search

radareorg / radare2

UNIX-like reverse engineering framework and command-line toolset
https://www.radare.org/
GNU Lesser General Public License v3.0
20.43k stars 2.98k forks source link

Adapt Arena for Dalvik #6838

Open h4ng3r opened 7 years ago

h4ng3r commented 7 years ago

Dalvik is register-based and each method uses a different number of registers, so we need to adapt the arena in order to support this behaviour for both anal and ESIL.

More info from Google/Android : The machine is register-based, and frames are fixed in size upon creation. Each frame consists of a particular number of registers (specified by the method) as well as any adjunct data needed to execute the method, such as (but not limited to) the program counter and a reference to the .dex file that contains the method.

radare commented 7 years ago

From what we understood in https://hackmd.io/EYQwpgDALGbAtBArBAHPKqDsBmewA2ARjyIBMAzECg7TJAoA?edit

we should just have an arena of a specific size.. and implement ... in r_reg to allow resizing if needed, by expanding the last register following the same name pattern.

i did a quick test with dexdump and i found some that some dex have like 659 registers in a single function xDDDD so yep we need to implement ... in r_reg :) to make arenas resizables

radare commented 7 years ago

The thing is... when entering/quiting function we shouldnt shrink down the arena, we should just shrink what the user sees in the arena.. this is .. faking down the arena size, but not removing the data in the original arena. but in fact in dalvik unused registers will not be reusable between function executions, because every time you enter a function you start with a clean state, right?

radare commented 7 years ago

we need toimplement the dalvik debugger in r2 to understand this :P

h4ng3r commented 7 years ago

@radare Yep you start with a clean state. Each function define the amount of registers needed using .register or .locals. This includes the arguments (1 or 2 register per argument) and this if the invoke is not static. This information is being parsed by Dex RBIn we just need to save it, but I dont know which is the right place.

radare commented 7 years ago

i guess that its starting with cleanedup register values.. or it is inherting some values from previoues calls, etc? maybe we should add a new esil primitive to do this without having to push N regs by hand in every esil expression etc

On 21 Mar 2017, at 13:12, Marc notifications@github.com wrote:

@radare https://github.com/radare Yep you start with a clean state. Each function define the amount of registers needed using .register or .locals. This includes the arguments (1 or 2 register per argument) and this if the invoke is not static. This information is being parsed by Dex RBIn we just need to save it, but I dont know which is the right place.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/radare/radare2/issues/6838#issuecomment-288060108, or mute the thread https://github.com/notifications/unsubscribe-auth/AA3-lvp67-TVyR4HgFLRDaxa1lT1yaQvks5rn77CgaJpZM4MKaUG.

alvarofe commented 7 years ago

600 registers omg and @h4ng3r said in private the arch support until 65535. So yes, defining ... in r_reg sounds the way to fix this

radare commented 7 years ago

DUUUUUUUUDES

h4ng3r commented 7 years ago

@radare I'll try to have a first version for this release.