x64dbg/x64dbg
x64dbg
/
x64dbg
1
0
Fork 0
Code Releases 5 Activity

DBG: BasicBlock: Switch flags from INT3 to PADDING in terms of instructions

This commit is contained in:
Nukem 2015-07-09 21:16:23 -04:00
parent a04cded464
commit 14c885dff4
4 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
x64_dbg_dbg/BasicBlock.h
View File

@ -11,8 +11,8 @@ enum BasicBlockFlags : uint
BASIC_BLOCK_FLAG_RET = (1 << 4), // The block ends with a retn
BASIC_BLOCK_FLAG_INDIRECT = (1 << 5), // This block ends with an indirect branch
BASIC_BLOCK_FLAG_INDIRPTR = (1 << 6), // This block ends with an indirect branch; pointer known
BASIC_BLOCK_FLAG_PREINT3 = (1 << 7), // Block ends because there was an INT3 afterwards
BASIC_BLOCK_FLAG_INT3 = (1 << 8), // Block is only a series of INT3
BASIC_BLOCK_FLAG_PREPAD = (1 << 7), // Block ends because there was padding afterwards
BASIC_BLOCK_FLAG_PAD = (1 << 8), // Block is only a series of padding instructions
BASIC_BLOCK_FLAG_CUTOFF = (1 << 9), // Ends prematurely because of another JMP to location
BASIC_BLOCK_FLAG_DELETE = (1 << 10), // Delete element at the next possible time
};

4
x64_dbg_dbg/Int3CoagulatorPass.cpp
View File

@ -39,7 +39,7 @@ void Int3CoagulatorPass::AnalysisWorker(uint Start, uint End, std::vector<BasicB
for(auto itr = Blocks->begin(); counterIndex < End; itr++, counterIndex++)
{
if(!itr->GetFlag(BASIC_BLOCK_FLAG_INT3))
if(!itr->GetFlag(BASIC_BLOCK_FLAG_PAD))
{
// Synchronize the vector if more than 1 instruction
// is present. (Combine)
@ -52,7 +52,7 @@ void Int3CoagulatorPass::AnalysisWorker(uint Start, uint End, std::vector<BasicB
BasicBlock block;
block.VirtualStart = intSeriesStart;
block.VirtualEnd = intSeriesStart + intSeriesSize;
block.SetFlag(BASIC_BLOCK_FLAG_INT3);
block.SetFlag(BASIC_BLOCK_FLAG_PAD);
itr = Blocks->insert(itr, block);

24
x64_dbg_dbg/LinearPass.cpp
View File

@ -148,7 +148,7 @@ void LinearPass::AnalysisWorker(uint Start, uint End, BBlockArray* Blocks)
uint blockBegin = Start; // BBlock starting virtual address
uint blockEnd = End; // BBlock ending virtual address
bool blockPrevInt = false; // Indicator if the last instruction was INT
bool blockPrevPad = false; // Indicator if the last instruction was padding
BasicBlock* lastBlock = nullptr;// Avoid an expensive call to std::vector::back()
for(uint i = Start; i < End;)
@ -168,9 +168,9 @@ void LinearPass::AnalysisWorker(uint Start, uint End, BBlockArray* Blocks)
bool call = disasm.InGroup(CS_GRP_CALL); // CALL
bool jmp = disasm.InGroup(CS_GRP_JUMP); // JUMP
bool ret = disasm.InGroup(CS_GRP_RET); // RETURN
bool intr = disasm.InGroup(CS_GRP_INT); // INTERRUPT
bool padding = disasm.IsFilling(); // INSTRUCTION PADDING
if(intr)
if(padding)
{
// INT3s are treated differently. They are all created as their
// own separate block for more analysis later.
@ -181,16 +181,16 @@ void LinearPass::AnalysisWorker(uint Start, uint End, BBlockArray* Blocks)
// The next line terminates the BBlock before the INT instruction.
// Early termination, faked as an indirect JMP. Rare case.
lastBlock = CreateBlockWorker(Blocks, blockBegin, realBlockEnd, false, false, false, false);
lastBlock->SetFlag(BASIC_BLOCK_FLAG_PREINT3);
lastBlock->SetFlag(BASIC_BLOCK_FLAG_PREPAD);
blockBegin = realBlockEnd;
}
}
if(call || jmp || ret || intr)
if(call || jmp || ret || padding)
{
// Was this an INT3?
if(intr && blockPrevInt)
// Was this a padding instruction?
if(padding && blockPrevPad)
{
// Append it to the previous block
lastBlock->VirtualEnd = blockEnd;
@ -198,7 +198,7 @@ void LinearPass::AnalysisWorker(uint Start, uint End, BBlockArray* Blocks)
else
{
// Otherwise use the default route: create a new entry
auto block = lastBlock = CreateBlockWorker(Blocks, blockBegin, blockEnd, call, jmp, ret, intr);
auto block = lastBlock = CreateBlockWorker(Blocks, blockBegin, blockEnd, call, jmp, ret, padding);
// Figure out the operand type
auto operand = disasm.x86().operands[0];
@ -226,7 +226,7 @@ void LinearPass::AnalysisWorker(uint Start, uint End, BBlockArray* Blocks)
// Reset the loop variables
blockBegin = i;
blockPrevInt = intr;
blockPrevPad = padding;
}
}
}
@ -298,7 +298,7 @@ void LinearPass::AnalysisOverlapWorker(uint Start, uint End, BBlockArray* Insert
}
}
BasicBlock* LinearPass::CreateBlockWorker(std::vector<BasicBlock>* Blocks, uint Start, uint End, bool Call, bool Jmp, bool Ret, bool Intr)
BasicBlock* LinearPass::CreateBlockWorker(std::vector<BasicBlock>* Blocks, uint Start, uint End, bool Call, bool Jmp, bool Ret, bool Pad)
{
BasicBlock block;
block.VirtualStart = Start;
@ -315,8 +315,8 @@ BasicBlock* LinearPass::CreateBlockWorker(std::vector<BasicBlock>* Blocks, uint
block.SetFlag(BASIC_BLOCK_FLAG_RET);
// Check for interrupts
if(Intr)
block.SetFlag(BASIC_BLOCK_FLAG_INT3);
if(Pad)
block.SetFlag(BASIC_BLOCK_FLAG_PAD);
Blocks->push_back(block);
return &Blocks->back();

2
x64_dbg_dbg/LinearPass.h
View File

@ -16,5 +16,5 @@ public:
private:
void AnalysisWorker(uint Start, uint End, BBlockArray* Blocks);
void AnalysisOverlapWorker(uint Start, uint End, BBlockArray* Insertions);
BasicBlock* CreateBlockWorker(BBlockArray* Blocks, uint Start, uint End, bool Call, bool Jmp, bool Ret, bool Intr);
BasicBlock* CreateBlockWorker(BBlockArray* Blocks, uint Start, uint End, bool Call, bool Jmp, bool Ret, bool Pad);
};