From b2fc603cf6953a864936ffb30228f09f915cc1b4 Mon Sep 17 00:00:00 2001 From: "Mr. eXoDia" Date: Tue, 7 Jul 2015 15:32:10 +0200 Subject: [PATCH] DBG: analysis interface + fixed small bugs in control flow analysis --- x64_dbg_dbg/analysis.cpp | 25 +++++++++++++++++++++ x64_dbg_dbg/analysis.h | 26 ++++++++++++++++++++++ x64_dbg_dbg/controlflowanalysis.cpp | 26 ++++------------------ x64_dbg_dbg/controlflowanalysis.h | 29 +++---------------------- x64_dbg_dbg/functionanalysis.cpp | 16 +------------- x64_dbg_dbg/functionanalysis.h | 12 +++------- x64_dbg_dbg/x64_dbg_dbg.vcxproj | 2 ++ x64_dbg_dbg/x64_dbg_dbg.vcxproj.filters | 6 +++++ 8 files changed, 70 insertions(+), 72 deletions(-) create mode 100644 x64_dbg_dbg/analysis.cpp create mode 100644 x64_dbg_dbg/analysis.h diff --git a/x64_dbg_dbg/analysis.cpp b/x64_dbg_dbg/analysis.cpp new file mode 100644 index 00000000..c3a3c8de --- /dev/null +++ b/x64_dbg_dbg/analysis.cpp @@ -0,0 +1,25 @@ +#include "analysis.h" +#include "memory.h" + +Analysis::Analysis(uint base, uint size) +{ + _base = base; + _size = size; + _data = new unsigned char[_size + MAX_DISASM_BUFFER]; + MemRead((void*)_base, _data, _size, 0); +} + +Analysis::~Analysis() +{ + delete[] _data; +} + +bool Analysis::IsValidAddress(uint addr) +{ + return addr >= _base && addr < _base + _size; +} + +const unsigned char* Analysis::TranslateAddress(uint addr) +{ + return IsValidAddress(addr) ? _data + (addr - _base) : nullptr; +} \ No newline at end of file diff --git a/x64_dbg_dbg/analysis.h b/x64_dbg_dbg/analysis.h new file mode 100644 index 00000000..4f3a9169 --- /dev/null +++ b/x64_dbg_dbg/analysis.h @@ -0,0 +1,26 @@ +#ifndef _ANALYSIS_H +#define _ANALYSIS_H + +#include "_global.h" +#include "capstone_wrapper.h" + +class Analysis +{ +public: + explicit Analysis(uint base, uint size); + Analysis(const Analysis & that) = delete; + ~Analysis(); + virtual void Analyse() = 0; + virtual void SetMarkers() = 0; + +protected: + uint _base; + uint _size; + unsigned char* _data; + Capstone _cp; + + bool IsValidAddress(uint addr); + const unsigned char* TranslateAddress(uint addr); +}; + +#endif //_ANALYSIS_H \ No newline at end of file diff --git a/x64_dbg_dbg/controlflowanalysis.cpp b/x64_dbg_dbg/controlflowanalysis.cpp index ffae4425..0e51fc88 100644 --- a/x64_dbg_dbg/controlflowanalysis.cpp +++ b/x64_dbg_dbg/controlflowanalysis.cpp @@ -2,27 +2,8 @@ #include "memory.h" #include "console.h" -ControlFlowAnalysis::ControlFlowAnalysis(uint base, uint size) +ControlFlowAnalysis::ControlFlowAnalysis(uint base, uint size) : Analysis(base, size) { - _base = base; - _size = size; - _data = new unsigned char[_size + MAX_DISASM_BUFFER]; - MemRead((void*)_base, _data, _size, 0); -} - -ControlFlowAnalysis::~ControlFlowAnalysis() -{ - delete[] _data; -} - -bool ControlFlowAnalysis::IsValidAddress(uint addr) -{ - return addr >= _base && addr < _base + _size; -} - -const unsigned char* ControlFlowAnalysis::TranslateAddress(uint addr) -{ - return IsValidAddress(addr) ? _data + (addr - _base) : nullptr; } void ControlFlowAnalysis::Analyse() @@ -78,6 +59,7 @@ void ControlFlowAnalysis::SetMarkers() void ControlFlowAnalysis::BasicBlockStarts() { + _blockStarts.insert(_base); bool bSkipFilling = false; for(uint i = 0; i < _size;) { @@ -92,7 +74,7 @@ void ControlFlowAnalysis::BasicBlockStarts() _blockStarts.insert(addr); } } - else if(_cp.InGroup(CS_GRP_RET)) + else if(_cp.InGroup(CS_GRP_RET) || _cp.InGroup(CS_GRP_INT)) //RET/INT break control flow { bSkipFilling = true; //skip INT3/NOP/whatever filling bytes (those are not part of the control flow) } @@ -103,7 +85,7 @@ void ControlFlowAnalysis::BasicBlockStarts() if(_cp.GetId() != X86_INS_JMP) //unconditional jump dest2 = addr + _cp.Size(); - if(!dest1 && !dest2) + if(!dest1 && !dest2) //TODO: better code for this (make sure absolutely no filling is inserted) bSkipFilling = true; if(dest1) _blockStarts.insert(dest1); diff --git a/x64_dbg_dbg/controlflowanalysis.h b/x64_dbg_dbg/controlflowanalysis.h index 9316f60d..5d4545d8 100644 --- a/x64_dbg_dbg/controlflowanalysis.h +++ b/x64_dbg_dbg/controlflowanalysis.h @@ -3,34 +3,16 @@ #include "_global.h" #include "capstone_wrapper.h" +#include "analysis.h" -class ControlFlowAnalysis +class ControlFlowAnalysis : public Analysis { public: explicit ControlFlowAnalysis(uint base, uint size); - ControlFlowAnalysis(const ControlFlowAnalysis & that) = delete; - ~ControlFlowAnalysis(); - bool IsValidAddress(uint addr); - const unsigned char* TranslateAddress(uint addr); void Analyse(); void SetMarkers(); - struct FunctionInfo - { - uint start; - uint end; - - bool operator<(const FunctionInfo & b) const - { - return start < b.start; - } - - bool operator==(const FunctionInfo & b) const - { - return start == b.start; - } - }; - +private: struct BasicBlock { uint start; @@ -55,13 +37,8 @@ public: } }; -private: - uint _base; - uint _size; - unsigned char* _data; std::set _blockStarts; std::vector _blocks; - Capstone _cp; void BasicBlockStarts(); void BasicBlocks(); diff --git a/x64_dbg_dbg/functionanalysis.cpp b/x64_dbg_dbg/functionanalysis.cpp index d7ac1c26..d3c0ec1b 100644 --- a/x64_dbg_dbg/functionanalysis.cpp +++ b/x64_dbg_dbg/functionanalysis.cpp @@ -3,22 +3,8 @@ #include "memory.h" #include "function.h" -FunctionAnalysis::FunctionAnalysis(uint base, uint size) +FunctionAnalysis::FunctionAnalysis(uint base, uint size) : Analysis(base, size) { - _base = base; - _size = size; - _data = new unsigned char[_size + MAX_DISASM_BUFFER]; - MemRead((void*)_base, _data, _size, 0); -} - -FunctionAnalysis::~FunctionAnalysis() -{ - delete[] _data; -} - -const unsigned char* FunctionAnalysis::TranslateAddress(uint addr) -{ - return (addr >= _base && addr < _base + _size) ? _data + (addr - _base) : nullptr; } void FunctionAnalysis::Analyse() diff --git a/x64_dbg_dbg/functionanalysis.h b/x64_dbg_dbg/functionanalysis.h index 5fa7354b..96a22460 100644 --- a/x64_dbg_dbg/functionanalysis.h +++ b/x64_dbg_dbg/functionanalysis.h @@ -3,17 +3,16 @@ #include "_global.h" #include "capstone_wrapper.h" +#include "analysis.h" -class FunctionAnalysis +class FunctionAnalysis : public Analysis { public: explicit FunctionAnalysis(uint base, uint size); - FunctionAnalysis(const FunctionAnalysis & that) = delete; - ~FunctionAnalysis(); - const unsigned char* TranslateAddress(uint addr); void Analyse(); void SetMarkers(); +private: struct FunctionInfo { uint start; @@ -30,12 +29,7 @@ public: } }; -private: - uint _base; - uint _size; - unsigned char* _data; std::vector _functions; - Capstone _cp; void SortCleanup(); void PopulateReferences(); diff --git a/x64_dbg_dbg/x64_dbg_dbg.vcxproj b/x64_dbg_dbg/x64_dbg_dbg.vcxproj index 389e0762..0178d0f3 100644 --- a/x64_dbg_dbg/x64_dbg_dbg.vcxproj +++ b/x64_dbg_dbg/x64_dbg_dbg.vcxproj @@ -20,6 +20,7 @@ + @@ -75,6 +76,7 @@ + diff --git a/x64_dbg_dbg/x64_dbg_dbg.vcxproj.filters b/x64_dbg_dbg/x64_dbg_dbg.vcxproj.filters index 8461ca06..3e721cf6 100644 --- a/x64_dbg_dbg/x64_dbg_dbg.vcxproj.filters +++ b/x64_dbg_dbg/x64_dbg_dbg.vcxproj.filters @@ -246,6 +246,9 @@ Source Files\Analysis + + Source Files\Analysis + @@ -569,5 +572,8 @@ Header Files\Analysis + + Header Files\Analysis + \ No newline at end of file