SConscript.ida7

@@ -23,9 +23,10 @@ cpppath=''' \
         $SMPSA_HOME/include/interfaces/abstract \
         $IDASDK/include \
         $SMPSA_HOME/include/interfaces/idapro  \
+        $SECURITY_TRANSFORMS_HOME/libehp/include  \
 	'''
 
-IDA_CCFLAGS=''' -std=c++0x  \
+IDA_CCFLAGS=''' -std=c++11  \
         -D__LINUX__ \
 	-Wall \
 	-Werror \

include/interfaces/abstract/STARSInterface.h

@@ -85,6 +85,8 @@ class STARS_Interface_t
 		virtual void AuditCodeTargets(void) = 0;
 		// Detect IDA Pro func boundary problems, if code segment range; true if problems found
 		virtual bool AuditFunctionBoundaries(const STARS_ea_t startEA, const STARS_ea_t endEA) const = 0;
+		// Detect IDA Pro func boundary problems using EH_FRAME FDE info; true if problems found
+		virtual bool AuditEHFunctionBoundaries(void) const = 0;
 
 		virtual bool STARS_patch_byte(STARS_ea_t InstAddr, uint32_t ByteValue) = 0; // Patch IDA Pro database.
 

include/interfaces/abstract/STARSSegment.h

@@ -23,7 +23,7 @@ class STARS_Segment_t
 		virtual bool IsReadableSegment() const = 0;
 		virtual bool IsWriteableSegment() const = 0;
 
-		/* returns the segments name in the given buffer*/
+		/* returns the segment's name in the given buffer */
 		virtual STARS_ssize_t GetSegmentName(char* name, int len) = 0;
 
 		// Fetch read-only data values, if any.
@@ -33,7 +33,6 @@ class STARS_Segment_t
 		virtual bool GetReadOnlyMem8BitValue(STARS_ea_t MemAddr, uint8_t &Value) const = 0;
 
 		virtual void Dump() { }
-
 };
 
 #endif

include/interfaces/idapro/STARSInterface.h

@@ -138,6 +138,8 @@ public:
 
 	// Detect IDA Pro func boundary problems, if code segment range; true if problems found
 	virtual bool AuditFunctionBoundaries(const STARS_ea_t startEA, const STARS_ea_t endEA) const;
+	// Detect IDA Pro func boundary problems using EH_FRAME FDE info; true if problems found
+	virtual bool AuditEHFunctionBoundaries(void) const;
 
 	virtual bool STARS_patch_byte(STARS_ea_t InstAddr, uint32_t ByteValue); // Patch IDA Pro database.
 

include/interfaces/idapro/STARSSegment.h

@@ -66,7 +66,6 @@ class STARS_IDA_Segment_t : public STARS_Segment_t
 			return true;
 		}
 
-
 	private:
 		segment_t* the_seg;
 		

include/interfaces/irdb/STARSInterface.h

@@ -30,8 +30,8 @@ public:
 		InitFunctions();
 		// init instruction predecessors.
 		instruction_preds.AddFile(p_firp);
-                // init IBT provenance info
-                IBT_provs.AddFile(p_firp);
+				// init IBT provenance info
+				IBT_provs.AddFile(p_firp);
 		InitIBTAMaps();
 	}
 
@@ -195,6 +195,8 @@ public:
 	{  assert(0); return; /* shouldn't be called.   */ }
    // Detect IDA Pro func boundary problems, if code segment; true if problems found
    virtual bool AuditFunctionBoundaries(const STARS_ea_t startEA, const STARS_ea_t endEA) const { return false; };
+   // Detect IDA Pro func boundary problems using EH_FRAME FDE info; true if problems found
+   virtual bool AuditEHFunctionBoundaries(void) const { return false; };
 
 	// Patch IDA Pro database.
 	virtual bool STARS_patch_byte(STARS_ea_t InstAddr, uint32_t ByteValue) 
@@ -312,7 +314,7 @@ private:
 	libIRDB::pqxxDB_t &pqxx_interface;
 
 	libIRDB::InstructionPredecessors_t instruction_preds;
-        libIRDB::IBTProvenance_t IBT_provs;
+		libIRDB::IBTProvenance_t IBT_provs;
 
 	friend class STARS_IRDB_Function_t;
 };

include/interfaces/irdb/STARSSegment.h

@@ -66,7 +66,6 @@ class STARS_IRDB_Segment_t : public STARS_Segment_t
 		virtual bool GetReadOnlyMem16BitValue(STARS_ea_t MemAddr, uint16_t &Value) const;
 		virtual bool GetReadOnlyMem8BitValue(STARS_ea_t MemAddr, uint8_t &Value) const;
 
