search

Vector35 / binaryninja-api

Public API, examples, documentation and issues for Binary Ninja
https://binary.ninja/
MIT License
897 stars 200 forks source link

Implement C, P, A, and O flags on x86 #4044

Open occamsrzor opened 7 years ago

occamsrzor commented 7 years ago

Binary Ninja Version: 1.0.776 Personal, 6573250f Platform: Windows 10

Seems to have issue with sbb.d, lsr.d, and.b, and xor.d instructions

robert-yates commented 7 years ago

Adding the following additional examples:

Flag C

lsr.d{*}(edx, 1)
sbb.d{*}(eax, eax, flag:c)
and.b{*}([0x405000].b, 2)

Flag P

sub.d{*}(esp, 0x100)
and.b{*}(ah, 0x41)
and.b{*}([0x405000].b, 2)
add.d{*}(esp, 0xc)

Flag A

sub.d{*}(esp, 0x100)
add.d{*}(esp, 0xc)

Flag O

sbb.d{*}(eax, [esi + 0xc].d, flag:c)
sbb.d{*}(eax, edx, flag:c)
jeffli678 commented 4 years ago

I think this is already fixed, isn't it?

ccarpenter04 commented 1 year ago

This is still a problem.

image

These are all caused by flag c not being properly lifted except for the "cmp" usage which is partially unimplemented because flag p isn't lifted properly.

It's causing distortion in the MLIL and HLIL views as a side effect :/

fuzyll commented 1 year ago

@rssor is working on part of this on a separate branch for the upcoming release (specific carry flag stuff). I've assigned it to him and stuck it in the milestone so we track that progress, but we'll be removing it from the milestone and un-assigning it once he's completed that work.

romanholidaypancakes commented 1 year ago

If you decompile vmprotect's virtual machine, you will find that more instructions have not been implemented. maybe the files packaged by vmprotect/themida should be part of the CI testing workflow ... Is it possible to provide a plugin example for such unimplemented instructions so that users can implement it by themselves?

fuzyll commented 1 year ago

@romanholidaypancakes This is where @rssor made the changes that I had mentioned above: https://github.com/Vector35/arch-x86/commit/5b134ac7da45c009094faf654f613a9ecd11cae8.

If anyone else wants to take a look at this and PR additional changes, we'd really appreciate it.

The parity flag stuff is probably not doable without some far more invasive changes...but, the other flags should be reasonably implementable.

romanholidaypancakes commented 2 months ago

Hi, is there any progress here, I have been following this issue for a few years and this issue was one of the things that stopped me from buying bj, as I have been working on analyzing binaries protected by vmp/themida/ollvm etc.