bool is_trivial_nop(const Vinstr& inst) {
return
(inst.op == Vinstr::copy && is_nop(inst.copy_)) ||
(inst.op == Vinstr::copy2 && is_nop(inst.copy2_)) ||
(inst.op == Vinstr::lea && is_nop(inst.lea_)) ||
inst.op == Vinstr::nop;
}
static GeglRectangle
get_required_for_output (GeglOperation *operation,
const gchar *input_pad,
const GeglRectangle *roi)
{
GeglRectangle result = *roi;
if (! is_nop (operation))
{
GeglProperties *o = GEGL_PROPERTIES (operation);
GeglRectangle *in_rect = gegl_operation_source_get_bounding_box (operation, "input");
if (in_rect)
{
switch (o->mode)
{
case GEGL_SPHERIZE_MODE_RADIAL:
result = *in_rect;
break;
case GEGL_SPHERIZE_MODE_HORIZONTAL:
result.x = in_rect->x;
result.width = in_rect->width;
break;
case GEGL_SPHERIZE_MODE_VERTICAL:
result.y = in_rect->y;
result.height = in_rect->height;
break;
}
}
}
return result;
}
// Relocation for conditional branches
inline bool MacroAssembler::is_bc_far_variant3_at(address instruction_addr) {
// Variant 3, far cond branch to the next instruction, already patched to nops:
//
// nop
// endgroup
// SKIP/DEST:
//
const int instruction_1 = *(int*)(instruction_addr);
const int instruction_2 = *(int*)(instruction_addr + 4);
return is_nop(instruction_1) &&
is_endgroup(instruction_2);
}
static gboolean
parent_process (GeglOperation *operation,
GeglOperationContext *context,
const gchar *output_prop,
const GeglRectangle *result,
gint level)
{
if (is_nop (operation))
{
GObject *input;
input = gegl_operation_context_get_object (context, "input");
gegl_operation_context_set_object (context, "output", input);
return TRUE;
}
return GEGL_OPERATION_CLASS (gegl_op_parent_class)->process (operation,
context,
output_prop,
result, level);
}
//------------------------------------------------------------------------------
// Name: do_find
// Desc:
//------------------------------------------------------------------------------
void DialogROPTool::do_find() {
const QItemSelectionModel *const selModel = ui->tableView->selectionModel();
const QModelIndexList sel = selModel->selectedRows();
if(sel.size() == 0) {
QMessageBox::critical(
this,
tr("No Region Selected"),
tr("You must select a region which is to be scanned for gadgets."));
} else {
unique_results_.clear();
if(IProcess *process = edb::v1::debugger_core->process()) {
for(const QModelIndex &selected_item: sel) {
const QModelIndex index = filter_model_->mapToSource(selected_item);
if(auto region = *reinterpret_cast<const IRegion::pointer *>(index.internalPointer())) {
edb::address_t start_address = region->start();
const edb::address_t end_address = region->end();
const edb::address_t orig_start = start_address;
ByteShiftArray bsa(32);
while(start_address < end_address) {
// read in the next byte
quint8 byte;
if(process->read_bytes(start_address, &byte, 1)) {
bsa << byte;
const quint8 *p = bsa.data();
const quint8 *const l = p + bsa.size();
edb::address_t rva = start_address - bsa.size() + 1;
QList<edb::Instruction> instruction_list;
// eat up any NOPs in front...
Q_FOREVER {
edb::Instruction inst(p, l, rva);
if(!is_nop(inst)) {
break;
}
instruction_list << inst;
p += inst.size();
rva += inst.size();
}
edb::Instruction inst1(p, l, rva);
if(inst1) {
instruction_list << inst1;
if(inst1.operation() == edb::Instruction::Operation::X86_INS_INT && inst1.operands()[0].general_type() == edb::Operand::TYPE_IMMEDIATE && (inst1.operands()[0].immediate() & 0xff) == 0x80) {
add_gadget(instruction_list);
} else if(inst1.operation() == edb::Instruction::Operation::X86_INS_SYSENTER) {
add_gadget(instruction_list);
} else if(inst1.operation() == edb::Instruction::Operation::X86_INS_SYSCALL) {
add_gadget(instruction_list);
} else if(is_ret(inst1)) {
ui->progressBar->setValue(util::percentage(start_address - orig_start, region->size()));
++start_address;
continue;
} else {
p += inst1.size();
rva += inst1.size();
// eat up any NOPs in between...
Q_FOREVER {
edb::Instruction inst(p, l, rva);
if(!is_nop(inst)) {
break;
}
instruction_list << inst;
p += inst.size();
rva += inst.size();
}
edb::Instruction inst2(p, l, rva);
if(is_ret(inst2)) {
instruction_list << inst2;
add_gadget(instruction_list);
} else if(inst2 && inst2.operation() == edb::Instruction::Operation::X86_INS_POP) {
instruction_list << inst2;
p += inst2.size();
rva += inst2.size();
edb::Instruction inst3(p, l, rva);
if(inst3 && inst3.operation() == edb::Instruction::Operation::X86_INS_JMP) {
instruction_list << inst3;
if(inst2.operand_count() == 1 && inst2.operands()[0].general_type() == edb::Operand::TYPE_REGISTER) {
if(inst3.operand_count() == 1 && inst3.operands()[0].general_type() == edb::Operand::TYPE_REGISTER) {
if(inst2.operands()[0].reg() == inst3.operands()[0].reg()) {
add_gadget(instruction_list);
}
}
}
}
}
}
// TODO(eteran): catch things like "add rsp, 8; jmp [rsp - 8]" and similar, it's rare,
// but could happen
}
}
ui->progressBar->setValue(util::percentage(start_address - orig_start, region->size()));
++start_address;
}
}
}
}
}
