diff --git a/SMPStaticAnalyzer b/SMPStaticAnalyzer
index 71e80441bc3c760293a19682cfbc354a38e7fce5..e535bd49786493fa14b47697f82ba04583f1de4c 160000
--- a/SMPStaticAnalyzer
+++ b/SMPStaticAnalyzer
@@ -1 +1 @@
-Subproject commit 71e80441bc3c760293a19682cfbc354a38e7fce5
+Subproject commit e535bd49786493fa14b47697f82ba04583f1de4c
diff --git a/irdb-libs/SConscript b/irdb-libs/SConscript
index f2fd5752b6bf39ba65a5d65c93adafaa00528536..19c7bc9d8a4273c3f245145d28e451d247a8199c 100644
--- a/irdb-libs/SConscript
+++ b/irdb-libs/SConscript
@@ -13,8 +13,6 @@ if env.GetOption('clean'):
os.remove(os.environ['SECURITY_TRANSFORMS_HOME']+"/include/targ-config.h")
os.chdir(os.environ['SECURITY_TRANSFORMS_HOME']+"/third_party/capstone")
os.system("make clean")
-# if os.path.exists(os.environ['SECURITY_TRANSFORMS_HOME']+"/third_party/capstone/zipr_unpack"):
-# shutil.rmtree(os.environ['SECURITY_TRANSFORMS_HOME']+"/third_party/capstone/zipr_unpack")
os.chdir(os.environ['SECURITY_TRANSFORMS_HOME'])
@@ -30,12 +28,6 @@ else:
print "Rebuilding libcapstone."
jobs=env.GetOption('num_jobs')
os.system("make -j "+str(jobs))
-# os.chdir(os.environ['SECURITY_TRANSFORMS_HOME']+"/third_party/capstone")
-# if not os.path.exists(os.environ['SECURITY_TRANSFORMS_HOME']+"/third_party/capstone/zipr_unpack"):
-# os.mkdir(os.environ['SECURITY_TRANSFORMS_HOME']+"/third_party/capstone/zipr_unpack")
-# os.chdir(os.environ['SECURITY_TRANSFORMS_HOME']+"/third_party/capstone/zipr_unpack")
-# print "Unpacking libcapstone.a for libIRDB-core."
-# os.system("ar x "+os.environ['SECURITY_TRANSFORMS_HOME']+"/libcapstone/libcapstone.a")
os.chdir(os.environ['SECURITY_TRANSFORMS_HOME'])
@@ -96,13 +88,6 @@ dump_insns=SConscript("dump_insns/SConscript", variant_dir='scons_build/dump_ins
ir_builders=SConscript("ir_builders/SConscript", variant_dir='scons_build/ir_builders')
-# no more tools in irdb-libs
-#tools=None
-#if 'build_tools' not in env or env['build_tools'] is None or int(env['build_tools']) == 1:
-# tools=SConscript("tools/SConscript", variant_dir='scons_build/tools')
-# if "PEDI_HOME" in os.environ:
-# Depends(pedi,tools)
-
libs=( libIRDBcore,
libIRDBcfg,
libIRDButil,
diff --git a/irdb-libs/ir_builders/SConscript b/irdb-libs/ir_builders/SConscript
index d5809f0fc26ad0ee3f4d43b2c5a529748d23460f..a3f98fdfe12c45e1b6039ec5f8332499173144ac 100644
--- a/irdb-libs/ir_builders/SConscript
+++ b/irdb-libs/ir_builders/SConscript
@@ -16,10 +16,11 @@ if 'build_tools' not in myenv or myenv['build_tools'] is None or int(myenv['buil
$SECURITY_TRANSFORMS_HOME/libehp/include
$SECURITY_TRANSFORMS_HOME/libMEDSannotation/include/
$SECURITY_TRANSFORMS_HOME/third_party/elfio-code
+ $SECURITY_TRANSFORMS_HOME/third_party/pebliss/pe_lib
'''
LIBPATH="$SECURITY_TRANSFORMS_HOME/lib"
- LIBS=Split( 'irdb-cfg irdb-util pqxx ' + env.subst('$BASE_IRDB_LIBS')+ " ehp irdb-transform MEDSannotation EXEIO")
+ LIBS=Split( 'irdb-cfg irdb-util pqxx ' + env.subst('$BASE_IRDB_LIBS')+ " ehp irdb-transform MEDSannotation EXEIO pebliss")
