// afvn local_48 counter
R_API int r_anal_var_rename (RAnal *a, ut64 var_addr, int scope, char kind, const char *old_name, const char *new_name) {
char key[128];
char *stored_name;
int delta;
if (!r_anal_var_check_name (new_name))
return 0;
if (scope>0) { // local
SETKEY ("var.0x%"PFMT64x".%c.%d.%s", var_addr, kind, scope, old_name);
delta = sdb_num_get (DB, key, 0);
if (!delta) return 0;
sdb_unset (DB, key, 0);
SETKEY ("var.0x%"PFMT64x".%c.%d.%s", var_addr, kind, scope, new_name);
sdb_num_set (DB, key, delta, 0);
SETKEY ("var.0x%"PFMT64x".%c.%d.%d", var_addr, kind, scope, delta);
sdb_array_set (DB, key, R_ANAL_VAR_SDB_NAME, new_name, 0);
} else { // global
SETKEY ("var.0x%"PFMT64x, var_addr);
stored_name = sdb_array_get (DB, key, R_ANAL_VAR_SDB_NAME, 0);
if (!stored_name) return 0;
if (stored_name != old_name) return 0;
sdb_unset (DB, key, 0);
SETKEY ("var.0x%"PFMT64x, var_addr);
sdb_array_set (DB, key, R_ANAL_VAR_SDB_NAME, new_name, 0);
}
// var.sdb_hash(old_name)=var_addr.scope.delta
return 1;
}
R_API void r_anal_type_match(RCore *core, RAnalFunction *fcn) {
bool esil_var[STATES_SIZE] = {false};
if (!core ) {
return;
}
if (!r_anal_emul_init (core, esil_var) || !fcn ) {
r_anal_emul_restore (core, esil_var);
return;
}
const char *pc = r_reg_get_name (core->anal->reg, R_REG_NAME_PC);
ut64 addr = fcn->addr;
r_reg_setv (core->dbg->reg, pc, fcn->addr);
r_debug_reg_sync (core->dbg, -1, true);
r_cons_break (NULL, NULL);
while (!r_cons_is_breaked ()) {
RAnalOp *op = r_core_anal_op (core, addr);
int loop_count = sdb_num_get ( core->anal->esil->db_trace, sdb_fmt (-1, "0x%"PFMT64x".count", addr), 0);
if (loop_count > LOOP_MAX) {
eprintf ("Unfortunately your evilly engineered %s function trapped my most innocent `aftm` in an infinite loop.\n", fcn->name);
eprintf ("I kept trace log for you to review and find out how bad things were going to happen by yourself.\n");
eprintf ("You can view this log by `ate`. Meanwhile, I will train on how to behave with such behaviour without bothering you.\n");
return;
}
sdb_num_set (core->anal->esil->db_trace, sdb_fmt (-1, "0x%"PFMT64x".count", addr), loop_count + 1, 0);
if (!op || op->type == R_ANAL_OP_TYPE_RET) {
r_anal_emul_restore (core, esil_var);
return;
}
if (op->type == R_ANAL_OP_TYPE_CALL) {
RAnalFunction *fcn_call = r_anal_get_fcn_in (core->anal, op->jump, -1);
//eprintf ("in the middle of %s\n", fcn_call->name);
if (fcn_call) {
type_match (core, addr, fcn_call->name);
} else {
eprintf ("Cannot find function at 0x%08"PFMT64x"\n", op->jump);
}
addr += op->size;
r_anal_op_free (op);
r_reg_setv (core->dbg->reg, pc, addr);
r_debug_reg_sync (core->dbg, -1, true);
r_anal_esil_set_pc (core->anal->esil, addr);
addr += stack_clean (core, addr, fcn);
r_reg_setv (core->dbg->reg, pc, addr);
r_debug_reg_sync (core->dbg, -1, true);
r_anal_esil_set_pc (core->anal->esil, addr);
continue;
} else {
r_core_esil_step (core, UT64_MAX, NULL);
r_anal_op_free (op);
}
r_core_cmd0 (core, ".ar*");
addr = r_reg_getv (core->anal->reg, pc);
}
r_cons_break_end ();
r_anal_emul_restore (core, esil_var);
}
R_API int r_meta_del(RAnal *a, int type, ut64 addr, ut64 size, const char *str) {
char key[100], *dtr, *s, *p, *next;
#if 0
char key2[100];
#endif
const char *ptr;
int i;
if (size == UT64_MAX) {
// FULL CLEANUP
// XXX: this thing ignores the type
if (type == R_META_TYPE_ANY) {
sdb_reset (DB);
} else {
snprintf (key, sizeof (key)-1, "meta.%c.count", type);
int last = (ut64)sdb_num_get (DB, key, NULL)/K;
for (i=0; i<last; i++) {
snprintf (key, sizeof (key)-1, "meta.%c.%d", type, i);
dtr = sdb_get (DB, key, 0);
for (p = dtr; p; p = next) {
s = sdb_anext (p, &next);
snprintf (key, sizeof (key)-1,
"meta.%c.0x%"PFMT64x,
type, sdb_atoi (s));
eprintf ("--> %s\n", key);
sdb_unset (DB, key, 0);
if (!next) break;
}
free (dtr);
}
}
return false;
}
meta_inrange_del (a, addr, size);
snprintf (key, sizeof (key)-1, type == R_META_TYPE_COMMENT ?