-
 	private:
 		ELFIO::section* the_seg;
 		int segno;

src/base/SMPInstr.cpp

@@ -19033,6 +19033,7 @@ bool SMPInstr::BuildMultiplyDivideRTL(SMPoperator BinaryOp) {
 	bool SourceFound = false;
 	bool x86ImulCase = (BinaryOp == SMP_S_MULTIPLY);
 	bool ThreeOperandCase = false;
+	bool DivisionCase = ((BinaryOp == SMP_S_DIVIDE) || (BinaryOp == SMP_U_DIVIDE));
 	bool ImplicitDEFs = false;
 	bool InvisibleOperand = false;
 	SMPRegTransfer *TempRT = NULL;
@@ -19087,11 +19088,16 @@ bool SMPInstr::BuildMultiplyDivideRTL(SMPoperator BinaryOp) {
 				}
 				else {
 					ByteSourceOperand = (1 == TempOp->GetByteWidth());
-					if (!ThreeOperandCase) {
-						RightRT->SetRightOperand(TempOp);
+					if (ThreeOperandCase) {
+						RightRT->SetLeftOperand(TempOp);
 					}
-					else {
+					else if ((0 == OpNum) && DestFound) {
+						// e.g. RAX := RAX / RCX; processing RAX as both DEF and USE
 						RightRT->SetLeftOperand(TempOp);
+						SourceFound = false; // keep looking for divisor or multiplier
+					}
+					else {
+						RightRT->SetRightOperand(TempOp);
 					}
 				}
 			}

src/base/SMPProgram.cpp

@@ -324,6 +324,11 @@ void SMPProgram::Analyze(ProfilerInformation *pi, FILE *AnnotFile, FILE *InfoAnn
 	} // end for all segments
 // #endif   // STARS_IDA_INTERFACE
 
+	bool FuncBoundProblems2 = global_stars_interface->AuditEHFunctionBoundaries();
+	if (FuncBoundProblems2) {
+		SMP_msg("SERIOUS WARNING: Function boundary problems detected using EH_FRAME FDEs.\n");
+	}
+
 	size_t NumFuncs = SMP_get_func_qty();
 #if SMP_DEBUG
 	SMP_msg("INFO: Number of functions: %zu Total Code Size: %llu\n", NumFuncs, STARS_TotalCodeSize);

src/interfaces/idapro/STARSInterface.cpp

@@ -9,6 +9,11 @@
 #include "base/SMPFunction.h"
 #include "base/SMPProgram.h"
 
+#define STARS_USE_EHP_LIB 0
+#if STARS_USE_EHP_LIB
+#include <ehp.hpp> // security_transforms/libehp/include/ehp.hpp
+#endif
+
 #if 0
 #include <pro.h>
 #include <fpro.h>
@@ -28,7 +33,9 @@
 #pragma GCC diagnostic pop
 
 using namespace std;
-
+#if STARS_USE_EHP_LIB
+using namespace EHP;
+#endif
 int STARS_IDA_Interface_t::STARS_fprintf(FILE *fp, const char *format, ...) {
 	va_list va;
 	va_start(va, format);
@@ -388,7 +395,7 @@ void STARS_IDA_Interface_t::AuditCodeTargets(void)
 bool STARS_IDA_Interface_t::AuditFunctionBoundaries(const STARS_ea_t startEA, const STARS_ea_t endEA) const {
 	bool ProblemFound = false;
 
-	// Use the tryblks.hpp interface from IDA Pro to parse the EH_FRAME
+	// First, use the tryblks.hpp interface from IDA Pro to parse the EH_FRAME
 	//  section in the ELF binary, or equivalent section in other binaries.
 	// 
 	// Algorithm:
@@ -410,9 +417,10 @@ bool STARS_IDA_Interface_t::AuditFunctionBoundaries(const STARS_ea_t startEA, co
 		if (CurrTryBlk.is_cpp()) { // C++ try/catch type
 