myenv=myenv.Clone(CPPPATH=Split(cpppath))
diff --git a/irdb-libs/ir_builders/fill_in_cfg.cpp b/irdb-libs/ir_builders/fill_in_cfg.cpp
index c6c39475e321217ff464e07a19c398a2ab71989f..91f520ab203b2afe4120094becf7f433aa734d3b 100644
--- a/irdb-libs/ir_builders/fill_in_cfg.cpp
+++ b/irdb-libs/ir_builders/fill_in_cfg.cpp
@@ -277,25 +277,9 @@ void PopulateCFG::add_new_instructions(FileIR_t *firp)
newinsnbits[i]=data[offset_into_section+i];
/* create a new address */
- /*
- auto newaddr=new AddressID_t();
- assert(newaddr);
- newaddr->setVirtualOffset(missed_address);
- newaddr->setFileID(missed_fileid);
- firp->getAddresses().insert(newaddr);
- */
auto newaddr=firp->addNewAddress(missed_fileid,missed_address);
/* create a new instruction */
- /*
- auto newinsn=new Instruction_t();
- assert(newinsn);
- newinsn->setAddress(newaddr);
- newinsn->setDataBits(newinsnbits);
- newinsn->setComment(disasm.getDisassembly()+string(" from fill_in_cfg "));
- firp->getInstructions().insert(newinsn);
- newinsn->setAddress(newaddr);
- */
auto newinsn=firp->addNewInstruction(newaddr, nullptr, newinsnbits, disasm.getDisassembly()+string(" from fill_in_cfg "), nullptr);
(void)newinsn;// just add to IR
@@ -662,7 +646,6 @@ void PopulateCFG::ctor_detection(FileIR_t *firp)
void PopulateCFG::fill_in_landing_pads(FileIR_t *firp)
{
const auto eh_frame_rep_ptr = split_eh_frame_t::factory(firp);
- // eh_frame_rep_ptr->parse(); already parsed now.
if(getenv("EHIR_VERBOSE"))
eh_frame_rep_ptr->print();
cout<<"Completed eh-frame parsing"<<endl;
diff --git a/irdb-libs/ir_builders/fill_in_indtargs.cpp b/irdb-libs/ir_builders/fill_in_indtargs.cpp
index 8942de697826200e9c0c75b12d29afae25f97853..426c667a34043f50c935d6adafb9f764a5cd59db 100644
--- a/irdb-libs/ir_builders/fill_in_indtargs.cpp
+++ b/irdb-libs/ir_builders/fill_in_indtargs.cpp
@@ -242,7 +242,7 @@ void mark_targets(FileIR_t *firp)
{
for(auto insn : firp->getInstructions())
{
- auto addr=insn->getAddress()->getVirtualOffset();
+ const auto addr=insn->getAddress()->getVirtualOffset();
/* lookup in the list of targets */
if(targets.find(addr)!=targets.end())
@@ -2821,12 +2821,11 @@ ICFS_t* setup_ret_hellnode(FileIR_t* firp, EXEIO::exeio* exeiop)
void mark_return_points(FileIR_t* firp)
{
-
// add unmarked return points. fix_calls will deal with whether they need to be pinned or not later.
- for(auto insn : firp->getInstructions())
+ for(const auto insn : firp->getInstructions())
{
- auto d=DecodedInstruction_t::factory(insn);
- if(string("call")==d->getMnemonic() && insn->getFallthrough())
+ const auto d=DecodedInstruction_t::factory(insn);
+ if(d->isCall() && insn->getFallthrough())
{
targets[insn->getFallthrough()->getAddress()->getVirtualOffset()].add(ibt_provenance_t::ibtp_ret);
}
@@ -2837,7 +2836,7 @@ void mark_return_points(FileIR_t* firp)
void print_icfs(FileIR_t* firp)
{
cout<<"Printing ICFS sets."<<endl;
- for(auto insn : firp->getInstructions())
+ for(const auto insn : firp->getInstructions())