"meta.C.0x%"PFMT64x : "meta.0x%"PFMT64x, addr);
ptr = sdb_const_get (DB, key, 0);
if (ptr) {
sdb_unset (DB, key, 0);
#if 0
// This code is wrong, but i guess it's necessary in case type is ANY
for (i=0; ptr[i]; i++) {
if (ptr[i] != SDB_RS) {
snprintf (key2, sizeof (key2)-1,
"meta.%c.0x%"PFMT64x, ptr[i], addr);
printf ("UNSET (%s)\n", key2);
sdb_unset (DB, key2, 0);
}
}
#endif
}
sdb_unset (DB, key, 0);
return false;
}
R_API int r_debug_signal_resolve(RDebug *dbg, const char *signame) {
int ret;
char *name;
if (strchr (signame, '.'))
return 0;
name = strdup (signame);
r_str_case (name, R_TRUE);
if (strncmp (name, "SIG", 3))
name = r_str_prefix (name, "SIG");
ret = (int)sdb_num_get (DB, name, 0);
free (name);
return ret;
}
static ut64 getFunctionSize(Sdb *db) {
#if 1
ut64 min = sdb_num_get (db, Fmin (addr), NULL);
ut64 max = sdb_num_get (db, Fmax (addr), NULL);
#else
ut64 min, max;
char *c, *bbs = sdb_get (db, "bbs", NULL);
int first = 1;
sdb_aforeach (c, bbs) {
ut64 addr = sdb_atoi (c);
ut64 addr_end = sdb_num_get (db, Fbb(addr), NULL);
if (first) {
min = addr;
max = addr_end;
first = 0;
} else {
if (addr<min)
min = addr;
if (addr_end>max)
max = addr_end;
}
sdb_aforeach_next (c);
}
void addTarget(RCore *core, RStack *stack, Sdb *db, ut64 addr) {
if (!sdb_num_get (db, Fhandled(addr), NULL)) {
ut64* value = (ut64*) malloc (1 * sizeof(ut64));
if (!value) {
eprintf ("Failed to allocate memory for address stack\n");
return;
}
*value = addr;
if (!r_stack_push (stack, (void*)value)) {
eprintf ("Failed to push address on stack\n");
free (value);
return;
}
sdb_num_set (db, Fhandled(addr), 1, 0);
}
}
static void set_fcn_args_info(RAnalFuncArg *arg, RAnal *anal, const char *fcn_name, const char *cc, int arg_num) {
if (!fcn_name || !arg || !anal) {
return;
}
Sdb *TDB = anal->sdb_types;
arg->name = r_type_func_args_name (TDB, fcn_name, arg_num);
arg->orig_c_type = r_type_func_args_type (TDB, fcn_name, arg_num);
if (!strncmp ("const ", arg->orig_c_type, 6)) {
arg->c_type = arg->orig_c_type + 6;
} else {
arg->c_type = arg->orig_c_type;
}
const char *query = sdb_fmt ("type.%s", arg->c_type);
arg->fmt = sdb_const_get (TDB, query, 0);
const char *t_query = sdb_fmt ("type.%s.size", arg->c_type);
arg->size = sdb_num_get (TDB, t_query, 0) / 8;
arg->cc_source = r_anal_cc_arg (anal, cc, arg_num + 1);
}
static int bbAdd (Sdb *db, ut64 from, ut64 to, ut64 jump, ut64 fail) {
ut64 addr_end, addr = sdb_array_get_closer_num (db, "bbs", from);
int add = 1;
if (addr == UT64_MAX) {
// add = 1;
} else if (addr == from) {
// check if size is the same,
eprintf ("basic block already analyzed\n");
add = 0;
} else {
/*
from = start address of new basic block
to = end address of new basic block
jump = destination basic block
fail = fallback jump of basic block
addr = previous closer basic block start address
addr_end = previous closer basic block start address
*/
addr_end = sdb_num_get (db, Fbb(addr), NULL);
if (addr_end) {
if (from >= addr && from < addr_end) {
eprintf ("OVERLAPS MUST SPLIT\n");
/* reduce current basic block to from */
eprintf ("Shrink basic block 0x%08"PFMT64x" to %d\n", addr, (int)(from-addr));
sdb_num_set (db, Fbb(addr), addr + from-addr, 0);
sdb_num_set (db, FbbTo(addr), from, 0);
//to = addr_end; // ???
