Compare commits

..

3 Commits

Author SHA1 Message Date
LagoLunatic a51a5ac93f Add hack to detect strings via the addi opcode 2024-12-03 00:43:20 -05:00
LagoLunatic 9b1205d9aa Revert ObjArch API changes, add fake target symbol hack
Because we no longer have access to the actual symbol name via sections, guess_data_type can no longer detect the String data type for pooled references.
2024-12-03 00:37:34 -05:00
LagoLunatic 507b988aa3 Clear pool relocs in volatile registers on function call
This fixes some false positives.
2024-12-02 18:05:32 -05:00
8 changed files with 88 additions and 41 deletions

View File

@ -113,7 +113,6 @@ impl ObjArch for ObjArchArm {
relocations: &[ObjReloc], relocations: &[ObjReloc],
line_info: &BTreeMap<u64, u32>, line_info: &BTreeMap<u64, u32>,
config: &DiffObjConfig, config: &DiffObjConfig,
_sections: &[ObjSection],
) -> Result<ProcessCodeResult> { ) -> Result<ProcessCodeResult> {
let start_addr = address as u32; let start_addr = address as u32;
let end_addr = start_addr + code.len() as u32; let end_addr = start_addr + code.len() as u32;

View File

@ -29,7 +29,6 @@ impl ObjArch for ObjArchArm64 {
relocations: &[ObjReloc], relocations: &[ObjReloc],
line_info: &BTreeMap<u64, u32>, line_info: &BTreeMap<u64, u32>,
config: &DiffObjConfig, config: &DiffObjConfig,
_sections: &[ObjSection],
) -> Result<ProcessCodeResult> { ) -> Result<ProcessCodeResult> {
let start_address = address; let start_address = address;
let end_address = address + code.len() as u64; let end_address = address + code.len() as u64;

View File

@ -87,7 +87,6 @@ impl ObjArch for ObjArchMips {
relocations: &[ObjReloc], relocations: &[ObjReloc],
line_info: &BTreeMap<u64, u32>, line_info: &BTreeMap<u64, u32>,
config: &DiffObjConfig, config: &DiffObjConfig,
_sections: &[ObjSection],
) -> Result<ProcessCodeResult> { ) -> Result<ProcessCodeResult> {
let _guard = RABBITIZER_MUTEX.lock().map_err(|e| anyhow!("Failed to lock mutex: {e}"))?; let _guard = RABBITIZER_MUTEX.lock().map_err(|e| anyhow!("Failed to lock mutex: {e}"))?;
configure_rabbitizer(match config.mips_abi { configure_rabbitizer(match config.mips_abi {

View File

@ -126,7 +126,6 @@ impl DataType {
} }
pub trait ObjArch: Send + Sync { pub trait ObjArch: Send + Sync {
#[expect(clippy::too_many_arguments)]
fn process_code( fn process_code(
&self, &self,
address: u64, address: u64,
@ -135,7 +134,6 @@ pub trait ObjArch: Send + Sync {
relocations: &[ObjReloc], relocations: &[ObjReloc],
line_info: &BTreeMap<u64, u32>, line_info: &BTreeMap<u64, u32>,
config: &DiffObjConfig, config: &DiffObjConfig,
sections: &[ObjSection],
) -> Result<ProcessCodeResult>; ) -> Result<ProcessCodeResult>;
fn implcit_addend( fn implcit_addend(

