From ff9d6470935529cece23378ef9e3aa0f573e5925 Mon Sep 17 00:00:00 2001
From: Cyrille Bagard <nocbos@gmail.com>
Date: Mon, 23 Jul 2018 10:20:21 +0200
Subject: Linked callers with callees in Dalvik code.

---
 plugins/dalvik/link.c                 | 69 +++++++++++++++++++++++++++++++++++
 plugins/dalvik/link.h                 |  3 ++
 plugins/dalvik/v35/opdefs/invoke_6e.d |  6 +++
 plugins/dalvik/v35/opdefs/invoke_6f.d |  6 +++
 plugins/dalvik/v35/opdefs/invoke_70.d |  6 +++
 plugins/dalvik/v35/opdefs/invoke_71.d |  6 +++
 plugins/dalvik/v35/opdefs/invoke_72.d |  6 +++
 plugins/dalvik/v35/opdefs/invoke_74.d |  6 +++
 plugins/dalvik/v35/opdefs/invoke_75.d |  6 +++
 plugins/dalvik/v35/opdefs/invoke_76.d |  6 +++
 plugins/dalvik/v35/opdefs/invoke_77.d |  6 +++
 plugins/dalvik/v35/opdefs/invoke_78.d |  6 +++
 12 files changed, 132 insertions(+)

diff --git a/plugins/dalvik/link.c b/plugins/dalvik/link.c
index 8e34485..3b5d43e 100644
--- a/plugins/dalvik/link.c
+++ b/plugins/dalvik/link.c
@@ -374,3 +374,72 @@ void handle_dalvik_packed_switch_links(GArchInstruction *instr, GArchProcessor *
     }
 
 }
+
+
+/******************************************************************************
+*                                                                             *
+*  Paramètres  : instr   = instruction ARMv7 à traiter.                       *
+*                proc    = représentation de l'architecture utilisée.         *
+*                context = contexte associé à la phase de désassemblage.      *
+*                format  = acès aux données du binaire d'origine.             *
+*                                                                             *
+*  Description : Etablit une référence entre appelant et appelé.              *
+*                                                                             *
+*  Retour      : -                                                            *
+*                                                                             *
+*  Remarques   : -                                                            *
+*                                                                             *
+******************************************************************************/
+
+void handle_links_between_caller_and_callee(GArchInstruction *instr, GArchProcessor *proc, GProcContext *context, GExeFormat *format)
+{
+    GArchOperand *op;                       /* Opérande numérique en place */
+    uint32_t index;                         /* Indice dans la table Dex    */
+    GDexMethod *method;                     /* Méthode ciblée ici          */
+    GBinRoutine *routine;                   /* Routine liée à la méthode   */
+    const mrange_t *range;                  /* Zone d'occupation           */
+    GArchInstruction *target;               /* Ligne visée par la référence*/
+
+    g_arch_instruction_lock_operands(instr);
+
+    assert(_g_arch_instruction_count_operands(instr) == 2);
+
+    op = _g_arch_instruction_get_operand(instr, 1);
+
+    g_arch_instruction_unlock_operands(instr);
+
+    assert(G_IS_DALVIK_POOL_OPERAND(op));
+
+    assert(g_dalvik_pool_operand_get_pool_type(G_DALVIK_POOL_OPERAND(op)) == DPT_METHOD);
+
+    index = g_dalvik_pool_operand_get_index(G_DALVIK_POOL_OPERAND(op));
+
+    method = get_method_from_dex_pool(G_DEX_FORMAT(format), index);
+
+    if (method != NULL)
+    {
+        routine = g_dex_method_get_routine(method);
+        range = g_binary_symbol_get_range(G_BIN_SYMBOL(routine));
+
+        if (range->addr.physical > 0)
+        {
+            target = g_arch_processor_find_instr_by_address(proc, get_mrange_addr(range));
+
+            if (target != NULL)
+            {
+                g_arch_instruction_link_with(instr, target, ILT_REF);
+
+                g_object_unref(G_OBJECT(target));
+
+            }
+
+        }
+
+        g_object_unref(G_OBJECT(routine));
+        g_object_unref(G_OBJECT(method));
+
+    }
+
+    g_object_unref(G_OBJECT(op));
+
+}
diff --git a/plugins/dalvik/link.h b/plugins/dalvik/link.h
index 3b4a91f..2f1ec6d 100644
--- a/plugins/dalvik/link.h
+++ b/plugins/dalvik/link.h
@@ -47,6 +47,9 @@ static inline void handle_dalvik_ifz_branch_as_link(GArchInstruction *ins, GArch
 /* Etablit tous les liens liés à un embranchement compressé. */
 void handle_dalvik_packed_switch_links(GArchInstruction *, GArchProcessor *, GProcContext *, GExeFormat *);
 
+/* Etablit une référence entre appelant et appelé. */
+void handle_links_between_caller_and_callee(GArchInstruction *, GArchProcessor *, GProcContext *, GExeFormat *);
+
 
 
 #endif  /* _PLUGINS_DALVIK_LINK_H */
diff --git a/plugins/dalvik/v35/opdefs/invoke_6e.d b/plugins/dalvik/v35/opdefs/invoke_6e.d
index 80bac4b..3f5e9da 100644
--- a/plugins/dalvik/v35/opdefs/invoke_6e.d
+++ b/plugins/dalvik/v35/opdefs/invoke_6e.d
@@ -49,4 +49,10 @@ In Dex files version <b>037</b> or later, if the <b>method_id</b> refers to an i
 