}
}
}
if (add) {
sdb_array_add_num (db, "bbs", from, 0);
sdb_num_set (db, Fbb(from), to, 0);
if (jump != UT64_MAX)
sdb_array_set_num (db, FbbTo(from), 0, jump, 0);
if (fail != UT64_MAX)
sdb_array_set_num (db, FbbTo(from), 1, fail, 0);
sdb_num_min (db, "min", from, 0);
sdb_num_max (db, "max", to, 0);
}
return 0;
}
static ut64 getFunctionSize(Sdb *db) {
ut64 min = UT64_MAX, max = 0;
char *c, *bbs = sdb_get (db, "bbs", NULL);
bool first = true;
sdb_aforeach (c, bbs) {
ut64 addr = sdb_atoi (c);
ut64 addr_end = sdb_num_get (db, Fbb (addr), NULL);
if (first) {
min = addr;
max = addr_end;
first = false;
} else {
if (addr < min) {
min = addr;
}
if (addr_end > max) {
max = addr_end;
}
}
sdb_aforeach_next (c);
}
static int siglistcb (void *p, const char *k, const char *v) {
static char key[32] = "cfg.";
RDebug *dbg = (RDebug *)p;
int mode = dbg->_mode;
int opt;
if (atoi (k)>0) {
strcpy (key+4, k);
opt = sdb_num_get (DB, key, 0);
if (opt) {
r_cons_printf ("%s %s", k, v);
if (opt & R_DBG_SIGNAL_CONT)
r_cons_strcat (" cont");
if (opt & R_DBG_SIGNAL_SKIP)
r_cons_strcat (" skip");
r_cons_newline ();
} else {
if (mode == 0)
r_cons_printf ("%s %s\n", k, v);
}
}
return 1;
}
static ut64 getCrossingBlock(Sdb *db, const char *key, ut64 start, ut64 end) {
ut64 block_start, block_end;
ut64 nearest_start = UT64_MAX;
const char *s = sdb_const_get (db, key, NULL);
const char *next = NULL;
const char *ptr = NULL;
if (!s) {
return UT64_MAX;
}
ptr = s;
do {
const char *str = sdb_const_anext (ptr, &next);
block_start = sdb_atoi (str);
if (start == block_start) { // case 5
return start;
}
block_end = sdb_num_get (db, Fbb(block_start), NULL);
if (block_end) {
if (start > block_start && start < block_end) { // case 2
// start is inside the block
return block_start;
}
if (start < block_start && end >= block_end) {
// crossing the start of the block
if (nearest_start > block_start) {
nearest_start = block_start;
}
}
}
ptr = next;
} while (next);
return nearest_start;
}
static int siglistjsoncb (void *p, const char *k, const char *v) {
static char key[32] = "cfg.";
RDebug *dbg = (RDebug *)p;
int opt;
if (atoi (k)>0) {
strcpy (key+4, k);
opt = (int)sdb_num_get (DB, key, 0);
if (dbg->_mode == 2) {
dbg->_mode = 0;
} else r_cons_strcat (",");
r_cons_printf ("{\"signum\":\"%s\",\"name\":\"%s\","
"\"option\":", k, v);
if (opt & R_DBG_SIGNAL_CONT) {
r_cons_strcat ("\"cont\"");
} else if (opt & R_DBG_SIGNAL_SKIP) {
r_cons_strcat ("\"skip\"");
} else {
r_cons_strcat ("null");
}
r_cons_strcat ("}");
}
return true;
}
R_API int r_core_pseudo_code(RCore *core, const char *input) {
Sdb *db;
ut64 queuegoto = 0LL;
const char *blocktype = "else";
RAnalFunction *fcn = r_anal_get_fcn_in (core->anal, core->offset, R_ANAL_FCN_TYPE_NULL);
RConfigHold *hc = r_config_hold_new (core->config);
if (!hc) {
return false;
}
r_config_save_num (hc, "asm.pseudo", "asm.decode", "asm.lines", "asm.bytes", NULL);
r_config_save_num (hc, "asm.offset", "asm.flags", "asm.fcnlines", "asm.comments", NULL);
r_config_save_num (hc, "asm.functions", "asm.section", "asm.cmtcol", "asm.filter", NULL);
r_config_save_num (hc, "scr.color", "asm.emustr", "asm.emu", "asm.emuwrite", NULL);
if (!fcn) {
eprintf ("Cannot find function in 0x%08"PFMT64x"\n", core->offset);
r_config_hold_free (hc);
return false;
}
r_config_set_i (core->config, "scr.color", 0);
r_config_set_i (core->config, "asm.pseudo", 1);
r_config_set_i (core->config, "asm.decode", 0);
r_config_set_i (core->config, "asm.filter", 1);
r_config_set_i (core->config, "asm.lines", 0);
