From 89c309a90056fbc5bd5a7a19f947c231a9951fd6 Mon Sep 17 00:00:00 2001 From: Khairul Azhar Kasmiran Date: Thu, 18 Jan 2018 03:34:53 +0800 Subject: [PATCH] bin.strpurge: added fine-grained purging of strings to iz (#9210) --- libr/bin/bin.c | 2 +- libr/core/cbin.c | 39 +++++++++++++++++++++++++++++++++------ libr/core/cconfig.c | 10 +++++----- libr/core/disasm.c | 24 ++---------------------- libr/include/r_bin.h | 3 +-- libr/include/r_core.h | 2 +- 6 files changed, 43 insertions(+), 37 deletions(-) diff --git a/libr/bin/bin.c b/libr/bin/bin.c index c98cb91747..97f45f700c 100644 --- a/libr/bin/bin.c +++ b/libr/bin/bin.c @@ -2124,7 +2124,7 @@ R_API RBin *r_bin_new() { bin->cb_printf = (PrintfCallback)printf; bin->plugins = r_list_newf ((RListFree)plugin_free); bin->minstrlen = 0; - bin->strpurge_addrs = NULL; + bin->strpurge = NULL; bin->want_dbginfo = true; bin->cur = NULL; bin->io_owned = false; diff --git a/libr/core/cbin.c b/libr/core/cbin.c index 03bd5399ee..029c17bf8a 100644 --- a/libr/core/cbin.c +++ b/libr/core/cbin.c @@ -148,7 +148,7 @@ R_API RBinFile * r_core_bin_cur(RCore *core) { return binfile; } -R_API bool r_core_bin_strpurge(const char *str) { +static bool false_positive(const char *str) { int i; ut8 bo[0x100]; int up = 0; @@ -199,10 +199,37 @@ R_API bool r_core_bin_strpurge(const char *str) { return false; } -static bool string_filter(RCore *core, const char *str) { +R_API bool r_core_bin_strpurge(RCore *core, const char *str, ut64 refaddr) { + if (core->bin->strpurge) { + char *addrs = strdup (core->bin->strpurge); + if (addrs) { + int splits = r_str_split (addrs, ','); + int i; + char *ptr; + ut64 addr; + for (i = 0, ptr = addrs; i < splits; i++, ptr += strlen (ptr) + 1) { + if (!strcmp (ptr, "true") && false_positive (str)) { + free (addrs); + return true; + } + addr = r_num_get (NULL, ptr); + if (addr != 0 || *ptr == '0') { + if (refaddr == addr) { + free (addrs); + return true; + } + } + } + free (addrs); + } + } + return false; +} + +static bool string_filter(RCore *core, const char *str, ut64 addr) { int i; /* pointer/rawdata detection */ - if (core->bin->strpurge && r_core_bin_strpurge (str)) { + if (r_core_bin_strpurge (core, str, addr)) { return false; } @@ -342,12 +369,12 @@ static void _print_strings(RCore *r, RList *list, int mode, int va) { r_list_foreach (list, iter, string) { const char *section_name, *type_string; ut64 paddr, vaddr, addr; - if (!string_filter (r, string->string)) { - continue; - } paddr = string->paddr; vaddr = r_bin_get_vaddr (bin, paddr, string->vaddr); addr = va ? vaddr : paddr; + if (!string_filter (r, string->string, addr)) { + continue; + } if (string->length < minstr) { continue; } diff --git a/libr/core/cconfig.c b/libr/core/cconfig.c index 9bd8357ebb..cc1a10884e 100644 --- a/libr/core/cconfig.c +++ b/libr/core/cconfig.c @@ -780,9 +780,9 @@ static int cb_usextr(void *user, void *data) { static int cb_strpurge(void *user, void *data) { RCore *core = (RCore*) user; RConfigNode *node = (RConfigNode*) data; - core->bin->strpurge = !strncmp (node->value, "true", 4); - free (core->bin->strpurge_addrs); - core->bin->strpurge_addrs = strdup (node->value); + free (core->bin->strpurge); + core->bin->strpurge = !*node->value || !strcmp (node->value, "false") + ? NULL : strdup (node->value); return true; } @@ -2390,8 +2390,8 @@ R_API int r_core_config_init(RCore *core) { SETOPTIONS (n, "latin1", "utf8", "utf16le", "utf32le", "guess", NULL); SETCB ("bin.usextr", "true", &cb_usextr, "Use extract plugins when loading files"); SETCB ("bin.useldr", "true", &cb_useldr, "Use loader plugins when loading files"); - SETCB ("bin.strpurge", "", &cb_strpurge, "Try to purge false positive strings (true: use the classifier in " - "r_core_bin_strpurge(), [,addr]*: specific string addresses to purge)"); + SETCB ("bin.strpurge", "", &cb_strpurge, "Try to purge false positive strings (true: use the " + "false_positive() classifier in cbin.c, [,addr]*: specific string addresses to purge)"); SETPREF ("bin.b64str", "false", "Try to debase64 the strings"); SETPREF ("bin.libs", "false", "Try to load libraries after loading main binary"); n = NODECB ("bin.strfilter", "", &cb_strfilter); diff --git a/libr/core/disasm.c b/libr/core/disasm.c index 43ac0b3835..5049e6d9df 100644 --- a/libr/core/disasm.c +++ b/libr/core/disasm.c @@ -3029,28 +3029,8 @@ static char *ds_esc_str(RDisasmState *ds, const char *str, int len, const char * static void ds_print_str(RDisasmState *ds, const char *str, int len, ut64 refaddr) { const char *prefix; - if (ds->core->bin->strpurge_addrs) { - char *addrs = strdup (ds->core->bin->strpurge_addrs); - if (addrs) { - int splits = r_str_split (addrs, ','); - int i; - char *ptr; - ut64 addr; - for (i = 0, ptr = addrs; i < splits; i++, ptr += strlen (ptr) + 1) { - if (!strcmp (ptr, "true") && r_core_bin_strpurge (str)) { - free (addrs); - return; - } - addr = r_num_get (NULL, ptr); - if (addr != 0 || *ptr == '0') { - if (refaddr == addr) { - free (addrs); - return; - } - } - } - free (addrs); - } + if (r_core_bin_strpurge (ds->core, str, refaddr)) { + return; } char *escstr = ds_esc_str (ds, str, len, &prefix); if (escstr) { diff --git a/libr/include/r_bin.h b/libr/include/r_bin.h index f4df154975..265e39c55f 100644 --- a/libr/include/r_bin.h +++ b/libr/include/r_bin.h @@ -273,8 +273,7 @@ typedef struct r_bin_t { bool want_dbginfo; int filter; // symbol filtering char strfilter; // string filtering - int strpurge; // purge false positive strings - char *strpurge_addrs; + char *strpurge; // purge false positive strings char *srcdir; // dir.source char *prefix; // bin.prefix ut64 filter_rules; diff --git a/libr/include/r_core.h b/libr/include/r_core.h index 73ae3f28b1..5d52437f50 100644 --- a/libr/include/r_core.h +++ b/libr/include/r_core.h @@ -445,7 +445,7 @@ R_API bool r_core_bin_delete (RCore *core, ut32 binfile_idx, ut32 binobj_idx); // XXX - this is kinda hacky, maybe there should be a way to // refresh the bin environment without specific calls? R_API int r_core_bin_refresh_strings(RCore *core); -R_API bool r_core_bin_strpurge(const char *str); +R_API bool r_core_bin_strpurge(RCore *core, const char *str, ut64 addr); R_API int r_core_pseudo_code (RCore *core, const char *input); /* gdiff.c */