radare2/libr/debug/esil.c
Álvaro Felipe Melchor 87724384d1 added r_cons_break_{push/pop} to handle ^C better
Besides an UAF has been fixed afecting only ELF
2016-11-21 16:56:12 +01:00

335 lines
7.7 KiB
C

/* radare - LGPL - Copyright 2015 - pancake */
#include <r_debug.h>
#if 0
/* debugesil performs step into + esil conditionals */
ESIL conditionals can be used to detect when a specific address is
accessed, or a register. Those esil conditionals must be evaluated
every iteration to ensure the register values are updated. Think
in DebugESIL as software-watchpoints.
[read|write|exec]-[reg|mem] [expression]
de rw reg eax
de-*
# expression can be a number or a range (if .. is found)
# The <=, >=, ==, <, > comparisons are also supported
#endif
typedef struct {
int rwx;
int dev;
char *expr;
} EsilBreak;
// TODO: Kill those globals
RDebug *dbg = NULL;
static int has_match = 0;
static int prestep = 1; // TODO: make it configurable
static ut64 opc = 0;
RList *esil_watchpoints = NULL;
#define EWPS esil_watchpoints
#define ESIL dbg->anal->esil
static int exprmatch (RDebug *dbg, ut64 addr, const char *expr) {
char *e = strdup (expr);
if (!e) return 0;
char *p = strstr (e, "..");
ut64 a,b;
int ret = 0;
if (p) {
*p = 0;
p += 2;
a = r_num_math (dbg->num, e);
b = r_num_math (dbg->num, p);
if (a<b) {
if (addr >=a && addr <= b)
ret = 1;
} else {
if (addr >=b && addr <= a)
ret = 1;
}
} else {
a = r_num_math (dbg->num, e);
if (addr == a)
ret = 1;
}
has_match = ret;
free (e);
return ret;
}
static int esilbreak_check_pc (RDebug *dbg, ut64 pc) {
EsilBreak *ew;
RListIter *iter;
if (!pc)
pc = r_debug_reg_get (dbg, dbg->reg->name[R_REG_NAME_PC]);
r_list_foreach (EWPS, iter, ew) {
if (ew->rwx & R_IO_EXEC) {
if (exprmatch (dbg, pc, ew->expr))
return 1;
}
}
return 0;
}
static int esilbreak_mem_read(RAnalEsil *esil, ut64 addr, ut8 *buf, int len) {
EsilBreak *ew;
RListIter *iter;
eprintf (Color_GREEN"MEM READ 0x%"PFMT64x"\n"Color_RESET, addr);
r_list_foreach (EWPS, iter, ew) {
if (ew->rwx & R_IO_READ && ew->dev == 'm') {
if (exprmatch (dbg, addr, ew->expr)) {
has_match = 1;
return 1;
}
}
}
return 0; // fallback
}
static int esilbreak_mem_write(RAnalEsil *esil, ut64 addr, const ut8 *buf, int len) {
EsilBreak *ew;
RListIter *iter;
eprintf (Color_RED"MEM WRTE 0x%"PFMT64x"\n"Color_RESET, addr);
r_list_foreach (EWPS, iter, ew) {
if (ew->rwx & R_IO_WRITE && ew->dev == 'm') {
if (exprmatch (dbg, addr, ew->expr)) {
has_match = 1;
return 1;
}
}
}
return 1; // fallback
}
static int esilbreak_reg_read(RAnalEsil *esil, const char *regname, ut64 *num, int *size) {
EsilBreak *ew;
RListIter *iter;
if (regname[0]>='0' && regname[0]<='9') {
//eprintf (Color_CYAN"IMM READ %s\n"Color_RESET, regname);
return 0;
}
eprintf (Color_YELLOW"REG READ %s\n"Color_RESET, regname);
r_list_foreach (EWPS, iter, ew) {
if (ew->rwx & R_IO_READ && ew->dev == 'r') {
// XXX: support array of regs in expr
if (!strcmp (regname, ew->expr)) {
has_match = 1;
return 1;
}
}
}
return 0; // fallback
}
static int exprtoken(RDebug *dbg, char *s, const char *sep, char **o) {
char *p = strstr (s, sep);
if (p) {
*p = 0;
p += strlen (sep);
*o = p;
return 1;
}
*o = NULL;
return 0;
}
static int exprmatchreg (RDebug *dbg, const char *regname, const char *expr) {
int ret = 0;
char *p;
char *s = strdup (expr);
if (!s) return 0;
if (!strcmp (regname, s)) {
ret = 1;
} else {
#define CURVAL 0){}r_str_trim_head_tail (s);if (!strcmp(regname,s) && regval
ut64 regval = r_debug_reg_get_err (dbg, regname, NULL, NULL);
if (exprtoken (dbg, s, ">=", &p)) {
if (CURVAL >= r_num_math (dbg->num, p))
ret = 1;
} else if (exprtoken (dbg, s, "<=", &p)) {
if (CURVAL <= r_num_math (dbg->num, p))
ret = 1;
} else if (exprtoken (dbg, s, "==", &p)) {
if (CURVAL <= r_num_math (dbg->num, p))
ret = 1;
} else if (exprtoken (dbg, s, "<", &p)) {
if (CURVAL < r_num_math (dbg->num, p))
ret = 1;
} else if (exprtoken (dbg, s, ">", &p)) {
if (CURVAL > r_num_math (dbg->num, p))
ret = 1;
} else if (exprtoken (dbg, s, " ", &p)) {
r_str_trim_head_tail (s);
if (!strcmp (regname, s)) {
ut64 num = r_num_math (dbg->num, p);
ret = exprmatch (dbg, num, s);
}
} else {
if (!strcmp (regname, s)) {
ret = 1;
}
}
}
free (s);
return ret;
}
static int esilbreak_reg_write(RAnalEsil *esil, const char *regname, ut64 *num) {
EsilBreak *ew;
RListIter *iter;
if (regname[0]>='0' && regname[0]<='9') {
// wtf this should never happen
//eprintf (Color_BLUE"IMM WRTE %s\n"Color_RESET, regname);
return 0;
}
eprintf (Color_MAGENTA"REG WRTE %s 0x%"PFMT64x"\n"Color_RESET, regname, *num);
r_list_foreach (EWPS, iter, ew) {
if (ew->rwx & R_IO_WRITE && ew->dev == 'r') {
// XXX: support array of regs in expr
if (exprmatchreg (dbg, regname, ew->expr)) {
has_match = 1;
return 1;
}
}
}
return 1; // fallback
}
R_API void r_debug_esil_prestep (RDebug *d, int p) {
prestep = p;
}
R_API int r_debug_esil_stepi (RDebug *d) {
RAnalOp op;
ut8 obuf[64];
int ret = 1;
dbg = d;
if (!ESIL) {
ESIL = r_anal_esil_new (32, true);
// TODO setup something?