r_config_set_i (core->config, "asm.bytes", 0);
r_config_set_i (core->config, "asm.offset", 0);
r_config_set_i (core->config, "asm.flags", 0);
r_config_set_i (core->config, "asm.emu", 1);
r_config_set_i (core->config, "asm.emustr", 1);
r_config_set_i (core->config, "asm.emuwrite", 1);
r_config_set_i (core->config, "asm.fcnlines", 0);
r_config_set_i (core->config, "asm.comments", 1);
r_config_set_i (core->config, "asm.functions", 0);
r_config_set_i (core->config, "asm.tabs", 0);
r_config_set_i (core->config, "asm.section", 0);
r_config_set_i (core->config, "asm.cmtcol", 30);
r_core_cmd0 (core, "aeim");
db = sdb_new0 ();
/* */
// walk all basic blocks
// define depth level for each block
// use it for indentation
// asm.pseudo=true
// asm.decode=true
RAnalBlock *bb = r_list_first (fcn->bbs);
char indentstr[1024];
int n_bb = r_list_length (fcn->bbs);
r_cons_printf ("function %s () {", fcn->name);
int indent = 1;
int nindent = 1;
do {
#define I_TAB 4
#define K_MARK(x) sdb_fmt(0,"mark.%"PFMT64x,x)
#define K_ELSE(x) sdb_fmt(0,"else.%"PFMT64x,x)
#define K_INDENT(x) sdb_fmt(0,"loc.%"PFMT64x,x)
#define SET_INDENT(x) { memset (indentstr, ' ', x*I_TAB); indentstr [(x*I_TAB)-2] = 0; }
if (!bb) break;
r_cons_push ();
char *code = r_core_cmd_str (core, sdb_fmt (0, "pD %d @ 0x%08"PFMT64x"\n", bb->size, bb->addr));
r_cons_pop ();
memset (indentstr, ' ', indent * I_TAB);
indentstr [(indent * I_TAB) - 2] = 0;
code = r_str_prefix_all (code, indentstr);
int len = strlen (code);
code[len - 1] = 0; // chop last newline
//r_cons_printf ("\n%s loc_0x%llx:\n", indentstr, bb->addr);
//if (nindent != indent) {
// r_cons_printf ("\n%s loc_0x%llx:\n", indentstr, bb->addr);
//}
find_and_change (code, len);
if (!sdb_const_get (db, K_MARK (bb->addr), 0)) {
bool mustprint = !queuegoto || queuegoto != bb->addr;
if (mustprint) {
if (queuegoto) {
r_cons_printf ("\n%s goto loc_0x%llx", indentstr, queuegoto);
queuegoto = 0LL;
}
r_cons_printf ("\n%s loc_0x%llx:\n", indentstr, bb->addr);
indentstr[(indent * I_TAB) - 2] = 0;
r_cons_printf ("\n%s", code);
free (code);
sdb_num_set (db, K_MARK (bb->addr), 1, 0);
}
}
if (sdb_const_get (db, K_INDENT (bb->addr), 0)) {
// already analyzed, go pop and continue
// XXX check if cant pop
//eprintf ("%s// 0x%08llx already analyzed\n", indentstr, bb->addr);
ut64 addr = sdb_array_pop_num (db, "indent", NULL);
if (addr == UT64_MAX) {
int i;
nindent = 1;
for (i = indent; i != nindent; i--) {
SET_INDENT (i);
r_cons_printf ("\n%s}", indentstr);
}
r_cons_printf ("\n%sreturn;\n", indentstr);
break;
}
if (sdb_num_get (db, K_ELSE (bb->addr), 0)) {
if (!strcmp (blocktype, "else")) {
r_cons_printf ("\n%s } %s {", indentstr, blocktype);
} else {
r_cons_printf ("\n%s } %s (?);", indentstr, blocktype);
}
} else {
r_cons_printf ("\n%s}", indentstr);
}
if (addr != bb->addr) {
queuegoto = addr;
//r_cons_printf ("\n%s goto loc_0x%llx", indentstr, addr);
}
bb = r_anal_bb_from_offset (core->anal, addr);
if (!bb) {
eprintf ("failed block\n");
break;
}
//eprintf ("next is %llx\n", addr);
nindent = sdb_num_get (db, K_INDENT (addr), NULL);
if (indent > nindent && !strcmp (blocktype, "else")) {
int i;
for (i = indent; i != nindent; i--) {
SET_INDENT (i);
r_cons_printf ("\n%s }", indentstr);
}
}
indent = nindent;
} else {
sdb_set (db, K_INDENT (bb->addr), "passed", 0);
if (bb->jump != UT64_MAX) {
int swap = 1;
// TODO: determine which branch take first
ut64 jump = swap ? bb->jump : bb->fail;
ut64 fail = swap ? bb->fail : bb->jump;
// if its from another function chop it!