View File

@ -48,13 +48,12 @@ impl ObjArch for ObjArchPpc {
relocations: &[ObjReloc], relocations: &[ObjReloc],
line_info: &BTreeMap<u64, u32>, line_info: &BTreeMap<u64, u32>,
config: &DiffObjConfig, config: &DiffObjConfig,
sections: &[ObjSection],
) -> Result<ProcessCodeResult> { ) -> Result<ProcessCodeResult> {
let ins_count = code.len() / 4; let ins_count = code.len() / 4;
let mut ops = Vec::<u16>::with_capacity(ins_count); let mut ops = Vec::<u16>::with_capacity(ins_count);
let mut insts = Vec::<ObjIns>::with_capacity(ins_count); let mut insts = Vec::<ObjIns>::with_capacity(ins_count);
let fake_pool_reloc_for_addr = let fake_pool_reloc_for_addr =
generate_fake_pool_reloc_for_addr_mapping(address, code, relocations, sections); generate_fake_pool_reloc_for_addr_mapping(address, code, relocations);
for (cur_addr, mut ins) in InsIter::new(code, address as u32) { for (cur_addr, mut ins) in InsIter::new(code, address as u32) {
let reloc = relocations.iter().find(|r| (r.address as u32 & !3) == cur_addr); let reloc = relocations.iter().find(|r| (r.address as u32 & !3) == cur_addr);
if let Some(reloc) = reloc { if let Some(reloc) = reloc {
@ -205,7 +204,21 @@ impl ObjArch for ObjArchPpc {
return Some(DataType::String); return Some(DataType::String);
} }
guess_data_type_from_load_store_inst_op(Opcode::from(instruction.op as u8)) let op = Opcode::from(instruction.op as u8);
if let Some(ty) = guess_data_type_from_load_store_inst_op(op) {
Some(ty)
} else if op == Opcode::Addi {
// Assume that any addi instruction that references a local symbol is loading a string.
// This hack is not ideal and results in tons of false positives where it will show
// garbage strings (e.g. misinterpreting arrays, float literals, etc).
// But there isn't much other choice as not all strings are in the @stringBase pool.
// And even those that are would be missed by the target.name.starts_with("@stringBase")
// hack above for fake pooled relocations, as they have an empty string placeholder for
// the target symbol name.
Some(DataType::String)
} else {
None
}
} }
fn display_data_type(&self, ty: DataType, bytes: &[u8]) -> Option<String> { fn display_data_type(&self, ty: DataType, bytes: &[u8]) -> Option<String> {
@ -423,7 +436,7 @@ fn get_offset_and_addr_gpr_for_possible_pool_reference(
} }
} else { } else {
// If it's not a load/store instruction, there's two more possibilities we need to handle. // If it's not a load/store instruction, there's two more possibilities we need to handle.
// 1. It could be a reference to @stringBase. // 1. It could be loading a pointer to a string.
// 2. It could be moving the relocation address plus an offset into a different register to // 2. It could be moving the relocation address plus an offset into a different register to
// load from later. // load from later.
// If either of these match, we also want to return the destination register that the // If either of these match, we also want to return the destination register that the
@ -453,26 +466,38 @@ fn get_offset_and_addr_gpr_for_possible_pool_reference(
// there isn't really a relocation here, as copying the pool relocation's type wouldn't make sense. // there isn't really a relocation here, as copying the pool relocation's type wouldn't make sense.
// Also, if this instruction is accessing the middle of a symbol instead of the start, we add an // Also, if this instruction is accessing the middle of a symbol instead of the start, we add an
// addend to indicate that. // addend to indicate that.
fn make_fake_pool_reloc( fn make_fake_pool_reloc(offset: i16, cur_addr: u32, pool_reloc: &ObjReloc) -> Option<ObjReloc> {
offset: i16,
cur_addr: u32,
pool_reloc: &ObjReloc,
sections: &[ObjSection],
) -> Option<ObjReloc> {
let offset_from_pool = pool_reloc.addend + offset as i64; let offset_from_pool = pool_reloc.addend + offset as i64;
