ultra fast limits

This commit is contained in:
CrazyRedMachine 2024-06-18 00:24:35 +02:00
parent a28dcbd882
commit adadae9067

View File

@ -24,6 +24,7 @@
#define NUM_IDX 5 #define NUM_IDX 5
bst_t *g_xref_bst = NULL; bst_t *g_xref_bst = NULL;
bst_t *g_data_xref_bst = NULL;
typedef struct table_s { typedef struct table_s {
char *name; char *name;
@ -76,41 +77,44 @@ uint32_t *find_binary_xref(char *data, DWORD dllSize, const char *search_pattern
uint32_t get_table_size_by_xref(char *data, DWORD data_size, uint32_t *ea, uint32_t entry_size) uint32_t get_table_size_by_xref(char *data, DWORD data_size, uint32_t *ea, uint32_t entry_size)
{ {
fprintf(stderr, "get table size by xref\n"); //fprintf(stderr, "get table size by xref\n");
uint32_t *orig_ea = ea; uint32_t *orig_ea = ea;
// Skip 10 entries because why not. We're looking for the end anyway // Skip 10 entries because why not. We're looking for the end anyway
ea = (uint32_t*)((uint32_t)ea+(entry_size*10)); ea = (uint32_t*)((uint32_t)ea+(entry_size*10));
fprintf(stderr, "orig ea %p, entry size %u, ea %p\n", orig_ea, entry_size, ea); //fprintf(stderr, "orig ea %p, entry size %u, ea %p\n", orig_ea, entry_size, ea);
bool found = false; bool found = false;
while (!found) while (!found)
{ {
uint32_t curr_limit = (((uint32_t)ea)-((uint32_t)orig_ea))/entry_size;
uint32_t *as_int = (uint32_t*)&ea; uint32_t *as_int = (uint32_t*)&ea;
//uint32_t curr_limit = (((uint32_t)ea)-((uint32_t)orig_ea))/entry_size;
//fprintf(stderr, "limit candidate %u, looking for xref to %0X\n", curr_limit, *as_int); //fprintf(stderr, "limit candidate %u, looking for xref to %0X\n", curr_limit, *as_int);
if ( bst_search(g_xref_bst, *as_int) != NULL ) if ( bst_search(g_xref_bst, *as_int) != NULL )
{ {
//fprintf(stderr, "found .text XREF in BST\n"); //fprintf(stderr, "found .text XREF in BST\n");
found=true; found = true;
} else { } else if ( bst_search(g_data_xref_bst, *as_int) != NULL )
//look for Xref in data section {
char *as_hex = (char*)&ea; //fprintf(stderr, "found .data XREF at addr %p\n", xref);
uint32_t *xref = find_binary(data, data_size, as_hex, 4, 0, 0); found = true;
if ( xref != NULL ) } /* else {
{ //look for Xref in data section
//fprintf(stderr, "found .data XREF at addr %p\n", xref); char *as_hex = (char*)&ea;
found = true; uint32_t *xref = find_binary(data, data_size, as_hex, 4, 0, 0);
} if ( xref != NULL )
} {
fprintf(stderr, "found .data XREF at addr %p\n", xref);
found = true;
}
}*/
if (!found) if (!found)
ea = (uint32_t*)((uint32_t)ea+entry_size); ea = (uint32_t*)((uint32_t)ea+entry_size);
} }
fprintf(stderr, "found value %u (ea = %p, orig_ea = %p, entry size = %u)\n", ((((uint32_t)ea)-((uint32_t)orig_ea))/entry_size), ea, orig_ea, entry_size); //fprintf(stderr, "found value %u (ea = %p, orig_ea = %p, entry size = %u)\n", ((((uint32_t)ea)-((uint32_t)orig_ea))/entry_size), ea, orig_ea, entry_size);
return (((uint32_t)ea)-((uint32_t)orig_ea))/entry_size; return (((uint32_t)ea)-((uint32_t)orig_ea))/entry_size;
} }
@ -121,26 +125,21 @@ void print_cb(x86_insn_t *insn, void *arg)
fprintf(stderr,"%s\n", line); fprintf(stderr,"%s\n", line);
} }
static void add_xref_to_bst(uint32_t addr) static void add_xref_to_bst(bst_t **bst, uint32_t addr)
{ {
if ( bst_search(g_xref_bst, addr) == NULL ) if ( bst_search(*bst, addr) == NULL )
{ {
//LOG("added addr %0X to BST\n", addr); //LOG("added addr %0X to BST\n", addr);
g_xref_bst = bst_insert(g_xref_bst, addr); *bst = bst_insert(*bst, addr);
} }
} }
void add_xref(x86_insn_t *insn, void *arg) void add_xref(x86_insn_t *insn, void *arg)
