* r_anal

- Add r_anal_fcn
* r_core
  - Implement 'af' subcommands
  - 'af @ [addr]' needs more work

libr/anal/anal.c

@@ -27,6 +27,14 @@ R_API RAnalysisAop *r_anal_aop_new() {
 	return r_anal_aop_init (MALLOC_STRUCT (RAnalysisAop));
 }
 
+R_API RAnalysisFcn *r_anal_fcn_new() {
+	return r_anal_fcn_init (MALLOC_STRUCT (RAnalysisFcn));
+}
+
+R_API RAnalysisRef *r_anal_ref_new() {
+	return r_anal_ref_init (MALLOC_STRUCT (RAnalysisRef));
+}
+
 R_API RList *r_anal_bb_list_new() {
 	RList *list = r_list_new ();
 	list->free = &r_anal_bb_free;
@@ -39,6 +47,18 @@ R_API RList *r_anal_aop_list_new() {
 	return list;
 }
 
+R_API RList *r_anal_fcn_list_new() {
+	RList *list = r_list_new ();
+	list->free = &r_anal_fcn_free;
+	return list;
+}
+
+R_API RList *r_anal_ref_list_new() {
+	RList *list = r_list_new ();
+	list->free = &r_anal_ref_free;
+	return list;
+}
+
 R_API RAnalysis *r_anal_free(RAnalysis *a) {
 	/* TODO: Free a->anals here */
 	r_list_destroy (a->bbs);
@@ -47,22 +67,32 @@ R_API RAnalysis *r_anal_free(RAnalysis *a) {
 }
 
 R_API void r_anal_bb_free(void *bb) {
-	if (bb) {
+	if (bb && ((RAnalysisBB*)bb)->aops)
 		r_list_destroy (((RAnalysisBB*)bb)->aops);
-		free (bb);
-	}
+	free (bb);
 }
 
 R_API void r_anal_aop_free(void *aop) {
 	free (aop);
 }
 
+R_API void r_anal_fcn_free(void *fcn) {
+	if (fcn && ((RAnalysisFcn*)fcn)->name)
+		free (((RAnalysisFcn*)fcn)->name);
+	free (fcn);
+}
+
+R_API void r_anal_ref_free(void *ref) {
+	free (ref);
+}
+
 R_API RAnalysis *r_anal_init(RAnalysis *anal) {
 	int i;
 
 	if (anal) {
 		memset (anal, 0, sizeof (RAnalysis));
 		anal->bbs = r_anal_bb_list_new();
+		anal->fcns = r_anal_fcn_list_new();
 		r_anal_set_bits (anal, 32);
 		r_anal_set_big_endian (anal, R_FALSE);
 		INIT_LIST_HEAD (&anal->anals);
@@ -86,12 +116,29 @@ R_API RAnalysisBB *r_anal_bb_init(RAnalysisBB *bb) {
 R_API RAnalysisAop *r_anal_aop_init(RAnalysisAop *aop) {
 	if (aop) {
 		memset (aop, 0, sizeof (RAnalysisAop));
+		aop->addr = -1;
 		aop->jump = -1;
 		aop->fail = -1;
 	}
 	return aop;
 }
 
+R_API RAnalysisFcn *r_anal_fcn_init(RAnalysisFcn *fcn) {
+	if (fcn) {
+		memset (fcn, 0, sizeof (RAnalysisFcn));
+		fcn->addr = -1;
+		fcn->refs = r_anal_ref_list_new();
+		fcn->xrefs = r_anal_ref_list_new();
+	}
+	return fcn;
+}
+
+R_API RAnalysisRef *r_anal_ref_init(RAnalysisRef *ref) {
+	if (ref)
+		*ref = -1;
+	return ref;
+}
+
 R_API void r_anal_set_user_ptr(RAnalysis *anal, void *user) {
 	anal->user = user;
 }
@@ -236,3 +283,31 @@ R_API int r_anal_bb_overlap(RAnalysis *anal, RAnalysisBB *bb, RList *bbs) {
 	}
 	return R_ANAL_RET_NEW;
 }
+
+R_API int r_anal_fcn(RAnalysis *anal, RAnalysisFcn *fcn, ut64 addr, ut8 *buf, ut64 len) {
+	RAnalysisRef *ref;
+	RAnalysisAop aop;
+	int oplen, idx = 0;
+
+	if (fcn->addr == -1)
+		fcn->addr = addr;
+	while (idx < len) {
+		if ((oplen = r_anal_aop (anal, &aop, addr+idx, buf+idx, len-idx)) == 0)
+			break;
+		idx += oplen;
+		fcn->size += oplen;
+		switch (aop.type) {
+		case R_ANAL_OP_TYPE_CALL:
+			if (!(ref = r_anal_ref_new())) {
+				eprintf ("Error: new (ref)\n");
+				return R_ANAL_RET_ERROR;
+			}
+			*ref = aop.jump;
+			r_list_append (fcn->refs, ref);
+			break;
+		case R_ANAL_OP_TYPE_RET:
+			return R_ANAL_RET_END;
+		}
+	}
+	return fcn->size;
+}

