The dynsym section is parsed by objdump/grep.  It's terrible and
needs to be implemented in C++ to reduce dependence on external tools
knowing what they are doing.

In this case, the terrible pattern matching with grep caused a symbol
defined in the binary to be missed, because `grep -v UND` was used
to determine whether a symbol "mattered".  1) symbol names might have
UND and get eliminated accidentally, but 2) (what really happened)
was that the symbol was defined in a section without a "link" field
in the dynsym section, thus objdump displayed the section name as UND
and thus the code skipped the symbol.  Don't use objdump to parse ELF
files!

Rida: Parsing of .plt.sec section added for x86/64 ubuntu 20 needed to be
updated to support x86/32 in ubuntu 20.

Fix-calls: Thunk checks aged poorly.  Revived/fixed some of them.

Shared libs need a reloc for a code pointer to live in rodata.
I found in ffmpeg that many spurious pins were occuring because constant
(particularly with relatively small values) data looked like code poitners
(because the code's load point is address 0 in a shared library).

To avoid these spuriosu pins, I extended the code pin algorithm
to check isDLL() (which includes shared objects) and for a reloc
before attempting to pin in the rodata.

A perf. optimization verifies that it _might_ result in a pin
before checking for a reloc, as checking for a reloc can be slow,
while checking for a possible pin location is fast.

Table size min was set to <=4 items, but readelf on ubuntu20
had a switch table with exactly 4 elements.  This caused
FII to miss the table size and subsequently include _many_ extra IBTs.
Ultimately, Zipr failed by trying to 68-sled an entire function due to
FII's failure.

Starting in new(er) versions of Ubuntu distros, PLT entries use
the bnd prefix to make sure that jump targets are in bounds. This
patch adds conditional support for those PLT styles.

Daniel Chen authored 4 years ago and Jason Hiser committed 4 years ago

which includes an interface for multi-line assembly where it can fill
in template parameters automatically for the caller.  See
irdb-cookbook/init_stack.

Daniel Chen authored 4 years ago and Jason Hiser committed 4 years ago

The old method involved writing assembly to a file, asking an external assembler to do the conversion, then processing the binary file to read the binary instructions back out.  This method is slow and relies on nasm, which isn't available on all machines or for the full variety of supported architectures.  The replacement is keystone, a 3rd party library that is linked to provide assembly->binary conversion.