{
auto icfs=insn->getIBTargets();
@@ -2845,13 +2844,13 @@ void print_icfs(FileIR_t* firp)
if(!icfs)
continue;
- cout<<hex<<insn->getAddress()->getVirtualOffset()<<" -> ";
+ cout << hex << insn->getAddress()->getVirtualOffset() << " -> ";
for(auto target : *icfs)
{
- cout<<hex<<target->getAddress()->getVirtualOffset()<<" ";
+ cout << hex << target->getAddress()->getVirtualOffset() << " ";
}
- cout<<endl;
+ cout << endl;
}
}
@@ -3880,16 +3879,13 @@ int executeStep()
max_base_id=firp->getMaxBaseID();
// read the executeable file
- int elfoid=firp->getFile()->getELFOID();
- pqxx::largeobject lo(elfoid);
- lo.to_file(pqxx_interface->getTransaction(),"readeh_tmp_file.exe");
auto exeiop=unique_ptr<EXEIO::exeio>(new EXEIO::exeio);
- exeiop->load(string("readeh_tmp_file.exe"));
+ exeiop->load(string("a.ncexe"));
// find all indirect branch targets
fill_in_indtargs(firp, exeiop.get(), do_unpin_opt);
if(split_eh_frame_opt)
- split_eh_frame(firp);
+ split_eh_frame(firp,exeiop.get());
if(firp->getArchitecture()->getMachineType() != admtAarch64)
assert(getenv("SELF_VALIDATE")==nullptr || ranges.size() > 1 );
diff --git a/irdb-libs/ir_builders/fill_in_indtargs.hpp b/irdb-libs/ir_builders/fill_in_indtargs.hpp
index dd0500d1f5ce03c7760387d5739c80d5cdbf1ad2..8d62fe956f7210cc6377a43e6e09c84826d21195 100644
--- a/irdb-libs/ir_builders/fill_in_indtargs.hpp
+++ b/irdb-libs/ir_builders/fill_in_indtargs.hpp
@@ -219,5 +219,5 @@ class fii_icfs : public IRDB_SDK::InstructionSet_t
};
-void split_eh_frame(IRDB_SDK::FileIR_t* firp);
+void split_eh_frame(IRDB_SDK::FileIR_t* firp, EXEIO::exeio *exeiop);
diff --git a/irdb-libs/ir_builders/split_eh_frame.cpp b/irdb-libs/ir_builders/split_eh_frame.cpp
index 0d004b1df53cb41f53ca625bcd1cb47351303b21..1f1d6983b3a38fdc189896120d3ebaed364deaa4 100644
--- a/irdb-libs/ir_builders/split_eh_frame.cpp
+++ b/irdb-libs/ir_builders/split_eh_frame.cpp
@@ -13,7 +13,12 @@
#include <tuple>
#include <functional>
+// stuff to read the exe file
#include <exeio.h>
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+#include <pe_bliss.h>
+#pragma GCC diagnostic pop
+
#include "split_eh_frame.hpp"
#include "ehp.hpp"
@@ -22,9 +27,18 @@ using namespace std;
using namespace EXEIO;
using namespace IRDB_SDK;
using namespace EHP;
+using namespace pe_bliss;
#define ALLOF(s) begin(s), end(s)
+template <class T>
+static inline T round_up_to(const T& x, const uint64_t& to)
+{
+ assert( (to & (to-1)) == 0 );
+ return ( (((uintptr_t)(x)) + to-1) & (~(to-1)) );
+}
+
+
struct EhProgramPlaceHolder_t
{
@@ -63,7 +77,7 @@ void split_eh_frame_impl_t<ptrsize>::lsda_call_site_build_ir
(
const LSDACallSite_t& cs,
Instruction_t* insn,
- const /*vector<lsda_type_table_entry_t <ptrsize> > &*/ std::shared_ptr<EHP::TypeTableVector_t> type_table_ptr,
+ const EHP::TypeTableVector_t* type_table_ptr,
const uint8_t& tt_encoding
) const
{
@@ -81,7 +95,7 @@ void split_eh_frame_impl_t<ptrsize>::lsda_call_site_build_ir
lp_insn=lp_it->second;
// create the callsite.