libr/anal/ctx.c

@@ -2,6 +2,7 @@
 /*   nibble<.ds@gmail.com> */
 /*   pancake<nopcode.org> */
 
+#if 0
 #include <r_anal.h>
 
 R_API void r_anal_ctx_init(struct r_anal_ctx_t *ctx)
@@ -25,7 +26,6 @@ R_API void r_anal_ctx_reset(struct r_anal_t *anal)
 {
 }
 
-#if 0
 /* getter/setter */
 R_API struct r_anal_ctx_t *r_anal_ctx_get(struct r_anal_t *anal)
 {

libr/core/anal.c

@@ -122,8 +122,6 @@ R_API int r_core_anal_bb_clean (struct r_core_t *core, ut64 addr) {
 	RListIter *iter;
 	ut64 jump, fail;
 
-	if (!core->anal.bbs)
-		return R_FALSE;
 	if (addr == 0) {
 		r_list_destroy (core->anal.bbs);
 		if (!(core->anal.bbs = r_anal_bb_list_new ()))
@@ -167,7 +165,7 @@ R_API int r_core_anal_bb_add (struct r_core_t *core, ut64 addr, ut64 size, ut64
 }
 
 R_API int r_core_anal_bb_list (struct r_core_t *core, int rad) {
-	struct r_anal_bb_t *bb, *bbi;
+	struct r_anal_bb_t *bbi;
 	RListIter *iter;
 
 	iter = r_list_iterator (core->anal.bbs);
@@ -183,6 +181,115 @@ R_API int r_core_anal_bb_list (struct r_core_t *core, int rad) {
 	return R_TRUE;
 }
 