RAnalFunction *curfcn = r_anal_get_fcn_in (core->anal, jump, R_ANAL_FCN_TYPE_NULL);
if (curfcn != fcn) {
// chop that branch
r_cons_printf ("\n // chop\n");
break;
}
if (sdb_get (db, K_INDENT (jump), 0)) {
// already tracekd
if (!sdb_get (db, K_INDENT (fail), 0)) {
bb = r_anal_bb_from_offset (core->anal, fail);
}
} else {
bb = r_anal_bb_from_offset (core->anal, jump);
if (!bb) {
eprintf ("failed to retrieve blcok at 0x%"PFMT64x"\n", jump);
break;
}
if (fail != UT64_MAX) {
// do not push if already pushed
indent++;
if (sdb_get (db, K_INDENT (bb->fail), 0)) {
/* do nothing here */
eprintf ("BlockAlready 0x%"PFMT64x"\n", bb->addr);
} else {
// r_cons_printf (" { RADICAL %llx\n", bb->addr);
sdb_array_push_num (db, "indent", fail, 0);
sdb_num_set (db, K_INDENT (fail), indent, 0);
sdb_num_set (db, K_ELSE (fail), 1, 0);
SET_INDENT (indent);
r_cons_printf ("\n%s {", indentstr);
}
} else {
r_cons_printf ("\n%s do", indentstr);
sdb_array_push_num (db, "indent", jump, 0);
sdb_num_set (db, K_INDENT (jump), indent, 0);
sdb_num_set (db, K_ELSE (jump), 1, 0);
if (jump <= bb->addr) {
blocktype = "while";
} else {
blocktype = "else";
}
r_cons_printf ("\n%s {", indentstr);
indent++;
}
}
} else {
ut64 addr = sdb_array_pop_num (db, "indent", NULL);
if (addr == UT64_MAX) {
//r_cons_printf ("\nbreak\n");
break;
}
bb = r_anal_bb_from_offset (core->anal, addr);
nindent = sdb_num_get (db, K_INDENT (addr), NULL);
if (indent > nindent) {
int i;
for (i = indent; i != nindent; i--) {
SET_INDENT (i);
r_cons_printf ("\n%s}", indentstr);
}
}
if (nindent != indent) {
r_cons_printf ("\n%s} else {\n", indentstr);
}
indent = nindent;
}
}
//n_bb --;
} while (n_bb > 0);
r_cons_printf ("\n}\n");
r_config_restore (hc);
r_config_hold_free (hc);
sdb_free (db);
return true;
}
R_API ut64 r_anal_fcn_label_get (RAnal *anal, RAnalFunction *fcn, const char *name) {
if (!anal || !fcn)
return UT64_MAX;
return sdb_num_get (DB, LABEL(name), NULL);
}
R_API int r_type_get_bitsize(Sdb *TDB, const char *type) {
char *query;
/* Filter out the structure keyword if type looks like "struct mystruc" */
const char *tmptype;
if (!strncmp (type, "struct ", 7)) {
tmptype = type + 7;
} else {
tmptype = type;
}
if ((strstr (type, "*(") || strstr (type, " *")) &&
strncmp (type, "char *", 7)) {
return 32;
}
const char *t = sdb_const_get (TDB, tmptype, 0);
if (!t) {
if (!strncmp (tmptype, "enum ", 5)) {
//XXX: Need a proper way to determine size of enum
return 32;
}
return 0;
}
if (!strcmp (t, "type")){
query = sdb_fmt ("type.%s.size", tmptype);
return sdb_num_get (TDB, query, 0); // returns size in bits
}
if (!strcmp (t, "struct")) {
query = sdb_fmt ("struct.%s", tmptype);
char *members = sdb_get (TDB, query, 0);
char *next, *ptr = members;
int ret = 0;
if (members) {
do {
char *name = sdb_anext (ptr, &next);
if (!name) {
break;
}
query = sdb_fmt ("struct.%s.%s", tmptype, name);
char *subtype = sdb_get (TDB, query, 0);
if (!subtype) {
break;
}
char *tmp = strchr (subtype, ',');
if (tmp) {
*tmp++ = 0;
tmp = strchr (tmp, ',');
if (tmp) {
*tmp++ = 0;
}
int elements = r_num_math (NULL, tmp);
if (elements == 0) {
elements = 1;
}
ret += r_type_get_bitsize (TDB, subtype) * elements;
}
free (subtype);
ptr = next;
} while (next);
free (members);
}
return ret;
}
return 0;
}
R_API int r_core_pseudo_code (RCore *core, const char *input) {
Sdb *db;
RAnalFunction *fcn = r_anal_get_fcn_in (core->anal,
core->offset, R_ANAL_FCN_TYPE_NULL);
int asmpseudo = r_config_get_i (core->config, "asm.pseudo");
int asmdecode = r_config_get_i (core->config, "asm.decode");
int asmlines = r_config_get_i (core->config, "asm.lines");
int asmbytes = r_config_get_i (core->config, "asm.bytes");
int asmoffset = r_config_get_i (core->config, "asm.offset");
int asmflags = r_config_get_i (core->config, "asm.flags");
