-
Notifications
You must be signed in to change notification settings - Fork 288
Expand file tree
/
Copy pathSharedCacheUINotifications.cpp
More file actions
232 lines (200 loc) · 7.78 KB
/
Copy pathSharedCacheUINotifications.cpp
File metadata and controls
232 lines (200 loc) · 7.78 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
//
// Created by kat on 5/8/23.
//
#include "SharedCacheUINotifications.h"
#include <sharedcacheapi.h>
#include "mediumlevelilinstruction.h"
#include "ui/sidebar.h"
#include "ui/linearview.h"
#include "ui/viewframe.h"
#include "dscpicker.h"
#include "progresstask.h"
using namespace BinaryNinja;
using namespace SharedCacheAPI;
UINotifications* UINotifications::m_instance = nullptr;
// Resolve a stub function at `addr` to the constant target of its jump or tail call. Stub functions
// are identified by the `j_` symbol prefix that the shared cache workflow applies when renaming them.
static std::optional<uint64_t> ResolveStubTarget(BinaryView& view, uint64_t addr)
{
auto symbol = view.GetSymbolByAddress(addr);
if (!symbol || symbol->GetShortName().rfind("j_", 0) != 0)
return std::nullopt;
auto func = view.GetAnalysisFunction(view.GetDefaultPlatform(), addr);
if (!func)
return std::nullopt;
// Skip any function that is very clearly not a stub (not a single basic block with only a few instructions).
const auto blocks = func->GetBasicBlocks();
constexpr uint64_t maxStubLength = 0x20;
if (blocks.size() != 1 || blocks[0]->GetLength() > maxStubLength)
return std::nullopt;
auto mlil = func->GetMediumLevelIL();
if (!mlil)
return std::nullopt;
const auto mlilBlocks = mlil->GetBasicBlocks();
if (mlilBlocks.size() != 1 || mlilBlocks[0]->GetEnd() == mlilBlocks[0]->GetStart())
return std::nullopt;
// The jump or tail call terminates the stub's single basic block, so it can only be the last instruction.
const auto instr = mlil->GetInstruction(mlilBlocks[0]->GetEnd() - 1);
if (instr.operation != MLIL_JUMP && instr.operation != MLIL_TAILCALL)
return std::nullopt;
const auto dest = instr.GetDestExpr();
if (dest.operation != MLIL_CONST_PTR && dest.operation != MLIL_CONST)
return std::nullopt;
return dest.GetConstant();
}
// The address a token-based load action should operate on. A stub function's address is in an
// already-loaded image, so resolve it to its target and offer to load what the stub jumps to.
static uint64_t TokenAddress(const UIActionContext& ctx)
{
uint64_t addr = ctx.token.token.value;
if (!ctx.binaryView->GetSectionsAt(addr).empty())
{
if (auto target = ResolveStubTarget(*ctx.binaryView, addr))
return *target;
}
return addr;
}
void UINotifications::init()
{
m_instance = new UINotifications;
UIContext::registerNotification(m_instance);
}
void UINotifications::OnViewChange(UIContext* context, ViewFrame* frame, const QString& type)
{
if (!frame)
return;
auto view = frame->getCurrentBinaryView();
if (!view || view->GetTypeName() != VIEW_NAME)
return;
auto viewInt = frame->getCurrentViewInterface();
if (!viewInt)
return;
auto ah = viewInt->actionHandler();
// Check to see if we have already bound these actions.
if (ah->isBoundAction("Load Image by Name"))
return;
static auto loadRegionAtAddr = [](BinaryView& view, uint64_t addr) {
auto controller = SharedCacheController::GetController(view);
if (!controller)
return;
if (auto foundRegion = controller->GetRegionContaining(addr))
{
// If we did not load the region, then we don't need to run analysis.
if (!controller->ApplyRegion(view, *foundRegion))
return;
view.AddAnalysisOption("linearsweep");
view.AddAnalysisOption("pointersweep");
view.UpdateAnalysis();
}
};
static auto loadImageAtAddr = [](BinaryView& view, uint64_t addr) {
auto controller = SharedCacheController::GetController(view);
if (!controller)
return;
if (auto foundImage = controller->GetImageContaining(addr))
{
// If we did not load the image, then we don't need to run analysis.
