrysalide/arch/processor.c | 52 ++++++++++++++++++++++++++++++++++- src/analysis/binary.c | 2 ++ src/arch/processor-int.h | 1 + src/arch/processor.c | 19 +++++++++++++ src/arch/processor.h | 3 ++ src/gui/panels/errors.c | 10 +++++++ 8 files changed, 88 insertions(+), 1 deletion(-) diff --git a/plugins/arm/v7/processor.c b/plugins/arm/v7/processor.c index e708814..b7a73f4 100644 --- a/plugins/arm/v7/processor.c +++ b/plugins/arm/v7/processor.c @@ -129,6 +129,7 @@ static void g_armv7_processor_init(GArmV7Processor *proc) parent->endianness = SRE_LITTLE; parent->memsize = MDS_32_BITS; parent->inssize = MDS_32_BITS; + parent->virt_space = true; } diff --git a/plugins/dalvik/processor.c b/plugins/dalvik/processor.c index 93e66fa..8d24d5a 100644 --- a/plugins/dalvik/processor.c +++ b/plugins/dalvik/processor.c @@ -113,6 +113,7 @@ static void g_dalvik_processor_init(GDalvikProcessor *proc) parent->endianness = SRE_LITTLE; parent->memsize = MDS_32_BITS; parent->inssize = MDS_16_BITS; + parent->virt_space = false; } diff --git a/plugins/pychrysalide/arch/processor.c b/plugins/pychrysalide/arch/processor.c index 65431af..c2ee530 100644 --- a/plugins/pychrysalide/arch/processor.c +++ b/plugins/pychrysalide/arch/processor.c @@ -50,7 +50,8 @@ - +/* Indique si l'architecture possède un espace virtuel ou non. */ +static PyObject *py_arch_processor_has_virtual_space(PyObject *, void *); @@ -87,6 +88,51 @@ static bool define_python_arch_processor_constants(PyTypeObject *); + + + + + + + + + + +/****************************************************************************** +* * +* Paramètres : self = objet Python concerné par l'appel. * +* closure = non utilisé ici. * +* * +* Description : Indique si l'architecture possède un espace virtuel ou non. * +* * +* Retour : True si un espace virtuel existe, False sinon. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static PyObject *py_arch_processor_has_virtual_space(PyObject *self, void *closure) +{ + PyObject *result; /* Instance Python à retourner */ + GArchProcessor *proc; /* Architecture visée */ + bool status; /* Bilan de consultation */ + + proc = G_ARCH_PROCESSOR(pygobject_get(self)); + + status = g_arch_processor_has_virtual_space(proc); + + result = status ? Py_True : Py_False; + Py_INCREF(result); + + return result; + +} + + + + + + /* ---------------------------------------------------------------------------------- */ /* CONSERVATION DES SOUCIS DURANT LE CHARGEMENT */ /* ---------------------------------------------------------------------------------- */ @@ -396,6 +442,10 @@ PyTypeObject *get_python_arch_processor_type(void) static PyGetSetDef py_arch_processor_getseters[] = { { + "virtual_space", py_arch_processor_has_virtual_space, NULL, + "Tell if the processor provides a virtual address space.", NULL + }, + { "errors", py_arch_processor_get_errors, NULL, "List of all detected errors which occurred during the disassembling process.", NULL }, diff --git a/src/analysis/binary.c b/src/analysis/binary.c index 54ad89b..498f5c4 100644 --- a/src/analysis/binary.c +++ b/src/analysis/binary.c @@ -1655,6 +1655,8 @@ static bool g_loaded_binary_analyze(GLoadedBinary *binary, wgroup_id_t gid, GtkS goto glba_exit; } + binary->col_display[BVW_BLOCK][BLC_VIRTUAL] = g_arch_processor_has_virtual_space(binary->proc); + /* Phase de désassemblage pur */ g_loaded_binary_connect_internal(binary); diff --git a/src/arch/processor-int.h b/src/arch/processor-int.h index cc39307..153f9ae 100644 --- a/src/arch/processor-int.h +++ b/src/arch/processor-int.h @@ -72,6 +72,7 @@ struct _GArchProcessor SourceEndian endianness; /* Boutisme de l'architecture */ MemoryDataSize memsize; /* Taille de l'espace mémoire */ MemoryDataSize inssize; /* Taille min. d'encodage */ + bool virt_space; /* Présence d'espace virtuel ? */ GArchInstruction **instructions; /* Instructions désassemblées */ size_t instr_count; /* Taille de la liste aplatie */ diff --git a/src/arch/processor.c b/src/arch/processor.c index 92669ed..81bbd4f 100644 --- a/src/arch/processor.c +++ b/src/arch/processor.c @@ -320,6 +320,25 @@ MemoryDataSize g_arch_processor_get_instruction_size(const GArchProcessor *proc) /****************************************************************************** * * +* Paramètres : proc = processeur d'architecture à consulter. * +* * +* Description : Indique si l'architecture possède un espace virtuel ou non. * +* * +* Retour : true si un espace virtuel existe, false sinon. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_arch_processor_has_virtual_space(const GArchProcessor *proc) +{ + return proc->virt_space; + +} + + +/****************************************************************************** +* * * Paramètres : proc = architecture visée par la procédure. * * ctx = contexte lié à l'exécution du processeur. * * content = flux de données à analyser. * diff --git a/src/arch/processor.h b/src/arch/processor.h index 31b2b69..40a610b 100644 --- a/src/arch/processor.h +++ b/src/arch/processor.h @@ -70,6 +70,9 @@ MemoryDataSize g_arch_processor_get_memory_size(const GArchProcessor *); /* Fournit la taille min. des instructions d'une architecture. */ MemoryDataSize g_arch_processor_get_instruction_size(const GArchProcessor *); +/* Indique si l'architecture possède un espace virtuel ou non. */ +bool g_arch_processor_has_virtual_space(const GArchProcessor *); + /* Désassemble une instruction dans un flux de données. */ GArchInstruction *g_arch_processor_disassemble(const GArchProcessor *, GProcContext *, const GBinContent *, vmpa2t *, GExeFormat *); diff --git a/src/gui/panels/errors.c b/src/gui/panels/errors.c index a529314..161d1ab 100644 --- a/src/gui/panels/errors.c +++ b/src/gui/panels/errors.c @@ -1139,6 +1139,8 @@ static void g_error_panel_conclude(GErrorPanel *panel, unsigned int uid, error_u { GtkBuilder *builder; /* Constructeur utilisé */ GtkTreeView *treeview; /* Arborescence graphique */ + GArchProcessor *proc; /* Architecture du binaire */ + GtkTreeViewColumn *virt_col; /* Colonne des espaces virtuels*/ GtkTreeModel *model; /* Source de données associée */ if (g_atomic_int_get(&G_PANEL_ITEM(panel)->switched) > 1) @@ -1157,6 +1159,14 @@ static void g_error_panel_conclude(GErrorPanel *panel, unsigned int uid, error_u treeview = GTK_TREE_VIEW(gtk_builder_get_object(builder, "treeview")); + proc = g_loaded_binary_get_processor(panel->binary); + + virt_col = gtk_tree_view_get_column(treeview, 1); + + gtk_tree_view_column_set_visible(virt_col, g_arch_processor_has_virtual_space(proc)); + + g_object_unref(G_OBJECT(proc)); + model = GTK_TREE_MODEL(gtk_builder_get_object(builder, "filter")); g_object_ref(G_OBJECT(model)); -- cgit v0.11.2-87-g4458