int asmfcnlines = r_config_get_i (core->config, "asm.fcnlines");
int asmcomments = r_config_get_i (core->config, "asm.comments");
int asmfunctions = r_config_get_i (core->config, "asm.functions");
if (!fcn) {
eprintf ("Cannot find function in 0x%08"PFMT64x"\n",
core->offset);
return R_FALSE;
}
r_config_set_i (core->config, "asm.pseudo", 1);
r_config_set_i (core->config, "asm.decode", 0);
r_config_set_i (core->config, "asm.lines", 0);
r_config_set_i (core->config, "asm.bytes", 0);
r_config_set_i (core->config, "asm.offset", 0);
r_config_set_i (core->config, "asm.flags", 0);
r_config_set_i (core->config, "asm.fcnlines", 0);
r_config_set_i (core->config, "asm.comments", 0);
r_config_set_i (core->config, "asm.functions", 0);
db = sdb_new0 ();
/* */
// walk all basic blocks
// define depth level for each block
// use it for indentation
// asm.pseudo=true
// asm.decode=true
RAnalBlock *bb = r_list_first (fcn->bbs);
char indentstr[1024];
int n_bb = r_list_length (fcn->bbs);
r_cons_printf ("function %s () {", fcn->name);
int indent = 1;
int nindent = 1;
do {
#define I_TAB 4
#define K_ELSE(x) sdb_fmt(0,"else.%"PFMT64x,x)
#define K_INDENT(x) sdb_fmt(0,"loc.%"PFMT64x,x)
#define SET_INDENT(x) { memset (indentstr, ' ', x*I_TAB); indentstr [(x*I_TAB)-2] = 0; }
if (!bb) break;
r_cons_push ();
char *code = r_core_cmd_str (core, sdb_fmt(0,
"pDI %d @ 0x%08"PFMT64x"\n", bb->size, bb->addr));
r_cons_pop ();
memset (indentstr, ' ', indent*I_TAB);
indentstr [(indent*I_TAB)-2] = 0;
code = r_str_prefix_all (code, indentstr);
code[strlen(code)-1] = 0; // chop last newline
//r_cons_printf ("\n%s loc_0x%llx:\n", indentstr, bb->addr);
//if (nindent != indent) {
// r_cons_printf ("\n%s loc_0x%llx:\n", indentstr, bb->addr);
//}
r_cons_printf ("\n%s loc_0x%llx:\n", indentstr, bb->addr);
indentstr[(indent*I_TAB)-2] = 0;
r_cons_printf ("\n%s", code);
free (code);
if (sdb_get (db, K_INDENT(bb->addr), 0)) {
// already analyzed, go pop and continue
// XXX check if cant pop
//eprintf ("%s// 0x%08llx already analyzed\n", indentstr, bb->addr);
ut64 addr = sdb_array_pop_num (db, "indent", NULL);
if (addr==UT64_MAX) {
int i;
nindent = 1;
for (i=indent; i!=nindent; i--) {
SET_INDENT (i);
r_cons_printf ("\n%s}", indentstr);
}
r_cons_printf ("\n%sreturn;\n", indentstr);
break;
}
if (sdb_num_get (db, K_ELSE(bb->addr), 0)) {
r_cons_printf ("\n%s} else {", indentstr);
} else {
r_cons_printf ("\n%s}", indentstr);
}
r_cons_printf ("\n%s goto loc_0x%llx", indentstr, addr);
bb = r_anal_bb_from_offset (core->anal, addr);
if (!bb) {
eprintf ("failed block\n");
break;
}
//eprintf ("next is %llx\n", addr);
nindent = sdb_num_get (db, K_INDENT(addr), NULL);
if (indent>nindent) {
int i;
for (i=indent; i!=nindent; i--) {
SET_INDENT (i);
r_cons_printf ("\n%s}", indentstr);
}
}
indent = nindent;
} else {
sdb_set (db, K_INDENT(bb->addr), "passed", 0);
if (bb->jump != UT64_MAX) {
int swap = 1;
// TODO: determine which branch take first
ut64 jump = swap? bb->jump: bb->fail;
ut64 fail = swap? bb->fail: bb->jump;
// if its from another function chop it!
RAnalFunction *curfcn = r_anal_get_fcn_in (core->anal, jump, R_ANAL_FCN_TYPE_NULL);
if (curfcn != fcn) {
// chop that branch
r_cons_printf ("\n // chop\n");
break;
}
if (sdb_get (db, K_INDENT(jump), 0)) {
// already tracekd
if (!sdb_get (db, K_INDENT(fail), 0)) {
bb = r_anal_bb_from_offset (core->anal, fail);
}
} else {
bb = r_anal_bb_from_offset (core->anal, jump);
if (!bb) {
eprintf ("failed to retrieve blcok at 0x%"PFMT64x"\n", jump);
break;
}
if (fail != UT64_MAX) {
// do not push if already pushed
indent++;
if (sdb_get (db, K_INDENT(bb->fail), 0)) {
/* do nothing here */
eprintf ("BlockAlready 0x%"PFMT64x"\n", bb->addr);
} else {
// r_cons_printf (" { RADICAL %llx\n", bb->addr);
sdb_array_push_num (db, "indent", fail, 0);
sdb_num_set (db, K_INDENT(fail), indent, 0);