let target_address = pool_reloc.target.address.checked_add_signed(offset_from_pool)?; let target_address = pool_reloc.target.address.checked_add_signed(offset_from_pool)?;
let orig_section_index = pool_reloc.target.orig_section_index?; let orig_section_index = pool_reloc.target.orig_section_index?;
let section = sections.iter().find(|s| s.orig_index == orig_section_index)?; // We also need to create a fake target symbol to go inside our fake relocation.
let target_symbol = section // This is because we don't have access to list of all symbols in this section, so we can't find
.symbols // the real symbol yet. Instead we make a placeholder that has the correct `orig_section_index`
.iter() // and `address` fields, and then later on when this information is displayed to the user, we
.find(|s| s.size > 0 && (s.address..s.address + s.size).contains(&target_address))?; // can find the real symbol by searching through the object's section's symbols for one that
let addend = (target_address - target_symbol.address) as i64; // contains this address.
let fake_target_symbol = ObjSymbol {
name: "".to_string(),
demangled_name: None,
address: target_address,
section_address: 0,
size: 0,
size_known: false,
kind: Default::default(),
flags: Default::default(),
orig_section_index: Some(orig_section_index),
virtual_address: None,
original_index: None,
bytes: vec![],
};
// The addend is also fake because we don't know yet if the `target_address` here is the exact
// start of the symbol or if it's in the middle of it.
let fake_addend = 0;
Some(ObjReloc { Some(ObjReloc {
flags: RelocationFlags::Elf { r_type: elf::R_PPC_NONE }, flags: RelocationFlags::Elf { r_type: elf::R_PPC_NONE },
address: cur_addr as u64, address: cur_addr as u64,
target: target_symbol.clone(), target: fake_target_symbol,
addend, addend: fake_addend,
}) })
} }
@ -491,7 +516,6 @@ fn generate_fake_pool_reloc_for_addr_mapping(
address: u64, address: u64,
code: &[u8], code: &[u8],
relocations: &[ObjReloc], relocations: &[ObjReloc],
sections: &[ObjSection],
) -> HashMap<u32, ObjReloc> { ) -> HashMap<u32, ObjReloc> {
let mut active_pool_relocs = HashMap::new(); let mut active_pool_relocs = HashMap::new();
let mut pool_reloc_for_addr = HashMap::new(); let mut pool_reloc_for_addr = HashMap::new();
@ -520,6 +544,16 @@ fn generate_fake_pool_reloc_for_addr_mapping(
) => { ) => {
active_pool_relocs.insert(addr_dst_gpr.0, reloc.clone()); // `lis` + `ori` active_pool_relocs.insert(addr_dst_gpr.0, reloc.clone()); // `lis` + `ori`
} }
(Opcode::B, _, _, _) => {
if simplified.mnemonic == "bl" {
// When encountering a function call, clear any active pool relocations from
// the volatile registers (r0, r3-r12), but not the nonvolatile registers.
active_pool_relocs.remove(&0);
for gpr in 3..12 {
active_pool_relocs.remove(&gpr);
}
}
}
_ => {} _ => {}
} }
} else if let Some((offset, addr_src_gpr, addr_dst_gpr)) = } else if let Some((offset, addr_src_gpr, addr_dst_gpr)) =
@ -528,9 +562,7 @@ fn generate_fake_pool_reloc_for_addr_mapping(
// This instruction doesn't have a real relocation, so it may be a reference to one of // This instruction doesn't have a real relocation, so it may be a reference to one of
// the already-loaded pools. // the already-loaded pools.
if let Some(pool_reloc) = active_pool_relocs.get(&addr_src_gpr.0) { if let Some(pool_reloc) = active_pool_relocs.get(&addr_src_gpr.0) {
if let Some(fake_pool_reloc) = if let Some(fake_pool_reloc) = make_fake_pool_reloc(offset, cur_addr, pool_reloc) {
make_fake_pool_reloc(offset, cur_addr, pool_reloc, sections)
{
pool_reloc_for_addr.insert(cur_addr, fake_pool_reloc); pool_reloc_for_addr.insert(cur_addr, fake_pool_reloc);
} }
if let Some(addr_dst_gpr) = addr_dst_gpr { if let Some(addr_dst_gpr) = addr_dst_gpr {