}
if (!ESIL)
return 0;
r_debug_reg_sync (dbg, R_REG_TYPE_GPR, false);
opc = r_debug_reg_get (dbg, dbg->reg->name[R_REG_NAME_PC]);
dbg->iob.read_at (dbg->iob.io, opc, obuf, sizeof (obuf));
//dbg->iob.read_at (dbg->iob.io, npc, buf, sizeof (buf));
//dbg->anal->reg = dbg->reg; // hack
ESIL->cb.hook_mem_read = &esilbreak_mem_read;
ESIL->cb.hook_mem_write = &esilbreak_mem_write;
ESIL->cb.hook_reg_read = &esilbreak_reg_read;
ESIL->cb.hook_reg_write = &esilbreak_reg_write;
if (prestep) {
// required when a exxpression is like <= == ..
// otherwise it will stop at the next instruction
if (r_debug_step (dbg, 1)<1) {
eprintf ("Step failed\n");
return 0;
}
r_debug_reg_sync (dbg, R_REG_TYPE_GPR, false);
// npc = r_debug_reg_get (dbg, dbg->reg->name[R_REG_NAME_PC]);
}
if (r_anal_op (dbg->anal, &op, opc, obuf, sizeof (obuf))) {
if (esilbreak_check_pc (dbg, opc)) {
eprintf ("STOP AT 0x%08"PFMT64x"\n", opc);
ret = 0;
} else {
r_anal_esil_set_pc (ESIL, opc);
eprintf ("0x%08"PFMT64x" %s\n", opc, R_STRBUF_SAFEGET (&op.esil));
(void)r_anal_esil_parse (ESIL, R_STRBUF_SAFEGET (&op.esil));
//r_anal_esil_dumpstack (ESIL);
r_anal_esil_stack_free (ESIL);
ret = 1;
}
}
if (!prestep) {
if (ret && !has_match) {
if (r_debug_step (dbg, 1)<1) {
eprintf ("Step failed\n");
return 0;
}
r_debug_reg_sync (dbg, R_REG_TYPE_GPR, false);
// npc = r_debug_reg_get (dbg, dbg->reg->name[R_REG_NAME_PC]);
}
}
return ret;
}
R_API ut64 r_debug_esil_step(RDebug *dbg, ut32 count) {
count++;
has_match = 0;
r_cons_break_push (NULL, NULL);
do {
if (r_cons_is_breaked ()) {
break;
}
if (has_match) {
eprintf ("EsilBreak match at 0x%08"PFMT64x"\n", opc);
break;
}
if (count > 0) {
count--;
if (!count) {
//eprintf ("Limit reached\n");
break;
}
}
} while (r_debug_esil_stepi (dbg));
r_cons_break_pop ();
return opc;
}
R_API ut64 r_debug_esil_continue (RDebug *dbg) {
return r_debug_esil_step (dbg, UT32_MAX);
}
static void ewps_free(EsilBreak *ew) {
free (ew->expr);
ew->expr = NULL;
free (ew);
}
R_API int r_debug_esil_watch_empty(RDebug *dbg) {
return r_list_empty (EWPS);
}
R_API void r_debug_esil_watch(RDebug *dbg, int rwx, int dev, const char *expr) {
if (!EWPS) {
EWPS = r_list_new ();
if (!EWPS) return;
EWPS->free = (RListFree)ewps_free;
}
EsilBreak *ew = R_NEW0 (EsilBreak);
if (!ew) {
R_FREE (EWPS);
return;
}
ew->rwx = rwx;
ew->dev = dev;
ew->expr = strdup (expr);
r_list_append (EWPS, ew);
}
R_API void r_debug_esil_watch_reset(RDebug *dbg) {
r_list_free (EWPS);
EWPS = NULL;
}
R_API void r_debug_esil_watch_list(RDebug *dbg) {
EsilBreak *ew;
RListIter *iter;
r_list_foreach (EWPS, iter, ew) {
dbg->cb_printf ("de %s %c %s\n", r_str_rwx_i (ew->rwx), ew->dev, ew->expr);
}
}