More fixes and enhancements for aav and arm32

2025-02-15 03:38:27 +00:00 · 2016-04-11 00:56:48 +02:00 · 2016-04-11 00:56:48 +02:00 · 90b37aa106
commit 90b37aa106
parent 90098d6125
3 changed files with 31 additions and 10 deletions
--- a/libr/anal/p/anal_arm_cs.c
+++ b/libr/anal/p/anal_arm_cs.c
@ -600,6 +600,9 @@ r4,r5,r6,3,sp,[*],12,sp,+=
 	case ARM_INS_CMP:
 		r_strbuf_appendf (&op->esil, "%s,%s,==", ARG(1), ARG(0));
 		break;
+	case ARM_INS_CMN:
+		r_strbuf_appendf (&op->esil, "%s,%s,!=", ARG(1), ARG(0));
+		break;
 	case ARM_INS_LSL:
 		// suffix 'S' forces conditional flag to be updated
 		if (OPCOUNT() == 2) {
@ -1093,6 +1096,7 @@ jmp $$ + 4 + ( [delta] * 2 )
 		op->type = R_ANAL_OP_TYPE_AND;
 		break;
 	case ARM_INS_CMP:
+	case ARM_INS_CMN:
 	case ARM_INS_TST:
 		op->type = R_ANAL_OP_TYPE_CMP;
 		break;
@ -1103,8 +1107,9 @@ jmp $$ + 4 + ( [delta] * 2 )
 		break;
 		//case ARM_INS_POP:
 	case ARM_INS_PUSH:
-	case ARM_INS_STR:
-		op->type = R_ANAL_OP_TYPE_STORE;
+	case ARM_INS_STM:
+	case ARM_INS_STMDB:
+		op->type = R_ANAL_OP_TYPE_PUSH;
 // 0x00008160    04202de5     str r2, [sp, -4]!
 // 0x000082a0    28000be5     str r0, [fp, -0x28]
 		if (REGBASE(1) == ARM_REG_FP) {
@ -1113,6 +1118,14 @@ jmp $$ + 4 + ( [delta] * 2 )
 			op->ptr = MEMDISP(1);
 		}
 		break;
+	case ARM_INS_STR:
+		op->type = R_ANAL_OP_TYPE_STORE;
+		if (REGBASE(1) == ARM_REG_FP) {
+			op->stackop = R_ANAL_STACK_SET;
+			op->stackptr = 0;
+			op->ptr = MEMDISP(1);
+		}
+		break;
 	case ARM_INS_LDR:
 	case ARM_INS_LDRD:
 	case ARM_INS_LDRB:
--- a/libr/core/cmd_anal.c
+++ b/libr/core/cmd_anal.c
@ -3706,6 +3706,9 @@ static void cmd_anal_aav(RCore *core, const char *input) {
 	if (arg) {
 		ut64 ptr = r_num_math (core->num, arg + 1);
 		s = r_io_section_vget (core->io, ptr);
+	} else {
+		from = r_num_math (core->num, "${bin.baddr}");
+		to = r_num_math (core->num, "${bin.baddr}+$s");
 	}
 	ut64 vmin = s->vaddr;
 	ut64 vmax = s->vaddr + s->size;
@ -3715,6 +3718,7 @@ static void cmd_anal_aav(RCore *core, const char *input) {
 	(void)cmd_search_value_in_range (core,
 			from, to, vmin, vmax, vsize);
 	// TODO: for each hit . must set flag, xref and metadata Cd 4
+	r_cons_printf ("f-hit*\n");

 	seti ("search.align", o_align);
 }
@ -3733,7 +3737,7 @@ static int cmd_anal_all(RCore *core, const char *input) {
 		"aas", " [len]", "analyze symbols (af @@= `isq~[0]`)",
 		"aat", " [len]", "analyze all consecutive functions in section",
 		"aap", "", "find and analyze function preludes",
-		"aav", "", "find values referencing a specific section or map",
+		"aav", " [sat]", "find values referencing a specific section or map",
 		NULL };

 	switch (*input) {
@ -3802,6 +3806,10 @@ static int cmd_anal_all(RCore *core, const char *input) {
 					rowlog (core, "Analyze consecutive function (aat)");
 					r_core_cmd0 (core, "aat");
 					rowlog_done (core);
+					rowlog (core, "Analyze value pointers (aav)");
+					r_core_cmd0 (core, ".aav");
+					r_core_cmd0 (core, ".aav $S+$SS+1");
+					rowlog_done (core);
 				} else {
 					eprintf ("[*] Use -AA or aaaa to perform additional experimental analysis.\n");
 				}
--- a/libr/core/cmd_search.c
+++ b/libr/core/cmd_search.c
@ -139,7 +139,7 @@ R_API int cmd_search_value_in_range(RCore *core, ut64 from, ut64 to, ut64 vmin,
 	int i, match, align = core->search->align, hitctr = 0;
 	ut8 buf[4096];
 	const int sz = sizeof (buf);
-	ut64 v64, v = 0;
+	ut64 v64, n = 0;
 	ut32 v32;
 	ut16 v16;
 	if (vmin >= vmax) {
@ -151,24 +151,24 @@ R_API int cmd_search_value_in_range(RCore *core, ut64 from, ut64 to, ut64 vmin,
 		(void)r_io_read_at (core->io, from, buf, sz);
 		for (i=0; i<sizeof (buf)-vsize; i++) {
 			void *v = (buf+i);
-			if (align && (from+i)%4)
+			if (align && (from+i)%align)
 				continue;
 			match = false;
 			switch (vsize) {
 			case 1: match = (buf[i]>=vmin && buf[i]<=vmax); break;
-			case 2: v = v16 = *((ut16*)(v)); match = (v16>=vmin && v16<=vmax); v = v16; break;
-			case 4: v = v32 = *((ut32 *)(v)); match = (v32>=vmin && v32<=vmax); v = v32; break;
-			case 8: v = v64 = *((ut64 *)(v)); match = (v64>=vmin && v64<=vmax); v = v64; break;
+			case 2: v16 = *((ut16*)(v)); match = (v16>=vmin && v16<=vmax); n = v16; break;
+			case 4: v32 = *((ut32 *)(v)); match = (v32>=vmin && v32<=vmax); n = v32; break;
+			case 8: v64 = *((ut64 *)(v)); match = (v64>=vmin && v64<=vmax); n = v64; break;
 			default: eprintf ("Unknown vsize\n"); return -1;
 			}
 			if (match) {
 				r_cons_printf ("ax 0x%"PFMT64x" 0x%"PFMT64x"\n",
-					v, from + i);
+					n, from + i);
 				r_cons_printf ("Cd %d @ 0x%"PFMT64x"\n", vsize,
 					from + i);
 				r_cons_printf ("f hit0_%d = 0x%"PFMT64x
 					" # from 0x%"PFMT64x"\n",
-						hitctr, from +i, v);
+						hitctr, from +i, n);
 				hitctr++;
 			}
 		}