sdb_num_set (db, K_ELSE(fail), 1, 0);
r_cons_printf (" {");
}
} else {
r_cons_printf (" do");
sdb_array_push_num (db, "indent", jump, 0);
sdb_num_set (db, K_INDENT(jump), indent, 0);
sdb_num_set (db, K_ELSE(jump), 1, 0);
r_cons_printf (" {");
indent++;
}
}
} else {
ut64 addr = sdb_array_pop_num (db, "indent", NULL);
if (addr==UT64_MAX) {
r_cons_printf ("\nbreak\n");
break;
}
bb = r_anal_bb_from_offset (core->anal, addr);
nindent = sdb_num_get (db, K_INDENT(addr), NULL);
if (indent>nindent) {
int i;
for (i=indent; i!=nindent; i--) {
SET_INDENT (i);
r_cons_printf ("\n%s}", indentstr);
}
}
if (nindent != indent) {
r_cons_printf ("\n%s} else {\n", indentstr);
}
indent = nindent;
}
}
//n_bb --;
} while (n_bb>0);
r_cons_printf ("}\n");
r_cons_flush ();
r_config_set_i (core->config, "asm.pseudo", asmpseudo);
r_config_set_i (core->config, "asm.decode", asmdecode);
r_config_set_i (core->config, "asm.lines", asmlines);
r_config_set_i (core->config, "asm.bytes", asmbytes);
r_config_set_i (core->config, "asm.offset", asmoffset);
r_config_set_i (core->config, "asm.flags", asmflags);
r_config_set_i (core->config, "asm.fcnlines", asmfcnlines);
r_config_set_i (core->config, "asm.comments", asmcomments);
r_config_set_i (core->config, "asm.functions", asmfunctions);
sdb_free (db);
return R_TRUE;
}
R_API int r_meta_del(RAnal *a, int type, ut64 addr, ut64 size) {
char key[100], *dtr, *s, *p, *next;
const char *val;
int i;
if (size == UT64_MAX) {
// FULL CLEANUP
// XXX: this thing ignores the type
if (type == R_META_TYPE_ANY) {
sdb_reset (DB);
} else {
snprintf (key, sizeof (key)-1, "meta.%c.count", type);
int last = (ut64)sdb_num_get (DB, key, NULL)/K;
for (i=0; i<last; i++) {
snprintf (key, sizeof (key)-1, "meta.%c.%d", type, i);
dtr = sdb_get (DB, key, 0);
for (p = dtr; p; p = next) {
s = sdb_anext (p, &next);
snprintf (key, sizeof (key)-1,
"meta.%c.0x%"PFMT64x,
type, sdb_atoi (s));
sdb_unset (DB, key, 0);
if (!next) break;
}
free (dtr);
}
}
return false;
}
if (type == R_META_TYPE_ANY) {
/* special case */
r_meta_del (a, R_META_TYPE_COMMENT, addr, size);
r_meta_del (a, R_META_TYPE_VARTYPE, addr, size);
}
if (type == R_META_TYPE_COMMENT || type == R_META_TYPE_VARTYPE) {
snprintf (key, sizeof (key)-1, "meta.%c.0x%"PFMT64x, type, addr);
} else {
snprintf (key, sizeof (key)-1, "meta.0x%"PFMT64x, addr);
}
meta_inrange_del (a, addr, size);
val = sdb_const_get (DB, key, 0);
if (val) {
if (type == R_META_TYPE_ANY) {
char item_key[100];
const char *ptr = val;
while (*ptr) {
snprintf (item_key, sizeof (item_key), "meta.%c.0x%" PFMT64x, *ptr, addr);
sdb_unset (DB, item_key, 0);
ptr++;
if (*ptr) {
ptr++;
}
}
sdb_unset (DB, key, 0);
return false;
}
if (strchr (val, ',')) {
char type_fld[] = "##";
if (val[0] == type) {
type_fld[0] = type;
type_fld[1] = ',';
} else {
type_fld[0] = ',';
type_fld[1] = type;
}
sdb_uncat (DB, key, type_fld, 0);
} else {
sdb_unset (DB, key, 0);
}
snprintf (key, sizeof (key), "meta.%c.0x%" PFMT64x, type, addr);
sdb_unset (DB, key, 0);
}
sdb_unset (DB, key, 0);
return false;
}
R_API int r_debug_signal_what(RDebug *dbg, int num) {
char k[32];
snprintf (k, sizeof (k), "cfg.%d", num);
return sdb_num_get (DB, k, 0);
}
static void type_match(RCore *core, ut64 addr, char *name) {
Sdb *trace = core->anal->esil->db_trace;
RAnal *anal = core->anal;
RAnalVar *v;
char *fcn_name;
if (r_anal_type_func_exist (anal, name)) {
fcn_name = strdup (name);
} else if (!(fcn_name = r_anal_type_func_guess (anal, name))) {
eprintf ("can't find function prototype for %s\n", name);
return;
}
const char* cc = r_anal_type_func_cc (anal, fcn_name);
if (!cc || !r_anal_cc_exist (anal, cc)) {
eprintf ("can't find %s calling convention %s\n", fcn_name, cc);
return;
}
int i, j, max = r_anal_type_func_args_count (anal, fcn_name);