     @format 35c | pool_meth
 
+    @hooks {
+
+        link = handle_links_between_caller_and_callee
+
+    }
+
 }
diff --git a/plugins/dalvik/v35/opdefs/invoke_6f.d b/plugins/dalvik/v35/opdefs/invoke_6f.d
index 580e0d1..ad9cc9b 100644
--- a/plugins/dalvik/v35/opdefs/invoke_6f.d
+++ b/plugins/dalvik/v35/opdefs/invoke_6f.d
@@ -49,4 +49,10 @@ In Dex files version <b>037</b> or later, if the <b>method_id</b> refers to an i
 
     @format 35c | pool_meth
 
+    @hooks {
+
+        link = handle_links_between_caller_and_callee
+
+    }
+
 }
diff --git a/plugins/dalvik/v35/opdefs/invoke_70.d b/plugins/dalvik/v35/opdefs/invoke_70.d
index 4a168e9..aad6c19 100644
--- a/plugins/dalvik/v35/opdefs/invoke_70.d
+++ b/plugins/dalvik/v35/opdefs/invoke_70.d
@@ -49,4 +49,10 @@ In Dex files version <b>037</b> or later, if the <b>method_id</b> refers to an i
 
     @format 35c | pool_meth
 
+    @hooks {
+
+        link = handle_links_between_caller_and_callee
+
+    }
+
 }
diff --git a/plugins/dalvik/v35/opdefs/invoke_71.d b/plugins/dalvik/v35/opdefs/invoke_71.d
index dc67423..d28ff54 100644
--- a/plugins/dalvik/v35/opdefs/invoke_71.d
+++ b/plugins/dalvik/v35/opdefs/invoke_71.d
@@ -49,4 +49,10 @@ In Dex files version <b>037</b> or later, if the <b>method_id</b> refers to an i
 
     @format 35c | pool_meth
 
+    @hooks {
+
+        link = handle_links_between_caller_and_callee
+
+    }
+
 }
diff --git a/plugins/dalvik/v35/opdefs/invoke_72.d b/plugins/dalvik/v35/opdefs/invoke_72.d
index e38e64f..fe7eb2c 100644
--- a/plugins/dalvik/v35/opdefs/invoke_72.d
+++ b/plugins/dalvik/v35/opdefs/invoke_72.d
@@ -49,4 +49,10 @@ In Dex files version <b>037</b> or later, if the <b>method_id</b> refers to an i
 
     @format 35c | pool_meth
 
+    @hooks {
+
+        link = handle_links_between_caller_and_callee
+
+    }
+
 }
diff --git a/plugins/dalvik/v35/opdefs/invoke_74.d b/plugins/dalvik/v35/opdefs/invoke_74.d
index 3d44a11..0a105cb 100644
--- a/plugins/dalvik/v35/opdefs/invoke_74.d
+++ b/plugins/dalvik/v35/opdefs/invoke_74.d
@@ -35,4 +35,10 @@
 
     @format 3rc | pool_meth
 
+    @hooks {
+
+        link = handle_links_between_caller_and_callee
+
+    }
+
 }
diff --git a/plugins/dalvik/v35/opdefs/invoke_75.d b/plugins/dalvik/v35/opdefs/invoke_75.d
index 16e0e2b..0596bb0 100644
--- a/plugins/dalvik/v35/opdefs/invoke_75.d
+++ b/plugins/dalvik/v35/opdefs/invoke_75.d
@@ -35,4 +35,10 @@
 
     @format 3rc | pool_meth
 
+    @hooks {
+
+        link = handle_links_between_caller_and_callee
+
+    }
+
 }
diff --git a/plugins/dalvik/v35/opdefs/invoke_76.d b/plugins/dalvik/v35/opdefs/invoke_76.d
index 597b3aa..2aa3dbc 100644
--- a/plugins/dalvik/v35/opdefs/invoke_76.d
+++ b/plugins/dalvik/v35/opdefs/invoke_76.d
@@ -35,4 +35,10 @@
 
     @format 3rc | pool_meth
 
+    @hooks {
+
+        link = handle_links_between_caller_and_callee
+
+    }
+
 }
diff --git a/plugins/dalvik/v35/opdefs/invoke_77.d b/plugins/dalvik/v35/opdefs/invoke_77.d
index feabd12..c972bea 100644
--- a/plugins/dalvik/v35/opdefs/invoke_77.d
+++ b/plugins/dalvik/v35/opdefs/invoke_77.d
@@ -35,4 +35,10 @@
 
     @format 3rc | pool_meth
 
+    @hooks {
+
+        link = handle_links_between_caller_and_callee
+
+    }
+
 }
diff --git a/plugins/dalvik/v35/opdefs/invoke_78.d b/plugins/dalvik/v35/opdefs/invoke_78.d
index e5ed03b..d7ee370 100644
--- a/plugins/dalvik/v35/opdefs/invoke_78.d
+++ b/plugins/dalvik/v35/opdefs/invoke_78.d
@@ -35,4 +35,10 @@
 
     @format 3rc | pool_meth
 
+    @hooks {
+
+        link = handle_links_between_caller_and_callee
+
+    }
+
 }
-- 
cgit v0.11.2-87-g4458