View File

@ -34,7 +34,6 @@ impl ObjArch for ObjArchX86 {
relocations: &[ObjReloc], relocations: &[ObjReloc],
line_info: &BTreeMap<u64, u32>, line_info: &BTreeMap<u64, u32>,
config: &DiffObjConfig, config: &DiffObjConfig,
_sections: &[ObjSection],
) -> Result<ProcessCodeResult> { ) -> Result<ProcessCodeResult> {
let mut result = ProcessCodeResult { ops: Vec::new(), insts: Vec::new() }; let mut result = ProcessCodeResult { ops: Vec::new(), insts: Vec::new() };
let mut decoder = Decoder::with_ip(self.bits, code, address, DecoderOptions::NONE); let mut decoder = Decoder::with_ip(self.bits, code, address, DecoderOptions::NONE);

View File

@ -28,7 +28,6 @@ pub fn process_code_symbol(
&section.relocations, &section.relocations,
&section.line_info, &section.line_info,
config, config,
&obj.sections,
) )
} }

View File

@ -74,6 +74,19 @@ impl FunctionViewState {
} }
} }
fn find_symbol_matching_fake_symbol_in_sections(
fake_symbol: &ObjSymbol,
sections: &[ObjSection],
) -> Option<ObjSymbol> {
let orig_section_index = fake_symbol.orig_section_index?;
let section = sections.iter().find(|s| s.orig_index == orig_section_index)?;
let real_symbol = section
.symbols
.iter()
.find(|s| s.size > 0 && (s.address..s.address + s.size).contains(&fake_symbol.address))?;
Some(real_symbol.clone())
}
fn ins_hover_ui( fn ins_hover_ui(
ui: &mut egui::Ui, ui: &mut egui::Ui,
obj: &ObjInfo, obj: &ObjInfo,
@ -119,17 +132,29 @@ fn ins_hover_ui(
} }
if let Some(reloc) = ins.reloc.as_ref().or(ins.fake_pool_reloc.as_ref()) { if let Some(reloc) = ins.reloc.as_ref().or(ins.fake_pool_reloc.as_ref()) {
let mut target = reloc.target.clone();
let mut addend = reloc.addend;
if target.size == 0 && target.name.is_empty() {
// Fake target symbol we added as a placeholder. We need to find the real one.
if let Some(real_target) =
find_symbol_matching_fake_symbol_in_sections(&target, &obj.sections)
{
target = real_target;
addend = (reloc.target.address - target.address) as i64;
}
}
ui.label(format!("Relocation type: {}", obj.arch.display_reloc(reloc.flags))); ui.label(format!("Relocation type: {}", obj.arch.display_reloc(reloc.flags)));
let addend_str = match reloc.addend.cmp(&0i64) { let addend_str = match addend.cmp(&0i64) {
Ordering::Greater => format!("+{:x}", reloc.addend), Ordering::Greater => format!("+{:x}", addend),
Ordering::Less => format!("-{:x}", -reloc.addend), Ordering::Less => format!("-{:x}", -addend),
_ => "".to_string(), _ => "".to_string(),
}; };
ui.colored_label( ui.colored_label(
appearance.highlight_color, appearance.highlight_color,
format!("Name: {}{}", reloc.target.name, addend_str), format!("Name: {}{}", target.name, addend_str),
); );
if let Some(orig_section_index) = reloc.target.orig_section_index { if let Some(orig_section_index) = target.orig_section_index {
if let Some(section) = if let Some(section) =
obj.sections.iter().find(|s| s.orig_index == orig_section_index) obj.sections.iter().find(|s| s.orig_index == orig_section_index)
{ {
@ -140,15 +165,12 @@ fn ins_hover_ui(
} }
ui.colored_label( ui.colored_label(
appearance.highlight_color, appearance.highlight_color,
format!("Address: {:x}{}", reloc.target.address, addend_str), format!("Address: {:x}{}", target.address, addend_str),
); );
ui.colored_label( ui.colored_label(appearance.highlight_color, format!("Size: {:x}", target.size));
appearance.highlight_color, if addend >= 0 && target.bytes.len() > addend as usize {
format!("Size: {:x}", reloc.target.size),
);
if reloc.addend >= 0 && reloc.target.bytes.len() > reloc.addend as usize {
if let Some(s) = obj.arch.guess_data_type(ins).and_then(|ty| { if let Some(s) = obj.arch.guess_data_type(ins).and_then(|ty| {
obj.arch.display_data_type(ty, &reloc.target.bytes[reloc.addend as usize..]) obj.arch.display_data_type(ty, &target.bytes[addend as usize..])
}) { }) {
ui.colored_label(appearance.highlight_color, s); ui.colored_label(appearance.highlight_color, s);
} }