int size = 0, idx = sdb_num_get (trace, "idx", 0);
const char *sp_name = r_reg_get_name (anal->reg, R_REG_NAME_SP);
const char *bp_name = r_reg_get_name (anal->reg, R_REG_NAME_BP);
ut64 sp = r_reg_getv (anal->reg, sp_name);
ut64 bp = r_reg_getv (anal->reg, bp_name);
for (i = 0; i < max; i++) {
char *type = r_anal_type_func_args_type (anal, fcn_name, i);
const char *name =r_anal_type_func_args_name (anal, fcn_name, i);
const char *place = r_anal_cc_arg (anal, cc, i + 1);
if (!strcmp (place, "stack")) {
// type_match_stack ();
for (j = idx; j >= 0; j--) {
ut64 write_addr = sdb_num_get (trace, sdb_fmt (-1, "%d.mem.write", j), 0);
if (write_addr == sp + size) {
ut64 instr_addr = sdb_num_get (trace, sdb_fmt (-1, "%d.addr", j), 0);
r_meta_set_string (core->anal, R_META_TYPE_COMMENT, instr_addr,
sdb_fmt (-1, "%s %s", type, name));
char *tmp = sdb_fmt (-1, "%d.mem.read", j);
int i2, array_size = sdb_array_size (trace, tmp);
for (i2 = 0; i2 < array_size; i2++) {
if (bp_name) {
int bp_idx = sdb_array_get_num (trace, tmp, i2, 0) - bp;
if ((v =r_anal_var_get (anal, addr, R_ANAL_VAR_KIND_BPV, 1, bp_idx))) {
r_anal_var_retype (anal, addr, 1, bp_idx, R_ANAL_VAR_KIND_BPV, type, -1, v->name);
r_anal_var_free (v);
}
}
int sp_idx = sdb_array_get_num (trace, tmp, i2, 0) - sp;
if ((v = r_anal_var_get (anal, addr, R_ANAL_VAR_KIND_SPV, 1, sp_idx))) {
r_anal_var_retype (anal, addr, 1, sp_idx, R_ANAL_VAR_KIND_SPV, type, -1, v->name);
r_anal_var_free (v);
}
}
break;
}
}
size += r_anal_type_get_size (anal, type) / 8;
} else if (!strcmp (place , "stack_rev")) {
// type_match_stack_rev ();
free (type);
int k;
for ( k = max -1; k >=i; k--) {
type = r_anal_type_func_args_type (anal, fcn_name, k);
name =r_anal_type_func_args_name (anal, fcn_name, k);
place = r_anal_cc_arg (anal, cc, k + 1);
if (strcmp (place ,"stack_rev")) {
break;
}
for (j = idx; j >= 0; j--) {
ut64 write_addr = sdb_num_get (trace, sdb_fmt (-1, "%d.mem.write", j), 0);
if (write_addr == sp + size) {
ut64 instr_addr = sdb_num_get (trace, sdb_fmt (-1, "%d.addr", j), 0);
r_meta_set_string (core->anal, R_META_TYPE_COMMENT, instr_addr,
sdb_fmt (-1, "%s %s", type, name));
char *tmp = sdb_fmt (-1, "%d.mem.read", j);
int i2, array_size = sdb_array_size (trace, tmp);
for (i2 = 0; i2 < array_size; i2++) {
if (bp_name) {
int bp_idx = sdb_array_get_num (trace, tmp, i2, 0) - bp;
if ((v =r_anal_var_get (anal, addr, R_ANAL_VAR_KIND_BPV, 1, bp_idx))) {
r_anal_var_retype (anal, addr, 1, bp_idx, R_ANAL_VAR_KIND_BPV, type, -1, v->name);
r_anal_var_free (v);
}
}
int sp_idx = sdb_array_get_num (trace, tmp, i2, 0) - sp;
if ((v =r_anal_var_get (anal, addr, R_ANAL_VAR_KIND_SPV, 1, sp_idx))) {
r_anal_var_retype (anal, addr, 1, sp_idx, R_ANAL_VAR_KIND_SPV, type, -1, v->name);
r_anal_var_free (v);
}
}
break;
}
}
size += r_anal_type_get_size (anal, type) / 8;
}
break;
} else {
// type_match_reg ();
for (j = idx; j >= 0; j--) {
if (sdb_array_contains (trace, sdb_fmt (-1, "%d.reg.write", j), place, 0)) {
ut64 instr_addr = sdb_num_get (trace, sdb_fmt (-1, "%d.addr", j), 0);
r_meta_set_string (core->anal, R_META_TYPE_COMMENT, instr_addr,
sdb_fmt (-1, "%s %s", type, name));
char *tmp = sdb_fmt (-1, "%d.mem.read", j);
int i2, array_size = sdb_array_size (trace, tmp);
for (i2 = 0; i2 < array_size; i2++) {
if (bp_name) {
int bp_idx = sdb_array_get_num (trace, tmp, i2, 0) - bp;
if ((v =r_anal_var_get (anal, addr, R_ANAL_VAR_KIND_BPV, 1, bp_idx))) {
r_anal_var_retype (anal, addr, 1, bp_idx, R_ANAL_VAR_KIND_BPV, type, -1, v->name);
r_anal_var_free (v);
}
}
int sp_idx = sdb_array_get_num (trace, tmp, i2, 0) - sp;
if ((v =r_anal_var_get (anal, addr, R_ANAL_VAR_KIND_SPV, 1, sp_idx))) {
r_anal_var_retype (anal, addr, 1, sp_idx, R_ANAL_VAR_KIND_SPV, type, -1, v->name);
r_anal_var_free (v);
}
}
break;
}
}
}
free (type);
}
free (fcn_name);
}