 			// Step 3.
-			for (std::size_t TryIndex = 0; TryIndex < CurrTryBlk.size(); ++TryIndex) {
-				range_t CurrTryBlk2 = CurrTryBlk.at(TryIndex);
-				for (std::size_t TryIndex2 = 0; TryIndex2 < CurrTryBlk2.size(); ++TryIndex2) {
+			for (std::size_t TryIndex2 = 0; TryIndex2 < CurrTryBlk.size(); ++TryIndex2) {
+				range_t CurrTryBlk2 = CurrTryBlk.at(TryIndex2);
+				// !!!!****!!!! TryIndex3 not used; review data structures
+				for (std::size_t TryIndex3 = 0; TryIndex3 < CurrTryBlk2.size(); ++TryIndex3) {
 					STARS_ea_t CurrStartEA = CurrTryBlk2.start_ea;
 					STARS_ea_t CurrEndEA = CurrTryBlk2.end_ea;
 
@@ -430,16 +438,46 @@ bool STARS_IDA_Interface_t::AuditFunctionBoundaries(const STARS_ea_t startEA, co
 						SMP_msg("ERROR: FUNCBOUNDS: Try block from %llx to %llx spans functions\n",
 							(uint64_t) CurrStartEA, (uint64_t) (CurrEndEA - 1));
 					}
-				}
-			}
+				} // end for TryIndex3
+			}  // end for TryIndex2
 		}
-	}
+	} // end for TryIndex
 
 	delete TryBlockVec;
 
 	return ProblemFound;
 } // end of STARS_IDA_Interface_t::AuditFunctionBoundaries()
 
+// Detect IDA Pro func boundary problems using EH_FRAME FDE info; true if problems found
+bool STARS_IDA_Interface_t::AuditEHFunctionBoundaries(void) const {
+	bool ProblemFound = false;
+#if	STARS_USE_EHP_LIB
+	// Use the FDEs (Frame Descriptor Entries) from the eh_frame section
+	//  to perform the same algorithm as above: an FDE should contain only one func.
+	const auto & EHParser = EHFrameParser_t::factory(global_STARS_program->GetRootFileName());
+	for (auto &FDEvecptr : EHParser->getFDEs()) {
+		for (auto &FDEveciter = FDEvecptr->begin(); FDEveciter != FDEvecptr->end(); ++FDEveciter) {
+			uint64_t startAddr = (*FDEveciter)->getStartAddress();
+			uint64_t endAddr = (*FDEveciter)->getEndAddress();
+
+			// See if start and end of FDE landing pad are in the same func.
+			STARS_ea_t CurrStartEA = (STARS_ea_t) startAddr;
+			STARS_ea_t CurrEndEA = (STARS_ea_t) endAddr;
+			STARS_Function_t *StartFunc = SMP_get_func(CurrStartEA);
+			STARS_Function_t *EndFunc = SMP_get_func(CurrEndEA - 1);
+
+			if (StartFunc != EndFunc) {
+				ProblemFound = true;
+				SMP_msg("ERROR: FUNCBOUNDS: FDE range from %llx to %llx spans functions\n",
+					(uint64_t) CurrStartEA, (uint64_t) (CurrEndEA - 1));
+			}
+		}
+	} 
+#endif
+
+	return ProblemFound;
+} // end of STARS_IDA_Interface_t::AuditEHFunctionBoundaries()
+
 // Patch IDA Pro database.
 bool STARS_IDA_Interface_t::STARS_patch_byte(STARS_ea_t InstAddr, uint32_t ByteValue) {
 	return patch_byte(InstAddr, ByteValue);

src/interfaces/irdb/STARS_IRDB_Instruction.cpp

@@ -653,7 +653,8 @@ uint16_t STARS_IRDB_Instruction_t::GetIDAOpcode(void)
 	CHECK_FOR_INSN_RENAME(prefetcht1, "prefetchT1");
 	CHECK_FOR_INSN(prefetcht2);
 	CHECK_FOR_INSN_RENAME(prefetcht2, "prefetchT2");
-	CHECK_FOR_INSN_RENAME(prefetchnta, "prefetchNTA");
+	CHECK_FOR_INSN_RENAME(prefetchnta, "prefetchNTA"); // beaengine rename
+	CHECK_FOR_INSN(prefetchnta);  // capstone needs no rename
 	CHECK_FOR_INSN(sfence);