- auto new_ehcs = firp->addEhCallSite_t(insn, tt_encoding, lp_insn);
+ auto new_ehcs = firp->addEhCallSite(insn, tt_encoding, lp_insn);
//cout<<"landing pad addr : 0x"<<hex<<landing_pad_addr<<endl;
if(action_table.size() == 0 )
@@ -121,11 +135,6 @@ void split_eh_frame_impl_t<ptrsize>::lsda_call_site_build_ir
auto addend=0;
if(wrt!=NULL)
addend=type_table.at(index)->getTypeInfoPointer()-wrt->getStart()->getVirtualOffset();
- /*
- auto newreloc=new Relocation_t(BaseObj_t::NOT_IN_DATABASE, offset, "type_table_entry", wrt, addend);
- new_ehcs->getRelocations().insert(newreloc);
- firp->getRelocations().insert(newreloc);
- */
auto newreloc=firp->addNewRelocation(new_ehcs,offset, "type_table_entry", wrt, addend);
(void)newreloc; // just give it to the ir
@@ -164,7 +173,7 @@ void split_eh_frame_impl_t<ptrsize>::lsda_build_ir(const LSDA_t& lsda, Instructi
const auto& call_site_table=*call_site_table_ptr;
const auto& type_table_ptr=lsda.getTypeTable();
- const auto cs_ptr_it=find_if(ALLOF(call_site_table), [&](const shared_ptr<LSDACallSite_t> &p)
+ const auto cs_ptr_it=find_if(ALLOF(call_site_table), [&](const LSDACallSite_t* p)
{
return lsda_call_site_appliesTo(*p, insn);
});
@@ -251,9 +260,6 @@ void split_eh_frame_impl_t<ptrsize>::build_ir() const
friend struct EhProgramComparator_t;
};
- //const auto fdes_ptr=eh_frame_parser->getFDEs();
- //const auto &fdes=*fdes_ptr;
-
auto reusedpgms=size_t(0);
struct EhProgramComparator_t
{
@@ -284,7 +290,6 @@ void split_eh_frame_impl_t<ptrsize>::build_ir() const
);
else
return lhs.hashcode < rhs.hashcode;
-// return tie(*a.first, a.second) < tie(*b.first,b.second);
}
};
@@ -297,8 +302,8 @@ void split_eh_frame_impl_t<ptrsize>::build_ir() const
{
const auto find_addr=insn->getAddress()->getVirtualOffset();
static auto fie_ptr=(const FDEContents_t*)nullptr;
- static auto cie_instructions=shared_ptr<EHProgramInstructionVector_t>();
- static auto fde_instructions=shared_ptr<EHProgramInstructionVector_t>();
+ static auto cie_instructions=(const EHProgramInstructionVector_t* )nullptr;
+ static auto fde_instructions=(const EHProgramInstructionVector_t* )nullptr;
if (fie_ptr && fie_ptr->getStartAddress() <= find_addr && find_addr < fie_ptr->getEndAddress())
{
@@ -332,9 +337,9 @@ void split_eh_frame_impl_t<ptrsize>::build_ir() const
const auto personality=fie_ptr->getCIE().getPersonality();
const auto insn_addr=insn->getAddress()->getVirtualOffset();
- auto import_pgm = [&](EhProgramListing_t& out_pgm_final, const shared_ptr<EHProgramInstructionVector_t> &in_pgm_instructions_ptr) -> void
+ auto import_pgm = [&](EhProgramListing_t& out_pgm_final, const EHProgramInstructionVector_t* in_pgm_instructions_ptr) -> void
{
- auto out_pgm=vector<shared_ptr<EHProgramInstruction_t> >();
+ auto out_pgm=vector<const EHProgramInstruction_t* >();
auto cur_addr=fde_addr;
const auto &in_pgm_instructions=*in_pgm_instructions_ptr;
auto last_was_def_cfa_offset = false;
@@ -393,7 +398,7 @@ void split_eh_frame_impl_t<ptrsize>::build_ir() const
(
ALLOF(out_pgm),
back_inserter(out_pgm_final),
- [](const shared_ptr<EHProgramInstruction_t>& p){ return string(ALLOF(p->getBytes()));}
+ [](const EHProgramInstruction_t* p){ return string(ALLOF(p->getBytes()));}
);
};
@@ -424,12 +429,6 @@ void split_eh_frame_impl_t<ptrsize>::build_ir() const
cout<<"Allocating new Program!"<<endl;
// allocate a new pgm in the heap so we can give it to the IR.
- /*
- auto newehpgm=new EhProgram_t(ehpgm); // copy constructor
- assert(newehpgm);
- firp->getAllEhPrograms().insert(newehpgm);
- insn->setEhProgram(newehpgm);
- */
auto newehpgm=firp->addEhProgram(insn, ehpgm.caf, ehpgm.daf,ehpgm.rr, ehpgm.ptrsize, ehpgm.cie_program, ehpgm.fde_program);
// allocate a relocation for the personality and give it to the IR.
