Fix aab. (a8 -> ab). Implement /gg and /g?

2025-03-03 19:59:09 +00:00 · 2018-04-05 01:45:12 +02:00 · 2018-04-05 01:45:12 +02:00 · 613b240449
commit 613b240449
parent 5556e7d841
4 changed files with 105 additions and 39 deletions
--- a/libr/core/canal.c
+++ b/libr/core/canal.c
@ -3997,50 +3997,92 @@ typedef struct {
 	ut64 to;
 	RAnalBlock *toBB;
 	RAnalBlock *cur;
+	bool followCalls;
+	int count;
 } RCoreAnalPaths;

-static void printAnalPaths(RCoreAnalPaths *p) {
+static bool printAnalPaths(RCoreAnalPaths *p) {
 	RListIter *iter;
 	RAnalBlock *path;
 	r_cons_printf ("pdb @@= ");
 	r_list_foreach (p->path, iter, path) {
-	//	eprintf ("-> 0x%08"PFMT64x" ", path->addr);
 		r_cons_printf ("0x%08"PFMT64x" ", path->addr);
 	}
-	//eprintf ("-> 0x%08"PFMT64x"\n", p->to);
 	r_cons_printf ("\n");
+	return (p->count < 1 || --p->count > 0);
+}
+
+static void append64(RList *list, ut64 num) {
+	if (num == UT64_MAX) {
+		return;
+	}
+	ut64 *n = R_NEW (ut64);
+	*n = num;
+	r_list_append (list, n);
+}
+
+static RList *analBlockDestinations(RAnalBlock *bb) {
+	RList *list = r_list_newf (free);
+	append64 (list, bb->jump);
+	append64 (list, bb->fail);
+	return list;
+}
+
+static void analPaths (RCoreAnalPaths *p);
+
+static void analPathFollow(RCoreAnalPaths *p, ut64 addr) {
+	if (addr == UT64_MAX) {
+		return;
+	}
+	if (!dict_get (&p->visited, addr)) {
+		p->cur = r_anal_bb_from_offset (p->core->anal, addr);
+		analPaths (p);
+	}
 }

 static void analPaths (RCoreAnalPaths *p) {
 	RAnalBlock *cur = p->cur;
 	if (!cur) {
-		//eprintf ("eof\n");
+		// eprintf ("eof\n");
+		return;
+	}
+	/* handle ^C */
+	if (r_cons_is_breaked ()) {
 		return;
 	}
 	dict_set (&p->visited, cur->addr, 1, NULL);
 	r_list_append (p->path, cur);
-	if (cur->addr == p->toBB->addr) {
-		printAnalPaths (p);
+	if (p->toBB && cur->addr == p->toBB->addr) {
+		if (!printAnalPaths (p)) {
+			return;
+		}
 	} else {
-		if (cur->jump != UT64_MAX) {
-			if (!dict_get (&p->visited, cur->jump)) {
-				p->cur = r_anal_bb_from_offset (p->core->anal, cur->jump);
-				analPaths (p);
+		RAnalBlock *c = cur;
+		ut64 j = cur->jump;
+		ut64 f = cur->fail;
+		analPathFollow (p, j);
+		cur = c;
+		analPathFollow (p, f);
+		if (p->followCalls) {
+			int i;
+			for (i = 0; i < cur->op_pos_size; i++) {
+				ut64 addr = cur->addr + cur->op_pos[i];
+				RAnalOp *op = r_core_anal_op (p->core, addr);
+				if (op && op->type == R_ANAL_OP_TYPE_CALL) {
+					cur = c;
+					analPathFollow (p, op->jump);
+				}
+				cur = c;
+				r_anal_op_free (op);
 			}
 		}
-		if (cur->fail != UT64_MAX) {
-			if (!dict_get (&p->visited, cur->fail)) {
-				p->cur = r_anal_bb_from_offset (p->core->anal, cur->fail);
-				analPaths (p);
-			}
-		}
-		// TODO: follow calls in this basic block
 	}
+end:
 	p->cur = r_list_pop (p->path);
 	dict_del (&p->visited, cur->addr);
 }

-R_API void r_core_anal_paths(RCore *core, ut64 from, ut64 to) {
+R_API void r_core_anal_paths(RCore *core, ut64 from, ut64 to, bool followCalls) {
 	RAnalBlock *b0 = r_anal_bb_from_offset (core->anal, from);
 	RAnalBlock *b1 = r_anal_bb_from_offset (core->anal, to);
 	if (!b0) {
@ -4058,6 +4100,8 @@ R_API void r_core_anal_paths(RCore *core, ut64 from, ut64 to) {
 	rcap.to = to;
 	rcap.toBB = b1;
 	rcap.cur = b0;
+	rcap.count = r_config_get_i (core->config, "search.maxhits");;
+	rcap.followCalls = followCalls;

 	analPaths (&rcap);