{ {
//char line[LINE_SIZE]; /* buffer of line to print */
//x86_format_insn(insn, line, LINE_SIZE, intel_syntax);
//LOG("%s\n", line);
//LOG("it has %u operands\n", insn->operand_count);
uint32_t addr = x86_get_address(insn); uint32_t addr = x86_get_address(insn);
if ( addr != 0 ) if ( addr != 0 )
{ {
add_xref_to_bst(addr); add_xref_to_bst(&g_xref_bst, addr);
//LOG("found ref to %0X at ea %0X\n", addr, insn->addr); //LOG("found ref to %0X at ea %0X\n", addr, insn->addr);
//fprintf(stderr, "\n"); //fprintf(stderr, "\n");
return; return;
@ -152,7 +151,7 @@ void add_xref(x86_insn_t *insn, void *arg)
{ {
x86_ea_t exp = op->data.expression; x86_ea_t exp = op->data.expression;
// LOG("(expression) disp is %0X\n", exp.disp); // LOG("(expression) disp is %0X\n", exp.disp);
add_xref_to_bst(exp.disp); add_xref_to_bst(&g_xref_bst, exp.disp);
} }
op = x86_operand_2nd(insn); op = x86_operand_2nd(insn);
@ -160,7 +159,7 @@ void add_xref(x86_insn_t *insn, void *arg)
{ {
x86_ea_t exp = op->data.expression; x86_ea_t exp = op->data.expression;
// LOG("(expression) disp is %0X\n", exp.disp); // LOG("(expression) disp is %0X\n", exp.disp);
add_xref_to_bst(exp.disp); add_xref_to_bst(&g_xref_bst, exp.disp);
} }
op = x86_operand_3rd(insn); op = x86_operand_3rd(insn);
@ -168,11 +167,8 @@ void add_xref(x86_insn_t *insn, void *arg)
{ {
x86_ea_t exp = op->data.expression; x86_ea_t exp = op->data.expression;
// LOG("(expression) disp is %0X\n", exp.disp); // LOG("(expression) disp is %0X\n", exp.disp);
add_xref_to_bst(exp.disp); add_xref_to_bst(&g_xref_bst, exp.disp);
} }
/* bst_search(g_xref_bst, idx) == NULL */
} }
@ -218,13 +214,33 @@ for (WORD SectionIndex = 0; SectionIndex < headers->FileHeader.NumberOfSections;
LOG("data section size %lX, addr %p, beginning %02X %02X %02X %02X\n", data_size, data, data[0], data[1], data[2], data[3]); LOG("data section size %lX, addr %p, beginning %02X %02X %02X %02X\n", data_size, data, data[0], data[1], data[2], data[3]);
LOG("rdata section size %lX, addr %p, beginning %02X %02X %02X %02X\n", rdata_size, rdata, rdata[0], rdata[1], rdata[2], rdata[3]); LOG("rdata section size %lX, addr %p, beginning %02X %02X %02X %02X\n", rdata_size, rdata, rdata[0], rdata[1], rdata[2], rdata[3]);
// disassemble .text section and add all xrefs to our BST //add all data xrefs to BST (take anything which looks like 0x10****** in .data section)
LOG("START DISASSEMBLY\n"); {
LOG("Parsing .data section... ");
uint32_t *data_ea = 0;
while (true)
{
int64_t pattern_offset = search(data, data_size -((uint32_t) data_ea)-1, "\x10", 1, ((uint32_t) data_ea)+1);
if (pattern_offset == -1)
break;
data_ea = (uint32_t *) ((uint32_t)data + pattern_offset - 3);
uint32_t *as_int = (uint32_t*)data_ea;
//LOG("found %X at offset %p\n", *as_int, data_ea);
//LOG("adding %X to data bst\n", *as_int);
add_xref_to_bst(&g_data_xref_bst, *as_int);
data_ea = (uint32_t *) (pattern_offset);
}
LOG("done\n");
}
// disassemble .text section and add all xrefs to BST
LOG("Disassemble .text section... ");
x86_init(opt_none, NULL, NULL); x86_init(opt_none, NULL, NULL);
unsigned int num_insn = x86_disasm_range( (unsigned char *)text, (uint32_t) buf, 0, text_size, &add_xref, NULL); unsigned int num_insn = x86_disasm_range( (unsigned char *)text, (uint32_t) buf, 0, text_size, &add_xref, NULL);
LOG("parsed %u instructions\n", num_insn); LOG("done (%u instructions)\n", num_insn);
LOG("END DISASSEMBLY\n");
x86_cleanup(); x86_cleanup();
/* instruction table is done */ /* instruction table is done */