From 732a3a9b2c8d17f6f9f25048f921c3f36b6a071d Mon Sep 17 00:00:00 2001
From: Jason Hiser <jdhiser@gmail.com>
Date: Tue, 16 Jul 2019 14:23:38 -0400
Subject: [PATCH] Added exception handling around EHP for processing non-linux
binaries where EHP is ineffective.
---
src/interfaces/idapro/STARSInterface.cpp | 70 +++++++++++++-----------
1 file changed, 39 insertions(+), 31 deletions(-)
diff --git a/src/interfaces/idapro/STARSInterface.cpp b/src/interfaces/idapro/STARSInterface.cpp
index d0e2d7ca..386d37f2 100644
--- a/src/interfaces/idapro/STARSInterface.cpp
+++ b/src/interfaces/idapro/STARSInterface.cpp
@@ -477,38 +477,46 @@ bool STARS_IDA_Interface_t::AuditEHFunctionBoundaries(void) {
// Use the FDEs (Frame Descriptor Entries) from the eh_frame section
// to perform the same algorithm as above: an FDE should contain only one func.
const string ExeFileName = global_STARS_program->GetRootFileName();
- auto EHParser = EHP::EHFrameParser_t::factory(ExeFileName);
- const auto FDEvecptr = EHParser->getFDEs();
- for (const auto FDEveciter : *FDEvecptr) {
- uint64_t startAddr = FDEveciter->getStartAddress();
- uint64_t endAddr = FDEveciter->getEndAddress();
-
- // See if start and end of FDE landing pad are in the same IDA Pro func.
- STARS_ea_t CurrStartEA = (STARS_ea_t) startAddr;
- STARS_ea_t CurrEndEA = (STARS_ea_t) endAddr;
- func_t *StartFunc = ::get_func(CurrStartEA);
- func_t *EndFunc = ::get_func(CurrEndEA - 1);
-
- if (StartFunc != EndFunc) {
- STARS_Segment_t *FuncSeg = this->getseg(CurrStartEA);
- assert(nullptr != FuncSeg);
- char SegName[STARS_MAXSTR];
- STARS_ssize_t SegNameLen = FuncSeg->GetSegmentName(SegName, STARS_MAXSTR - 1);
- assert(0 < SegNameLen);
- const bool PLTflag = (nullptr != strstr(SegName, "plt"));
- const bool DYNflag = (nullptr != strstr(SegName, "dyn"));
- if (!(PLTflag || DYNflag)) {
- ProblemFound = true;
- SMP_msg("INFO: FUNCBOUNDS: FDE range from %llx to %llx spans functions in segment %s\n",
- (uint64_t) CurrStartEA, (uint64_t) (CurrEndEA - 1), SegName);
- bool success = this->RedefineIDAFuncBounds(StartFunc, EndFunc, CurrStartEA, CurrEndEA);
- if (success)
- SMP_msg("INFO: Redefined IDA FuncBounds successfully.\n");
- else
- SMP_msg("ERROR: Failed to redefine IDA FuncBounds.\n");
+ try
+ {
+ auto EHParser = EHP::EHFrameParser_t::factory(ExeFileName);
+ const auto FDEvecptr = EHParser->getFDEs();
+ for (const auto FDEveciter : *FDEvecptr) {
+ uint64_t startAddr = FDEveciter->getStartAddress();
+ uint64_t endAddr = FDEveciter->getEndAddress();
+
+ // See if start and end of FDE landing pad are in the same IDA Pro func.
+ STARS_ea_t CurrStartEA = (STARS_ea_t) startAddr;
+ STARS_ea_t CurrEndEA = (STARS_ea_t) endAddr;
+ func_t *StartFunc = ::get_func(CurrStartEA);
+ func_t *EndFunc = ::get_func(CurrEndEA - 1);
+
+ if (StartFunc != EndFunc) {
+ STARS_Segment_t *FuncSeg = this->getseg(CurrStartEA);
+ assert(nullptr != FuncSeg);
+ char SegName[STARS_MAXSTR];
+ STARS_ssize_t SegNameLen = FuncSeg->GetSegmentName(SegName, STARS_MAXSTR - 1);
+ assert(0 < SegNameLen);
+ const bool PLTflag = (nullptr != strstr(SegName, "plt"));
+ const bool DYNflag = (nullptr != strstr(SegName, "dyn"));
+ if (!(PLTflag || DYNflag)) {
+ ProblemFound = true;
+ SMP_msg("INFO: FUNCBOUNDS: FDE range from %llx to %llx spans functions in segment %s\n",
+ (uint64_t) CurrStartEA, (uint64_t) (CurrEndEA - 1), SegName);
+ bool success = this->RedefineIDAFuncBounds(StartFunc, EndFunc, CurrStartEA, CurrEndEA);
+ if (success)
+ SMP_msg("INFO: Redefined IDA FuncBounds successfully.\n");
+ else
+ SMP_msg("ERROR: Failed to redefine IDA FuncBounds.\n");
+ }
}
- }
- } // end for (const auto FDEveciter : *FDEvecptr)
+ } // end for (const auto FDEveciter : *FDEvecptr)
+ }
+ catch(const std::exception& e)
+ {
+ const auto msg = string("WARN: Unhandled exception when processing EH frame: ")+e.what();
+ SMP_msg(msg.c_str());
+ }
#endif // __X64__
#endif // STARS_USE_EHP_LIB
--
GitLab