Magic-Mirror/radare2
1
0
Fork 0
mirror of https://github.com/radareorg/radare2.git synced 2024-11-28 15:41:38 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Enhancements to reduce false positives in aae syscalls

Browse Source
This commit is contained in:
pancake 2016-11-15 19:26:55 +01:00
parent ce9551bb29
commit 7f6f58d2d9
5 changed files with 24 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
libr/anal/p/anal_arm_cs.c
View File

@ -922,6 +922,7 @@ static void anop64 (csh handle, RAnalOp *op, cs_insn *insn) {
switch (insn->id) {
case ARM64_INS_SVC:
op->type = R_ANAL_OP_TYPE_SWI;
op->val = IMM64(0);
break;
case ARM64_INS_ADRP:
case ARM64_INS_ADR:

1
libr/anal/p/anal_x86_cs.c
View File

@ -1943,6 +1943,7 @@ static void anop(RAnal *a, RAnalOp *op, ut64 addr, const ut8 *buf, int len, csh
break;
case X86_INS_INT1:
op->type = R_ANAL_OP_TYPE_SWI; // TRAP
op->val = 1;
break;
case X86_INS_INT:
op->type = R_ANAL_OP_TYPE_SWI;

21
libr/core/anal.c
View File

@ -3217,6 +3217,7 @@ R_API void r_core_anal_esil(RCore *core, const char *str, const char *target) {
r_cons_break (cccb, core);
int opalign = r_anal_archinfo (core->anal, R_ANAL_ARCHINFO_ALIGN);
int in = r_syscall_get_swi (core->anal->syscall);
const char *sn = r_reg_get_name (core->anal->reg, R_REG_NAME_SN);
for (i = 0; i < iend; i++) {
if (esil_anal_stop || r_cons_is_breaked ()) {
@ -3246,18 +3247,20 @@ R_API void r_core_anal_esil(RCore *core, const char *str, const char *target) {
}
switch (op.type) {
case R_ANAL_OP_TYPE_SWI:
{
if (in == -1 || op.val == in) {
r_flag_space_set (core->flags, "syscalls");
int snv = (int)r_reg_getv (core->anal->reg, sn);
RSyscallItem *si = r_syscall_get(core->anal->syscall, snv, -1);
if (si) {
//eprintf ("0x%08"PFMT64x" SYSCALL %-4d %s\n", cur, snv, si->name);
r_flag_set_next (core->flags, sdb_fmt (0, "syscall.%s", si->name), cur, 1);
} else {
//eprintf ("0x%08"PFMT64x" SYSCALL %4d\n", cur, snv);
r_flag_set_next (core->flags, sdb_fmt (0, "syscall.%d", snv), cur, 1);
if (snv > 0) {
RSyscallItem *si = r_syscall_get (core->anal->syscall, snv, in);
if (si) {
// eprintf ("0x%08"PFMT64x" SYSCALL %-4d %s\n", cur, snv, si->name);
r_flag_set_next (core->flags, sdb_fmt (0, "syscall.%s", si->name), cur, 1);
} else {
// eprintf ("0x%08"PFMT64x" SYSCALL %d\n", cur, snv);
r_flag_set_next (core->flags, sdb_fmt (0, "syscall.%d", snv), cur, 1);
}
r_flag_space_set (core->flags, NULL);
}
r_flag_space_set (core->flags, NULL);
}
break;
}

1
libr/include/r_syscall.h
View File

@ -79,6 +79,7 @@ R_API int r_syscall_get_num(RSyscall *ctx, const char *str);
R_API const char *r_syscall_get_i(RSyscall *ctx, int num, int swi);
R_API const char *r_syscall_reg(RSyscall *s, int idx, int num);
R_API RList *r_syscall_list(RSyscall *ctx);
R_API int r_syscall_get_swi(RSyscall *s);
/* io */
R_API const char *r_syscall_get_io(RSyscall *s, int ioport);

14
libr/syscall/syscall.c
View File

@ -154,13 +154,17 @@ R_API void r_syscall_item_free(RSyscallItem *si) {
free (si);
}
static int getswi(Sdb *p, int swi) {
if (p && swi == -1) {
swi = (int)sdb_array_get_num (p, "_", 0, NULL);
static int getswi(RSyscall *s, int swi) {
if (s && swi == -1) {
return r_syscall_get_swi (s);
}
return swi;
}
R_API int r_syscall_get_swi(RSyscall *s) {
return (int)sdb_array_get_num (s->db, "_", 0, NULL);
}
R_API RSyscallItem *r_syscall_get(RSyscall *s, int num, int swi) {
const char *ret, *ret2, *key;
RSyscallItem *si;
@ -168,7 +172,7 @@ R_API RSyscallItem *r_syscall_get(RSyscall *s, int num, int swi) {
eprintf ("Syscall database not loaded\n");
return NULL;
}
swi = getswi (s->db, swi);
swi = getswi (s, swi);
if (swi < 16) {
key = sdb_fmt (0, "%d.%d", swi, num);
} else {
@ -198,7 +202,7 @@ R_API const char *r_syscall_get_i(RSyscall *s, int num, int swi) {
if (!s || !s->db) {
return NULL;
}
swi = getswi (s->db, swi);
swi = getswi (s, swi);
snprintf (foo, sizeof (foo), "0x%x.%d", swi, num);
return sdb_const_get (s->db, foo, 0);
}