+R_API int r_core_anal_fcn (struct r_core_t *core, ut64 at, ut64 from, int depth) {
+	struct r_anal_fcn_t *fcn, *fcni;
+	struct r_anal_ref_t *refi;
+	RListIter *iter;
+	ut64 *call;
+	ut8 *buf;
+	int buflen, fcnlen = 0;
+
+	if (depth < 0)
+		return R_FALSE;
+	iter = r_list_iterator (core->anal.fcns);
+	while (r_list_iter_next (iter)) {
+		fcni = r_list_iter_get (iter);
+		if (at >= fcni->addr && at < fcni->addr+fcni->size)
+			return R_FALSE;
+	}
+	eprintf ("Analysing: 0x%08llx\n", at);
+	if (!(fcn = r_anal_fcn_new()))
+		return R_FALSE;
+	if (!(buf = malloc (core->blocksize)))
+		return R_FALSE;
+	do {
+		if ((buflen = r_io_read_at (&core->io, at+fcnlen, buf, core->blocksize)) != core->blocksize)
+			return R_FALSE;
+		fcnlen = r_anal_fcn (&core->anal, fcn, at+fcnlen, buf, buflen); 
+		if (fcnlen == R_ANAL_RET_ERROR) { /* Error analyzing function */
+			r_anal_fcn_free (fcn);
+			return R_FALSE;
+		} else if (fcnlen == R_ANAL_RET_END) { /* function analysis complete */
+			r_list_append (core->anal.fcns, fcn);
+			iter = r_list_iterator (fcn->refs);
+			while (r_list_iter_next (iter)) {
+				refi = r_list_iter_get (iter);
+				call = (ut64*)refi;
+				if (*call != -1)
+					r_core_anal_fcn (core, *call, at, depth-1);
+			}
+		}
+	} while (fcnlen != R_ANAL_RET_END);
+	free (buf);
+	return R_TRUE;
+}
+
+R_API int r_core_anal_fcn_clean (struct r_core_t *core, ut64 addr) {
+	struct r_anal_fcn_t *fcni;
+	RListIter *iter;
+
+	if (addr == 0) {
+		r_list_destroy (core->anal.fcns);
+		if (!(core->anal.fcns = r_anal_fcn_list_new ()))
+			return R_FALSE;
+	} else {
+		iter = r_list_iterator (core->anal.fcns);
+		while (r_list_iter_next (iter)) {
+			fcni = r_list_iter_get (iter);
+			if (addr >= fcni->addr && addr < fcni->addr+fcni->size)
+				r_list_unlink (core->anal.fcns, fcni);
+		}
+	}
+	return R_TRUE;
+}
+
+R_API int r_core_anal_fcn_add (struct r_core_t *core, ut64 addr, ut64 size, const char *name) {
+	struct r_anal_fcn_t *fcn, *fcni;
+	RListIter *iter;
+
+	iter = r_list_iterator (core->anal.fcns);
+	while (r_list_iter_next (iter)) {
+		fcni = r_list_iter_get (iter);
+		if (addr >= fcni->addr && addr < fcni->addr+fcni->size)
+			return R_FALSE;
+	}
+	if (!(fcn = r_anal_fcn_new ()))
+		return R_FALSE;
+	fcn->addr = addr;
+	fcn->size = size;
+	fcn->name = strdup (name);
+	r_list_append (core->anal.fcns, fcn);
+	return R_TRUE;
+}
+
+R_API int r_core_anal_fcn_list (struct r_core_t *core, int rad) {
+	struct r_anal_fcn_t *fcni;
+	struct r_anal_ref_t *refi;
+	RListIter *iter, *iter2;
+	ut64 *call;
+
+	iter = r_list_iterator (core->anal.fcns);
+	while (r_list_iter_next (iter)) {
+		fcni = r_list_iter_get (iter);
+		if (rad)
+			r_cons_printf ("af+ 0x%08llx %lli %s\n", fcni->addr, fcni->size, fcni->name);
+		else {
+			r_cons_printf ("[0x%08llx] size=%lli name=%s\n",
+					fcni->addr, fcni->size, fcni->name);
+			r_cons_printf ("refs: ");
+			iter2 = r_list_iterator (fcni->refs);
+			while (r_list_iter_next (iter)) {
+				refi = r_list_iter_get (iter);
+				call = (ut64*)refi;
+				r_cons_printf ("0x%08llx ", *call);
+			}
+			r_cons_printf ("\n");
+		}
+	}
+	r_cons_flush();
+	return R_TRUE;
+}
+
 R_API int r_core_anal_graph (struct r_core_t *core, ut64 addr) {
 	RList *pbb = NULL;
 	int reflines = r_config_get_i(&core->config, "asm.reflines");

libr/core/cmd.c

@@ -997,16 +997,33 @@ static int cmd_anal(void *data, const char *input) {
 	case 'f':
 		switch (input[1]) {
 		case '-':
-			eprintf ("TODO af-\n");
+			r_core_anal_fcn_clean (core, r_num_math (&core->num, input+2));
 			break;
 		case '+':
-			eprintf ("TODO af+\n");
+			{
+			char *ptr = strdup(input+3);
+			const char *name = NULL;
+			ut64 addr = -1LL;
+			ut64 size = 0LL;
+			
+			switch(r_str_word_set0 (ptr)) {
+			case 3: // get name
+				name = r_str_word_get0 (ptr, 2);
+			case 2: // get size
+				size = r_num_math (&core->num, r_str_word_get0 (ptr, 1));
+			case 1: // get addr
+				addr = r_num_math (&core->num, r_str_word_get0 (ptr, 0));
+			}
+			if (!r_core_anal_fcn_add (core, addr, size, name))
+				eprintf ("Cannot add function (duplicated or overlaped)\n");
+			free (ptr);
+			}
 			break;
 		case 'l':
-			eprintf ("TODO afl\n");
+			r_core_anal_fcn_list (core, 0);
 			break;
 		case '*':
-			eprintf ("TODO af*\n");
+			r_core_anal_fcn_list (core, 1);
 			break;
 		case '?':
 			r_cons_printf (
@@ -1018,7 +1035,8 @@ static int cmd_anal(void *data, const char *input) {
 			" af*             ; Output radare commands\n");
 			break;
 		default:
-			eprintf ("TODO af\n");
+			r_core_anal_fcn (core, core->offset, -1,
+					r_config_get_i (&core->config, "anal.depth"));
 		}
 		break;
 	case 'g':

libr/include/r_anal.h

@@ -110,6 +110,7 @@ typedef struct r_anal_t {
 	int big_endian;
 	void *user;
 	RList *bbs;
+	RList *fcns;
 	struct r_anal_ctx_t *ctx;
 	struct r_anal_handle_t *cur;
 	struct list_head anals;
@@ -139,14 +140,15 @@ typedef struct r_anal_bb_t {
 	RList *aops;
 } RAnalysisBB;
 
