ultra fast limits

This commit is contained in:
CrazyRedMachine 2024-06-18 00:24:35 +02:00
parent a28dcbd882
commit adadae9067

View File

@ -24,6 +24,7 @@
#define NUM_IDX 5
bst_t *g_xref_bst = NULL;
bst_t *g_data_xref_bst = NULL;
typedef struct table_s {
char *name;
@ -76,41 +77,44 @@ uint32_t *find_binary_xref(char *data, DWORD dllSize, const char *search_pattern
uint32_t get_table_size_by_xref(char *data, DWORD data_size, uint32_t *ea, uint32_t entry_size)
{
fprintf(stderr, "get table size by xref\n");
//fprintf(stderr, "get table size by xref\n");
uint32_t *orig_ea = ea;
// Skip 10 entries because why not. We're looking for the end anyway
ea = (uint32_t*)((uint32_t)ea+(entry_size*10));
fprintf(stderr, "orig ea %p, entry size %u, ea %p\n", orig_ea, entry_size, ea);
//fprintf(stderr, "orig ea %p, entry size %u, ea %p\n", orig_ea, entry_size, ea);
bool found = false;
while (!found)
{
uint32_t curr_limit = (((uint32_t)ea)-((uint32_t)orig_ea))/entry_size;
uint32_t *as_int = (uint32_t*)&ea;
//uint32_t curr_limit = (((uint32_t)ea)-((uint32_t)orig_ea))/entry_size;
//fprintf(stderr, "limit candidate %u, looking for xref to %0X\n", curr_limit, *as_int);
if ( bst_search(g_xref_bst, *as_int) != NULL )
{
//fprintf(stderr, "found .text XREF in BST\n");
found = true;
} else {
} else if ( bst_search(g_data_xref_bst, *as_int) != NULL )
{
//fprintf(stderr, "found .data XREF at addr %p\n", xref);
found = true;
} /* else {
//look for Xref in data section
char *as_hex = (char*)&ea;
uint32_t *xref = find_binary(data, data_size, as_hex, 4, 0, 0);
if ( xref != NULL )
{
//fprintf(stderr, "found .data XREF at addr %p\n", xref);
fprintf(stderr, "found .data XREF at addr %p\n", xref);
found = true;
}
}
}*/
if (!found)
ea = (uint32_t*)((uint32_t)ea+entry_size);
}
fprintf(stderr, "found value %u (ea = %p, orig_ea = %p, entry size = %u)\n", ((((uint32_t)ea)-((uint32_t)orig_ea))/entry_size), ea, orig_ea, entry_size);
//fprintf(stderr, "found value %u (ea = %p, orig_ea = %p, entry size = %u)\n", ((((uint32_t)ea)-((uint32_t)orig_ea))/entry_size), ea, orig_ea, entry_size);
return (((uint32_t)ea)-((uint32_t)orig_ea))/entry_size;
}
@ -121,26 +125,21 @@ void print_cb(x86_insn_t *insn, void *arg)
fprintf(stderr,"%s\n", line);
}
static void add_xref_to_bst(uint32_t addr)
static void add_xref_to_bst(bst_t **bst, uint32_t addr)
{
if ( bst_search(g_xref_bst, addr) == NULL )
if ( bst_search(*bst, addr) == NULL )
{
//LOG("added addr %0X to BST\n", addr);
g_xref_bst = bst_insert(g_xref_bst, addr);
*bst = bst_insert(*bst, addr);
}
}
void add_xref(x86_insn_t *insn, void *arg)
{
//char line[LINE_SIZE]; /* buffer of line to print */
//x86_format_insn(insn, line, LINE_SIZE, intel_syntax);
//LOG("%s\n", line);
//LOG("it has %u operands\n", insn->operand_count);
uint32_t addr = x86_get_address(insn);
if ( addr != 0 )
{
add_xref_to_bst(addr);
add_xref_to_bst(&g_xref_bst, addr);
//LOG("found ref to %0X at ea %0X\n", addr, insn->addr);
//fprintf(stderr, "\n");
return;
@ -152,7 +151,7 @@ void add_xref(x86_insn_t *insn, void *arg)
{
x86_ea_t exp = op->data.expression;
// LOG("(expression) disp is %0X\n", exp.disp);
add_xref_to_bst(exp.disp);
add_xref_to_bst(&g_xref_bst, exp.disp);
}
op = x86_operand_2nd(insn);
@ -160,7 +159,7 @@ void add_xref(x86_insn_t *insn, void *arg)
{
x86_ea_t exp = op->data.expression;
// LOG("(expression) disp is %0X\n", exp.disp);
add_xref_to_bst(exp.disp);
add_xref_to_bst(&g_xref_bst, exp.disp);
}
op = x86_operand_3rd(insn);
@ -168,12 +167,9 @@ void add_xref(x86_insn_t *insn, void *arg)
{
x86_ea_t exp = op->data.expression;
// LOG("(expression) disp is %0X\n", exp.disp);
add_xref_to_bst(exp.disp);
add_xref_to_bst(&g_xref_bst, exp.disp);
}
/* bst_search(g_xref_bst, idx) == NULL */
}
bool make_omnimix_patch(const char *dllFilename){
@ -218,13 +214,33 @@ for (WORD SectionIndex = 0; SectionIndex < headers->FileHeader.NumberOfSections;
LOG("data section size %lX, addr %p, beginning %02X %02X %02X %02X\n", data_size, data, data[0], data[1], data[2], data[3]);
LOG("rdata section size %lX, addr %p, beginning %02X %02X %02X %02X\n", rdata_size, rdata, rdata[0], rdata[1], rdata[2], rdata[3]);
// disassemble .text section and add all xrefs to our BST
LOG("START DISASSEMBLY\n");
//add all data xrefs to BST (take anything which looks like 0x10****** in .data section)
{
LOG("Parsing .data section... ");
uint32_t *data_ea = 0;
while (true)
{
int64_t pattern_offset = search(data, data_size -((uint32_t) data_ea)-1, "\x10", 1, ((uint32_t) data_ea)+1);
if (pattern_offset == -1)
break;
data_ea = (uint32_t *) ((uint32_t)data + pattern_offset - 3);
uint32_t *as_int = (uint32_t*)data_ea;
//LOG("found %X at offset %p\n", *as_int, data_ea);
//LOG("adding %X to data bst\n", *as_int);
add_xref_to_bst(&g_data_xref_bst, *as_int);
data_ea = (uint32_t *) (pattern_offset);
}
LOG("done\n");
}
// disassemble .text section and add all xrefs to BST
LOG("Disassemble .text section... ");
x86_init(opt_none, NULL, NULL);
unsigned int num_insn = x86_disasm_range( (unsigned char *)text, (uint32_t) buf, 0, text_size, &add_xref, NULL);
LOG("parsed %u instructions\n", num_insn);
LOG("END DISASSEMBLY\n");
LOG("done (%u instructions)\n", num_insn);
x86_cleanup();
/* instruction table is done */