@@ -460,12 +459,6 @@ void split_eh_frame_impl_t<ptrsize>::build_ir() const
else
assert(0);
- /*
- auto newreloc=new Relocation_t(BaseObj_t::NOT_IN_DATABASE, 0, "personality", personality_obj, addend);
- assert(newreloc);
- newehpgm->getRelocations().insert(newreloc);
- firp->getRelocations().insert(newreloc);
- */
auto newreloc=firp->addNewRelocation(newehpgm,0, "personality", personality_obj, addend);
(void)newreloc; // not used, just give it to the IR
@@ -487,45 +480,6 @@ void split_eh_frame_impl_t<ptrsize>::build_ir() const
};
-#if 0
- auto remove_reloc=[&](Relocation_t* r) -> void
- {
- firp->getRelocations().erase(r);
- delete r;
- };
-
- auto remove_address=[&](AddressID_t* a) -> void
- {
- firp->getAddresses().erase(a);
- for(auto &r : a->getRelocations()) remove_reloc(r);
- for(auto &r : firp->getRelocations()) assert(r->getWRT() != a);
- delete a;
- };
-
- auto remove_scoop=[&] (DataScoop_t* s) -> void
- {
- if(s==NULL)
- return;
- firp->getDataScoops().erase(s);
- remove_address(s->getStart());
- remove_address(s->getEnd());
- for(auto &r : s->getRelocations()) remove_reloc(r);
- for(auto &r : firp->getRelocations()) assert(r->getWRT() != s);
- delete s;
- };
-#endif
-
- /*
- for(auto f : firp->getFunctions())
- {
- for(Instruction_t* i : f->getInstructions())
- {
- build_ir_insn(i);
- }
- eh_program_cache.clear(); // this can get big, so we erase it between functions. there's minimal re-use between functions anyhow
- }
- */
-
for(Instruction_t* i : firp->getInstructions())
{
build_ir_insn(i);
@@ -562,7 +516,7 @@ Instruction_t* split_eh_frame_impl_t<ptrsize>::find_lp(Instruction_t* i) const
const auto &cstab_ptr = the_lsda.getCallSites();
const auto &cstab = *cstab_ptr;
- const auto cstab_it=find_if(ALLOF(cstab), [&](const shared_ptr<LSDACallSite_t>& cs)
+ const auto cstab_it=find_if(ALLOF(cstab), [&](const LSDACallSite_t* cs)
{ return lsda_call_site_appliesTo(*cs,i); });
if(cstab_it==cstab.end())
@@ -641,12 +595,157 @@ unique_ptr<split_eh_frame_t> split_eh_frame_t::factory(FileIR_t *firp)
}
-void split_eh_frame(FileIR_t* firp)
+
+
+template <int ptrsize>
+class pe_eh_split_t
+{
+ private:
+ FileIR_t* firp;
+ exeio *exeiop;
+ OffsetMap_t offset_to_insn_map;
+
+ public:
+ pe_eh_split_t(FileIR_t* p_firp, exeio *p_exeiop)
+ :
+ firp(p_firp),
+ exeiop(p_exeiop)
+ {
+ init_offset_map();
+ }
+
+ void split_pe_file()
+ {
+ const auto peb_obj=reinterpret_cast<pe_base*>(exeiop->get_pebliss());
+ assert(peb_obj != nullptr);
+
+ auto edd = get_exception_directory_data(*peb_obj);
+
+ for(auto i=0u; i < edd.size(); i++)
+ {
+ const auto &exc = edd[i];
+
+ cout << boolalpha ;
+ cout << "Entry is: " << exc.get_begin_address() << "-" << exc.get_end_address() << endl;
+ cout << "\thas except handler " << exc.has_exception_handler() << endl;
+ cout << "\thas term handler " << exc.has_termination_handler() << endl;
+ cout << "\tis chain info " << exc.is_chaininfo() << endl;
+ cout << "\tprologue size " << +exc.get_size_of_prolog() << endl;
+ cout << "\tunwind slots " << +exc.get_number_of_unwind_slots() << endl;
+ cout << "\tuses fp " << +exc.uses_frame_pointer() << endl;
+ cout << "\tfp reg " << +exc.get_frame_pointer_register_number() << endl;
+ cout << "\tscaled rsp offset " << +exc.get_scaled_rsp_offset() << endl;
+
+ const auto unwind_addr = exc.get_unwind_info_address();
+ const auto &unwind_sec = peb_obj->section_from_rva(unwind_addr);
+ const auto next_unwind_addr = i < edd.size() ? // last element?
