From 2b3d0f1f0a8c078d787a4be36de95e20c34ce3c5 Mon Sep 17 00:00:00 2001 From: pancake Date: Fri, 15 Jul 2022 14:07:21 +0200 Subject: [PATCH] Handle arm64's BTI instruction as a nop ##analysis (#20452) * Revert "ARM disassembler: don't compute [pc, reg] memory location ##analysis" This reverts commit 97761f8ef0a0787be51711308d206273f0ac8116. --- libr/anal/p/anal_arm_cs.c | 14 +++++++++---- libr/anal/p/anal_arm_v35.c | 7 ++++++- libr/core/cmd_anal.c | 36 ++++++++++++++++----------------- libr/parse/p/parse_arm_pseudo.c | 21 +++++++++---------- shlr/Makefile | 2 +- shlr/meson.build | 2 +- 6 files changed, 45 insertions(+), 37 deletions(-) diff --git a/libr/anal/p/anal_arm_cs.c b/libr/anal/p/anal_arm_cs.c index d8a42e172d..1e3e8139d1 100644 --- a/libr/anal/p/anal_arm_cs.c +++ b/libr/anal/p/anal_arm_cs.c @@ -3004,7 +3004,7 @@ r6,r5,r4,3,sp,[*],12,sp,+= addr &= ~3LL; if (MEMDISP(1) < 0) { const char *pc = "$$"; - if (REGBASE(1) == ARM_REG_PC && !HASMEMINDEX(1)) { + if (REGBASE(1) == ARM_REG_PC) { op->refptr = 4; op->ptr = addr + pcdelta + MEMDISP(1); r_strbuf_appendf (&op->esil, "0x%"PFMT64x",2,2,%s,%d,+,>>,<<,+,0xffffffff,&,[4],0x%x,&,%s,=", @@ -3021,7 +3021,7 @@ r6,r5,r4,3,sp,[*],12,sp,+= } } } else { - if (REGBASE(1) == ARM_REG_PC && !HASMEMINDEX(1)) { + if (REGBASE(1) == ARM_REG_PC) { const char *pc = "$$"; op->refptr = 4; op->ptr = addr + pcdelta + MEMDISP(1); @@ -3426,6 +3426,12 @@ static void anop64(csh handle, RAnalOp *op, cs_insn *insn) { case ARM64_INS_CINC: op->type = R_ANAL_OP_TYPE_CMOV; break; +#if 0 + case ARM64_INS_BTI: + op->type = R_ANAL_OP_TYPE_NOP; + op->family = R_ANAL_OP_FAMILY_SECURITY; + break; +#endif case ARM64_INS_MOV: if (REGID64(0) == ARM64_REG_SP) { op->stackop = R_ANAL_STACK_RESET; @@ -3442,10 +3448,10 @@ static void anop64(csh handle, RAnalOp *op, cs_insn *insn) { case ARM64_INS_SBFX: case ARM64_INS_UBFX: case ARM64_INS_UBFM: + case ARM64_INS_BFI: case ARM64_INS_SBFIZ: case ARM64_INS_UBFIZ: case ARM64_INS_BIC: - case ARM64_INS_BFI: case ARM64_INS_BFXIL: op->type = R_ANAL_OP_TYPE_MOV; if (ISIMM64 (1)) { @@ -4083,7 +4089,7 @@ jmp $$ + 4 + ( [delta] * 2 ) op->stackop = R_ANAL_STACK_GET; op->stackptr = 0; op->ptr = -MEMDISP (1); - } else if (REGBASE (1) == ARM_REG_PC && !HASMEMINDEX (1)) { + } else if (REGBASE(1) == ARM_REG_PC) { op->ptr = (addr & ~3LL) + (thumb? 4: 8) + MEMDISP (1); op->refptr = 4; if (REGID(0) == ARM_REG_PC && insn->detail->arm.cc != ARM_CC_AL) { diff --git a/libr/anal/p/anal_arm_v35.c b/libr/anal/p/anal_arm_v35.c index 7755688b43..62f604cbe8 100644 --- a/libr/anal/p/anal_arm_v35.c +++ b/libr/anal/p/anal_arm_v35.c @@ -935,6 +935,10 @@ static void anop64(RAnal *a, RAnalOp *op, Instruction *insn) { case ARM64_CINC: op->type = R_ANAL_OP_TYPE_CMOV; break; + case ARM64_BTI: + op->type = R_ANAL_OP_TYPE_NOP; + op->family = R_ANAL_OP_FAMILY_SECURITY; + break; case ARM64_MOV: if (REGID64(0) == REG_SP) { op->stackop = R_ANAL_STACK_RESET; @@ -1238,7 +1242,6 @@ static void anop64(RAnal *a, RAnalOp *op, Instruction *insn) { } static int analop_esil(RAnal *a, RAnalOp *op, ut64 addr, const ut8 *buf, int len, Instruction *insn) { - const char *postfix = ""; r_strbuf_init (&op->esil); @@ -1305,6 +1308,8 @@ static int analop_esil(RAnal *a, RAnalOp *op, ut64 addr, const ut8 *buf, int len "8,0x00ff00ff00ff00ff,%s,&,<<,tmp,|=,tmp,%s,=", REG64 (1), REG64 (1), REG64 (0)); break; + case ARM64_BTI: + break; case ARM64_ADR: // TODO: must be 21bit signed r_strbuf_setf (&op->esil, diff --git a/libr/core/cmd_anal.c b/libr/core/cmd_anal.c index 82d64b0fdf..3cb6e99fc1 