--- a/libr/core/cmd_anal.c
+++ b/libr/core/cmd_anal.c
@ -6,7 +6,8 @@
 static const char *help_msg_a[] = {
 	"Usage:", "a", "[abdefFghoprxstc] [...]",
 	"aa", "[?]", "analyze all (fcns + bbs) (aa0 to avoid sub renaming)",
-	"a8", " [hexpairs]", "analyze bytes",
+	"ab", " [addr]", "analyze block at given address",
+	"abx", " [hexpairs]", "analyze bytes",
 	"abb", " [len]", "analyze N basic blocks in [len] (section.size by default)",
 	"ac", " [cycles]", "analyze which op could be executed in [cycles]",
 	"ad", "[?]", "analyze data trampoline (wip)",
@ -59,11 +60,12 @@ static const char *help_msg_aar[] = {
 	NULL
 };

-static const char *help_msg_a8[] = {
-	"Usage:", "a8", "",
-	"a8", " [hexpair-bytes]", "analyze N bytes",
-	"a8j", " [hexpair-bytes]", "analyze N bytes (display in JSON)",
-	"a8b", " [length]", "analyze N bytes and extract basic blocks",
+static const char *help_msg_ab[] = {
+	"Usage:", "ab", "",
+	"ab", " [addr]", "show basic block information at given address",
+	"abb", " [length]", "analyze N bytes and extract basic blocks",
+	"abj", "", "display basic block information in JSON",
+	"abx", " [hexpair-bytes]", "analyze N bytes",
 	NULL
 };

@ -576,7 +578,7 @@ static void cmd_anal_init(RCore *core) {
 	DEFINE_CMD_DESCRIPTOR (core, a);
 	DEFINE_CMD_DESCRIPTOR (core, aa);
 	DEFINE_CMD_DESCRIPTOR (core, aar);
-	DEFINE_CMD_DESCRIPTOR (core, a8);
+	DEFINE_CMD_DESCRIPTOR (core, ab);
 	DEFINE_CMD_DESCRIPTOR (core, ad);
 	DEFINE_CMD_DESCRIPTOR (core, ae);
 	DEFINE_CMD_DESCRIPTOR (core, aea);
@ -4602,7 +4604,6 @@ static void cmd_anal_aftertraps(RCore *core, const char *input) {
 }

 static void cmd_anal_blocks(RCore *core, const char *input) {
-
 	ut64 from , to;
 	char *arg = strchr (input, ' ');
 	r_cons_break_push (NULL, NULL);
@ -6534,20 +6535,29 @@ static int cmd_anal(void *data, const char *input) {
 			free (buf);
 		}
 		break;
-	case '8':
-		if (input[1] == 'b') { // "a8b"
+	case 'b':
+		if (input[1] == 'b') { // "abb"
 			core_anal_bbs (core, input + 2);
-		} else if (input[1] == 'r') { // "a8r"
+		} else if (input[1] == 'r') { // "abr"
 			core_anal_bbs_range (core, input + 2);
-		} else if (input[1] == ' ' || input[1] == 'j') {
+		} else if (input[1] == 'x') { // "abx"
 			ut8 *buf = malloc (strlen (input) + 1);
-			int len = r_hex_str2bin (input + 2, buf);
-			if (len > 0) {
-				core_anal_bytes (core, buf, len, 0, input[1]);
+			if (buf) {
+				int len = r_hex_str2bin (input + 2, buf);
+				if (len > 0) {
+					core_anal_bytes (core, buf, len, 0, input[1]);
+				}
+				free (buf);
 			}
-			free (buf);
+		} else if (input[1] == ' ' || !input[1]) {
+			// find block
+			ut64 addr = core->offset;
+			if (input[1]) {
+				addr = r_num_math (core->num, input + 1);
+			}
+			r_core_cmdf (core, "afbi @ 0x%"PFMT64x, addr);
 		} else {
-			r_core_cmd_help (core, help_msg_a8);
+			r_core_cmd_help (core, help_msg_ab);
 		}
 		break;
 	case 'i': cmd_anal_info (core, input + 1); break; // "ai"
--- a/libr/core/cmd_search.c
+++ b/libr/core/cmd_search.c
@ -3160,9 +3160,21 @@ reread:
 		}
 		break;
 	case 'g': // "/g" graph search
-		{
-			ut64 addr = r_num_math (core->num, input + 1);
-			r_core_anal_paths (core, addr, core->offset);
+		if (input[1] == '?') {
+			r_cons_printf ("Usage: /g[g] [fromaddr] @ [toaddr]\n");
+		} else {
+			ut64 addr;
+			if (input[1]) {
+				addr = r_num_math (core->num, input + 2);
+			} else {
+				RAnalFunction *fcn = r_anal_get_fcn_at (core->anal, addr, 0);
+				if (fcn) {
+					addr = fcn->addr;
+				} else {
+					addr = core->offset;
+				}
+			}
+			r_core_anal_paths (core, addr, core->offset, input[1] == 'g');
 		}
 		break;
 	case 'F': // "/F" search file /F [file] ([offset] ([sz]))
--- a/libr/include/r_core.h
+++ b/libr/include/r_core.h
@ -291,7 +291,7 @@ R_API char* r_core_add_asmqjmp(RCore *core, ut64 addr);

 R_API void r_core_anal_type_init(RCore *core);
 R_API void r_core_anal_cc_init(RCore *core);
-R_API void r_core_anal_paths(RCore *core, ut64 from, ut64 to);
+R_API void r_core_anal_paths(RCore *core, ut64 from, ut64 to, bool followCalls);

 R_API void r_core_list_io(RCore *core);
 /* visual marks */