+ edd[i+1].get_unwind_info_address() : // yes: value from start of next unwind info entry
+ unwind_sec.get_virtual_address() + unwind_sec.get_virtual_size(); // no: end of section
+ const auto &unwind_data_str = unwind_sec.get_virtual_data(0x1000);
+ const auto unwind_data_ptr = unwind_data_str.data();
+ assert(unwind_data_ptr != nullptr);
+
+ // cast the contents of the section at the right offset for unwind_addr to an unwind_info struct pointer
+ const auto unwind_struct_ptr = reinterpret_cast<const pe_win::unwind_info*>( unwind_data_ptr + (unwind_addr - unwind_sec.get_virtual_address()) );
+ const auto &unwind_struct = *unwind_struct_ptr;
+
+ // extract some fields
+ const auto has_handler = exc.has_exception_handler() || exc.has_termination_handler();
+ const auto version = uint8_t(unwind_struct.Version);
+ const auto flags = uint8_t(unwind_struct.Flags);
+ const auto frame_reg = uint8_t(unwind_struct.FrameRegister);
+ const auto frame_offset = uint8_t(unwind_struct.FrameOffset);
+ const auto unwind_pgm_size = round_up_to(unwind_struct.CountOfCodes,2);
+ const auto handler_ptr = reinterpret_cast<const uint32_t*>(&unwind_struct.UnwindCode[unwind_pgm_size]);
+ const auto handler_rva = *handler_ptr;
+ const auto handler_addr = firp->getArchitecture()->getFileBase() + handler_rva;
+ const auto handler_insn_it = offset_to_insn_map.find(handler_addr);
+ const auto handler_insn = has_handler ? handler_insn_it->second : (Instruction_t*)nullptr;
+
+
+ assert( (handler_insn_it != end(offset_to_insn_map)) == has_handler);
+
+ auto user_data = string();
+ if(has_handler)
+ {
+ const auto unwind_user_data = reinterpret_cast<const char*>(handler_ptr) + sizeof(uint32_t);
+ const auto unwind_info_size_with_unwindcode_array = reinterpret_cast<const char*>(&unwind_struct.UnwindCode[unwind_pgm_size]) - reinterpret_cast<const char*>(&unwind_struct);
+ const auto user_data_addr = firp->getArchitecture()->getFileBase() + unwind_addr + unwind_info_size_with_unwindcode_array;
+
+ for(auto i=user_data_addr ; i < next_unwind_addr; i++)
+ user_data.push_back(unwind_user_data[i-user_data_addr]);
+ }
+
+
+
+ // create the EH program and Callsite info that's shared by all insns in this exception handling range
+ auto cie_pgm=EhProgramListing_t
+ {
+ // cast the version and flags into strings and store in the cie program
+ {reinterpret_cast<const char*>(&version) , 1},
+ {reinterpret_cast<const char*>(&flags) , 1},
+ {reinterpret_cast<const char*>(&frame_reg) , 1},
+ {reinterpret_cast<const char*>(&frame_offset), 1},
+ user_data
+ };
+ auto fde_pgm=EhProgramListing_t();
+ for(auto i=0u; i < unwind_struct.CountOfCodes; i++)
+ // convert the unwind code into a string for the fde program
+ fde_pgm.push_back( { reinterpret_cast<const char*>(&unwind_struct.UnwindCode[i]) ,sizeof(unwind_struct.UnwindCode[0]) } );
+
+
+ auto ehpgm = firp->addEhProgram(
+ /*Instruction_t* insn */ nullptr,
+ /*const uint64_t caf */ 1,
+ /*const int64_t daf */ 1,
+ /*const uint8_t rr */ 1,
+ /*const uint8_t p_ptrsize */ 8,
+ /*const EhProgramListing_t& */ cie_pgm,
+ /*const EhProgramListing_t& */ fde_pgm);
+
+ auto ehcs = firp->addEhCallSite(
+ /* Instruction_t* for_insn */ nullptr,
+ /* const uint64_t enc=*/ 0,
+ /* Instruction_t* lp=*/ handler_insn);
+
+
+
+ const auto file_base = firp->getArchitecture()->getFileBase();
+ for(auto i=exc.get_begin_address() ; i < exc.get_end_address() ; i++)
+ {