if (!controller->ApplyImage(view, *foundImage))
return;
view.AddAnalysisOption("linearsweep");
view.AddAnalysisOption("pointersweep");
view.UpdateAnalysis();
}
};
auto loadImageNameAction = [](const UIActionContext& ctx) {
DisplayDSCPicker(ctx.context, ctx.binaryView);
};
auto loadImageAddrAction = [](const UIActionContext& ctx) {
uint64_t addr = 0;
if (GetAddressInput(addr, "Address", "Address"))
{
BackgroundThread::create(ctx.context->mainWindow())
->thenBackground([ctx, addr]() {
loadImageAtAddr(*ctx.binaryView, addr);
})->start();
}
};
auto loadSectionAddrAction = [](const UIActionContext& ctx) {
uint64_t addr = 0;
if (GetAddressInput(addr, "Address", "Address"))
{
BackgroundThread::create(ctx.context->mainWindow())
->thenBackground([ctx, addr](){ loadRegionAtAddr(*ctx.binaryView, addr); })
->start();
}
};
auto loadRegionTokenAction = [](const UIActionContext& ctx) {
uint64_t addr = TokenAddress(ctx);
BackgroundThread::create(ctx.context->mainWindow())
->thenBackground([ctx, addr](){ loadRegionAtAddr(*ctx.binaryView, addr); })
->start();
};
auto loadImageTokenAction = [](const UIActionContext& ctx) {
uint64_t addr = TokenAddress(ctx);
BackgroundThread::create(ctx.context->mainWindow())
->thenBackground([ctx, addr](){ loadImageAtAddr(*ctx.binaryView, addr); })
->start();
};
auto isValidUnloadedRegionAction = [](const UIActionContext& ctx) {
uint64_t addr = TokenAddress(ctx);
// Check if the region is already loaded in the view.
if (!ctx.binaryView->GetSectionsAt(addr).empty())
return false;
auto controller = SharedCacheController::GetController(*ctx.binaryView);
if (!controller)
return false;
return controller->GetRegionContaining(addr).has_value();
};
auto isValidUnloadedImageAction = [](const UIActionContext& ctx) {
uint64_t addr = TokenAddress(ctx);
// Check if the image is already loaded in the view.
if (!ctx.binaryView->GetSectionsAt(addr).empty())
return false;
auto controller = SharedCacheController::GetController(*ctx.binaryView);
if (!controller)
return false;
return controller->GetImageContaining(addr).has_value();
};
ah->bindAction("Load Image by Name", UIAction(loadImageNameAction));
ah->bindAction("Load Image by Address", UIAction(loadImageAddrAction));
ah->bindAction("Load Section by Address", UIAction(loadSectionAddrAction));
ah->bindAction("Load ADDRHERE", UIAction(loadRegionTokenAction, isValidUnloadedRegionAction));
ah->bindAction("Load IMGHERE", UIAction(loadImageTokenAction, isValidUnloadedImageAction));
ah->setActionDisplayName("Load ADDRHERE", [](const UIActionContext& ctx) {
auto controller = SharedCacheController::GetController(*ctx.binaryView);
if (!controller)
return QString("NO CONTROLLER");
uint64_t addr = TokenAddress(ctx);
auto region = controller->GetRegionContaining(addr);
if (!region)
return QString("NO REGION");
return QString("Load ") + region->name.c_str();
});
ah->setActionDisplayName("Load IMGHERE", [](const UIActionContext& ctx) {
auto controller = SharedCacheController::GetController(*ctx.binaryView);
if (!controller)
return QString("NO CONTROLLER");
uint64_t addr = TokenAddress(ctx);
auto image = controller->GetImageContaining(addr);
if (!image)
return QString("NO IMAGE");
return QString("Load ") + image->name.c_str();
});
// Finally add the actions to the context menu.
if (auto linearView = qobject_cast<LinearView*>(viewInt->widget()))
{
constexpr auto groupOneName = VIEW_NAME;
constexpr auto groupTwoName = VIEW_NAME "2";
linearView->contextMenu().addAction("Load ADDRHERE", groupOneName);
linearView->contextMenu().addAction("Load IMGHERE", groupOneName);
linearView->contextMenu().addAction("Load Image by Name", groupTwoName);
linearView->contextMenu().addAction("Load Image by Address", groupTwoName);
linearView->contextMenu().addAction("Load Section by Address", groupTwoName);
linearView->contextMenu().setGroupOrdering(groupOneName, 0);
linearView->contextMenu().setGroupOrdering(groupTwoName, 1);
}
}
void UINotifications::OnAfterOpenFile(UIContext* context, FileContext* file, ViewFrame* frame)
{
UIContextNotification::OnAfterOpenFile(context, file, frame);
}