100644 --- a/libr/core/cmd_anal.c +++ b/libr/core/cmd_anal.c @@ -60,7 +60,7 @@ static const char *help_msg_afna[] = { static const char *help_msg_afu[] = { "Usage:", "afu", "[addr] # resize and analyze function from current address until addr.", - "afu", " 0x100004093", "Resize and analyze function from current address until 0x100004093", + "afu", " 0x100004093", "resize and analyze function from current address until 0x100004093", NULL }; @@ -175,7 +175,7 @@ static const char *help_msg_aa[] = { "aar", "[?] [len]", "analyze len bytes of instructions for references", "aas", " [len]", "analyze symbols (af @@= `isq~[0]`)", "aaS", "", "analyze all flags starting with sym. (af @@ sym.*)", - "aat", " [fcn]", "Analyze all/given function to convert immediate to linked structure offsets (see tl?)", + "aat", " [fcn]", "analyze all/given function to convert immediate to linked structure offsets (see tl?)", "aaT", " [len]", "analyze code after trap-sleds", "aau", " [len]", "list mem areas (larger than len bytes) not covered by functions", "aav", "[?] [sat]", "find values referencing a specific section or map", @@ -756,12 +756,12 @@ static const char *help_msg_ag[] = { static const char *help_msg_age[] = { "Usage:", "age [title1] [title2]", "", "Examples:", "", "", - "age", " title1 title2", "Add an edge from the node with \"title1\" as title to the one with title \"title2\"", - "age", " \"title1 with spaces\" title2", "Add an edge from node \"title1 with spaces\" to node \"title2\"", - "age-", " title1 title2", "Remove an edge from the node with \"title1\" as title to the one with title \"title2\"", - "ageh", "", "List all the highlighted edges", - "ageh", " nodeA nodeB", "Highlight edge between nodeA and nodeB", - "ageh-", " nodeA nodeB", "Highlight edge between nodeA and nodeB", + "age", " title1 title2", "add an edge from the node with \"title1\" as title to the one with title \"title2\"", + "age", " \"title1 with spaces\" title2", "add an edge from node \"title1 with spaces\" to node \"title2\"", + "age-", " title1 title2", "remove an edge from the node with \"title1\" as title to the one with title \"title2\"", + "ageh", "", "list all the highlighted edges", + "ageh", " nodeA nodeB", "highlight edge between nodeA and nodeB", + "ageh-", " nodeA nodeB", "highlight edge between nodeA and nodeB", "age?", "", "show this help", NULL }; @@ -778,7 +778,7 @@ static const char *help_msg_agn[] = { }; static const char *help_msg_ah[] = { - "Usage:", "ah[lba-]", "Analysis Hints", + "Usage:", "ah[lba-]", "analysis Hints", "ah?", "", "show this help", "ah?", " offset", "show hint of given offset", "ah", "", "list hints in human-readable format", @@ -802,7 +802,7 @@ static const char *help_msg_ah[] = { "ahr", " val", "set hint for return value of a function", "ahs", " 4", "set opcode size=4", "ahS", " jz", "set asm.syntax=jz for this opcode", - "aht", "[s][?] ", "Mark immediate as a type offset (deprecated, moved to \"aho\")", + "aht", "[s][?] ", "mark immediate as a type offset (deprecated, moved to \"aho\")", "ahv", " val", "change opcode's val field (useful to set jmptbl sizes in jmp rax)", NULL }; @@ -848,7 +848,7 @@ static const char *help_msg_ahi[] = { }; static const char *help_msg_aht[] = { - "Usage:", "aht[s] [addr|type]", "Mark immediate as type offset (moved to aho)", + "Usage:", "aht[s] [addr|type]", "mark immediate as type offset (moved to aho)", "ahts", " ", "list all matching structure offsets", "aht", " ", "change immediate to structure offset", "aht?", "", "show this help", @@ -863,7 +863,7 @@ static const char *help_msg_aot[] = { }; static const char *help_msg_aom[] = { - "Usage:", "aom[ljd] [arg]", "List opcode mnemonics", + "Usage:", "aom[ljd] [arg]", "list opcode mnemonics", "aom", "", "show instruction mnemonic", "aom.", "", "show instruction mnemonic in current address", "aoml", "", "list all mnemonics", @@ -873,7 +873,7 @@ static const char *help_msg_aom[] = { }; static const char *help_msg_ao[] = { - "Usage:", "ao[e?] [len]", "Analyze Opcodes", + "Usage:", "ao[e?] [len]", "analyze Opcodes", "ao", " 5", "display opcode analysis of 5 opcodes", "ao*", "", "display opcode in r commands", "aoc", " [cycles]", "analyze which op could be executed in [cycles]", @@ -925,7 +925,7 @@ static const char *help_msg_ar[] = { }; static const char *help_msg_ara[] = { - "Usage:", "ara[+-s]", "Register Arena Push/Pop/Swap", + "Usage:", "ara[+-s]", "register Arena Push/Pop/Swap", "ara", "", "show all register arenas allocated", "ara", "+", "push a new register arena for each type", "ara", "-", "pop last register arena", @@ -935,7 +935,7 @@ static const char *help_msg_ara[] = { static const char *help_msg_arw[] = { "Usage:", "arw ", "# Set contents of the register arena", - "arw", " ", "Set contents of the register arena", + "arw", " ", "set contents of the register arena", NULL }; @@ -5360,9 +5360,9 @@ void cmd_anal_reg(RCore *core, const char *str) { // TODO #7967 help refactor: dup from drp const char *help_msg[] = { "Usage:", "drs", " # Register states commands", - "drs", "", "List register stack", - "drs+", "", "Push register state", - "drs-", "", "Pop register state", + "drs", "", "list register stack", + "drs+", "", "push register state", + "drs-", "", "pop register state", NULL }; r_core_cmd_help (core, help_msg); } break; diff --git a/libr/parse/p/parse_arm_pseudo.c b/libr/parse/p/parse_arm_pseudo.c index 6ddbcc153a..68ef1c0d90 100644 --- a/libr/parse/p/parse_arm_pseudo.c +++ b/libr/parse/p/parse_arm_pseudo.c @@ -360,19 +360,16 @@ static bool subvar(RParse *p, RAnalFunction *f, ut64 addr, int oplen, char *data if (!ripend) { ripend = "]"; } - char * maybe_num = neg? neg+1 : rip; - if (r_is_valid_input_num_value (NULL, maybe_num)) { - if (neg) { - repl_num -= r_num_get (NULL, maybe_num); - } else { - repl_num += r_num_get (NULL, maybe_num); - } - rip -= 3; - *rip = 0; - tstr_new = r_str_newf ("%s0x%08"PFMT64x"%s", tstr, repl_num, ripend); - free (tstr); - tstr = tstr_new; + if (neg) { + repl_num -= r_num_get (NULL, neg + 1); + } else { + repl_num += r_num_get (NULL, rip); } + rip -= 3; + *rip = 0; + tstr_new = r_str_newf ("%s0x%08"PFMT64x"%s", tstr, repl_num, ripend); + free (tstr); + tstr = tstr_new; } } diff --git a/shlr/Makefile b/shlr/Makefile index af6bb25f5a..e9e0f3d900 100644 --- a/shlr/Makefile +++ b/shlr/Makefile @@ -39,7 +39,7 @@ ifeq ($(USE_CS4),1) CS_TIP=a7cac8352f7397aa73bb2e2dcc1b6cdb2e1b8461 CS_BRA=v4 else -CS_TIP=6a6985142d15e7fe58e48b1b8c8e5753f1aaf43b +CS_TIP=ba0bcda5c5ed59a06c7566fbb9f37d827b8d3e06 CS_BRA=next endif ifeq ($(CS_COMMIT_ARCHIVE),1) diff --git a/shlr/meson.build b/shlr/meson.build index 2ae183f4c9..ecb59d5cf6 100644 --- a/shlr/meson.build +++ b/shlr/meson.build @@ -19,7 +19,7 @@ if not capstone_dep.found() or not get_option('use_sys_capstone') patches_files = [] # NOTE: when you update CS_TIP or CS_BRA, also update them in shlr/Makefile if capstone_version == 'v5' - CS_TIP = '6a6985142d15e7fe58e48b1b8c8e5753f1aaf43b' + CS_TIP = 'ba0bcda5c5ed59a06c7566fbb9f37d827b8d3e06' CS_BRA = 'next' patches_files = [ 'fix-x86-16.patch',