+ const auto insn_it = offset_to_insn_map.find(i + file_base);
+ if (insn_it != end(offset_to_insn_map))
+ {
+ auto insn = insn_it->second;
+ assert(insn != nullptr);
+ cout << "Applying to " << insn->getDisassembly() << endl;
+
+ insn->setEhProgram(ehpgm);
+ insn->setEhCallSite(ehcs);
+ }
+ }
+
+ }
+ }
+ bool init_offset_map()
+ {
+ for(const auto i : firp->getInstructions())
+ {
+ offset_to_insn_map[i->getAddress()->getVirtualOffset()]=i;
+ };
+ return false;
+ }
+};
+
+void split_eh_frame(FileIR_t* firp, exeio *exeiop)
{
- auto found_err=false;
- //auto eh_frame_splitter=(unique_ptr<split_eh_frame_t>)NULL;
- const auto eh_frame_splitter=split_eh_frame_t::factory(firp);
- eh_frame_splitter->build_ir();
+ if( firp->getArchitecture()->getFileType()==adftPE )
+ {
+ pe_eh_split_t<64>(firp,exeiop).split_pe_file();
- assert(!found_err);
+ }
+ else
+ {
+ split_eh_frame_t::factory(firp)->build_ir();
+ }
}
diff --git a/irdb-libs/ir_builders/split_eh_frame.hpp b/irdb-libs/ir_builders/split_eh_frame.hpp
index 2e1a2b08eb507eb17a802009b8033e6cb31d887f..6dce42d269ecf895459cf4f5cbdc56e2603018a5 100644
--- a/irdb-libs/ir_builders/split_eh_frame.hpp
+++ b/irdb-libs/ir_builders/split_eh_frame.hpp
@@ -46,7 +46,7 @@ class split_eh_frame_impl_t : public split_eh_frame_t
OffsetMap_t offset_to_insn_map;
std::unique_ptr<const EHP::EHFrameParser_t> eh_frame_parser;
- std::shared_ptr<const EHP::FDEVector_t> fdes;
+ const EHP::FDEVector_t* fdes;
bool init_offset_map();
@@ -59,7 +59,7 @@ class split_eh_frame_impl_t : public split_eh_frame_t
(
const EHP::LSDACallSite_t& cs,
IRDB_SDK::Instruction_t* insn,
- /* const std::vector<lsda_type_table_entry_t <ptrsize> > &*/ std::shared_ptr<EHP::TypeTableVector_t> type_table_ptr,
+ /* const std::vector<lsda_type_table_entry_t <ptrsize> > &*/ const EHP::TypeTableVector_t* type_table_ptr,
const uint8_t& tt_encoding
) const;
void lsda_build_ir
diff --git a/irdb-libs/libIRDB-core/include/fileir.hpp b/irdb-libs/libIRDB-core/include/fileir.hpp
index 17b9a9c5fb4d0c753cbbcd1881ac26da57fd8e02..e40378200cf39815e7973cc331e48083a49faf5a 100644
--- a/irdb-libs/libIRDB-core/include/fileir.hpp
+++ b/irdb-libs/libIRDB-core/include/fileir.hpp
@@ -102,7 +102,7 @@ class FileIR_t : public BaseObj_t, virtual public IRDB_SDK::FileIR_t
void splitScoop(IRDB_SDK::DataScoop_t *tosplit, const IRDB_SDK::VirtualOffset_t &addr, size_t size,
IRDB_SDK::DataScoop_t* &before, IRDB_SDK::DataScoop_t* &containing, IRDB_SDK::DataScoop_t* &after, IRDB_SDK::DatabaseID_t *max_id=NULL);
- virtual IRDB_SDK::EhCallSite_t* addEhCallSite_t(IRDB_SDK::Instruction_t* for_insn, const uint64_t enc=0, IRDB_SDK::Instruction_t* lp=nullptr) ;
+ virtual IRDB_SDK::EhCallSite_t* addEhCallSite(IRDB_SDK::Instruction_t* for_insn, const uint64_t enc=0, IRDB_SDK::Instruction_t* lp=nullptr) ;
virtual IRDB_SDK::Relocation_t* addNewRelocation(
IRDB_SDK::BaseObj_t* from_obj,
diff --git a/irdb-libs/libIRDB-core/src/fileir.cpp b/irdb-libs/libIRDB-core/src/fileir.cpp
index e1d3fd15af335622c37f1b68ee956ec5e09ea92a..1921b8886e045239d9365ac71bf76564d8b5a0c4 100644
--- a/irdb-libs/libIRDB-core/src/fileir.cpp
+++ b/irdb-libs/libIRDB-core/src/fileir.cpp
@@ -1841,11 +1841,12 @@ void FileIR_t::splitScoop(
}
-IRDB_SDK::EhCallSite_t* FileIR_t::addEhCallSite_t(IRDB_SDK::Instruction_t* for_insn, const uint64_t enc, IRDB_SDK::Instruction_t* lp)
+IRDB_SDK::EhCallSite_t* FileIR_t::addEhCallSite(IRDB_SDK::Instruction_t* for_insn, const uint64_t enc, IRDB_SDK::Instruction_t* lp)