-typedef struct r_anal_ctx_t {
-	/* TODO: add more info here */
-	/* per opcode deep level */
-	/* per opcode stack size */
-	/* basic blocks */
-	int stacksize;
-	struct r_anal_t *anal;
-} RAnalysisContext;
+typedef struct r_anal_fcn_t {
+	char *name;
+	ut64 addr;
+	int size;
+	RList *refs;
+	RList *xrefs;
+} RAnalysisFcn;
+
+typedef ut64 RAnalysisRef;
 
 typedef struct r_anal_refline_t {
 	ut64 from;
@@ -172,14 +174,22 @@ typedef struct r_anal_handle_t {
 R_API RAnalysis *r_anal_new();
 R_API RAnalysisBB *r_anal_bb_new();
 R_API RAnalysisAop *r_anal_aop_new();
+R_API RAnalysisFcn *r_anal_fcn_new();
+R_API RAnalysisRef *r_anal_ref_new();
 R_API RList *r_anal_bb_list_new();
 R_API RList *r_anal_aop_list_new();
+R_API RList *r_anal_fcn_list_new();
+R_API RList *r_anal_ref_list_new();
 R_API RAnalysis *r_anal_free(struct r_anal_t *r);
 R_API void r_anal_bb_free(void *bb);
 R_API void r_anal_aop_free(void *aop);
+R_API void r_anal_fcn_free(void *fcn);
+R_API void r_anal_ref_free(void *ref);
 R_API RAnalysis *r_anal_init(struct r_anal_t *anal);
 R_API RAnalysisBB *r_anal_bb_init(struct r_anal_bb_t *bb);
 R_API RAnalysisAop *r_anal_aop_init(struct r_anal_aop_t *aop);
+R_API RAnalysisFcn *r_anal_fcn_init(RAnalysisFcn *fcn);
+R_API RAnalysisRef *r_anal_ref_init(RAnalysisRef *ref);
 R_API void r_anal_set_user_ptr(struct r_anal_t *anal, void *user);
 R_API int r_anal_add(struct r_anal_t *anal, struct r_anal_handle_t *foo);
 R_API int r_anal_list(struct r_anal_t *anal);
@@ -199,5 +209,6 @@ R_API int r_anal_reflines_str(struct r_anal_t *anal, struct r_anal_refline_t *li
 		ut64 addr, char *str, int opts);
 R_API int r_anal_bb_split(RAnalysis *anal, RAnalysisBB *bb, RList *bbs, ut64 addr);
 R_API int r_anal_bb_overlap(RAnalysis *anal, RAnalysisBB *bb, RList *bbs);
+R_API int r_anal_fcn(RAnalysis *anal, RAnalysisFcn *fcn, ut64 addr, ut8 *buf, ut64 len);
 #endif
 #endif

libr/include/r_core.h

@@ -113,6 +113,10 @@ R_API int r_core_anal_bb (struct r_core_t *core, ut64 at, int depth);
 R_API int r_core_anal_bb_clean (struct r_core_t *core, ut64 addr);
 R_API int r_core_anal_bb_add (struct r_core_t *core, ut64 addr, ut64 size, ut64 jump, ut64 fail);
 R_API int r_core_anal_bb_list (struct r_core_t *core, int rad);
+R_API int r_core_anal_fcn (struct r_core_t *core, ut64 at, ut64 from, int depth);
+R_API int r_core_anal_fcn_add (struct r_core_t *core, ut64 addr, ut64 size, const char *name);
+R_API int r_core_anal_fcn_list (struct r_core_t *core, int rad);
+R_API int r_core_anal_fcn_clean (struct r_core_t *core, ut64 addr);
 R_API int r_core_anal_graph (struct r_core_t *core, ut64 addr);
 #endif