{
auto new_ehcs = new libIRDB::EhCallSite_t(BaseObj_t::NOT_IN_DATABASE, enc, lp);
GetAllEhCallSites().insert(new_ehcs);
- for_insn->setEhCallSite(new_ehcs);
+ if(for_insn)
+ for_insn->setEhCallSite(new_ehcs);
return new_ehcs;
}
diff --git a/irdb-libs/libehp b/irdb-libs/libehp
index 8543177b213473aeae22bd1c212195dcd1796ad1..173beca81faecfed391fa4c6c881ccf8f49c002c 160000
--- a/irdb-libs/libehp
+++ b/irdb-libs/libehp
@@ -1 +1 @@
-Subproject commit 8543177b213473aeae22bd1c212195dcd1796ad1
+Subproject commit 173beca81faecfed391fa4c6c881ccf8f49c002c
diff --git a/irdb-libs/rida/rida.cpp b/irdb-libs/rida/rida.cpp
index 326eae89987f1e3b8f60574dcc9cbeb97d03c12f..05de9697cdabbf89a17183c5ced4b02a66edc7e6 100644
--- a/irdb-libs/rida/rida.cpp
+++ b/irdb-libs/rida/rida.cpp
@@ -30,7 +30,7 @@ void usage(int argc, char* argv[])
class CreateFunctions_t
{
private:
- shared_ptr<const EHFrameParser_t> ehp;
+ unique_ptr<const EHFrameParser_t> ehp;
using Address_t = uint64_t;
class Range_t : public pair<Address_t,Address_t>
{
@@ -522,7 +522,7 @@ class CreateFunctions_t
const auto &ehprogram=fde->getProgram();
const auto ehprogramInstructions=ehprogram.getInstructions();
- const auto def_cfa_rbp_it = find_if(ALLOF(*ehprogramInstructions), [&](const shared_ptr<EHProgramInstruction_t> insn)
+ const auto def_cfa_rbp_it = find_if(ALLOF(*ehprogramInstructions), [&](const EHProgramInstruction_t* insn)
{
assert(insn);
const auto &insnBytes=insn->getBytes();
diff --git a/irdb-libs/third_party/SConscript.pebliss b/irdb-libs/third_party/SConscript.pebliss
index 50bd5b212df73764031c737a8a21bbff708210ce..40476fc930424b86d7352f152cb486011b8fbd94 100644
--- a/irdb-libs/third_party/SConscript.pebliss
+++ b/irdb-libs/third_party/SConscript.pebliss
@@ -9,46 +9,6 @@ libname="pebliss"
files=Glob( Dir('.').srcnode().abspath+"/pebliss/pe_lib/*.cpp")
-#files= '''
-# entropy.cpp
-# file_version_info.cpp
-# message_table.cpp
-# pe_base.cpp
-# pe_bound_import.cpp
-# pe_checksum.cpp
-# pe_debug.cpp
-# pe_directory.cpp
-# pe_dotnet.cpp
-# pe_exception.cpp
-# pe_exception_directory.cpp
-# pe_exports.cpp
-# pe_factory.cpp
-# pe_imports.cpp
-# pe_load_config.cpp
-# pe_properties.cpp
-# pe_properties_generic.cpp
-# pe_rebuilder.cpp
-# pe_relocations.cpp
-# pe_resource_manager.cpp
-# pe_resource_viewer.cpp
-# pe_resources.cpp
-# pe_rich_data.cpp
-# pe_section.cpp
-# pe_tls.cpp
-# resource_bitmap_reader.cpp
-# resource_bitmap_writer.cpp
-# resource_cursor_icon_reader.cpp
-# resource_cursor_icon_writer.cpp
-# resource_data_info.cpp
-# resource_message_list_reader.cpp
-# resource_string_table_reader.cpp
-# resource_version_info_reader.cpp
-# resource_version_info_writer.cpp
-# utils.cpp
-# version_info_editor.cpp
-# version_info_viewer.cpp
-# '''
-
cpppath='''
$SECURITY_TRANSFORMS_HOME/third_party/pebliss/pe_lib
'''
diff --git a/irdb-sdk b/irdb-sdk
index 1f7395bbff14c7f0b1764bc53860d07122bedb28..def6b85b0854879bd6ed47483f86bfe701b53513 160000
--- a/irdb-sdk
+++ b/irdb-sdk
@@ -1 +1 @@
-Subproject commit 1f7395bbff14c7f0b1764bc53860d07122bedb28
+Subproject commit def6b85b0854879bd6ed47483f86bfe701b53513
diff --git a/zipr b/zipr
index c2386a2ca71e3b761b2ecaf75fcbfd8b869840bb..7dd13a74121ee1c44b6fa35d639b8ff2e3a6a2ae 160000
--- a/zipr
+++ b/zipr
@@ -1 +1 @@
-Subproject commit c2386a2ca71e3b761b2ecaf75fcbfd8b869840bb
+Subproject commit 7dd13a74121ee1c44b6fa35d639b8ff2e3a6a2ae