Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve op_str connect address parsing of pe #6

Merged
merged 9 commits into from
Dec 8, 2022
Merged

Improve op_str connect address parsing of pe #6

merged 9 commits into from
Dec 8, 2022

Conversation

Eveheeero
Copy link
Owner

@Eveheeero Eveheeero commented Dec 8, 2022
edited
Loading

Summary

  • Improve parsing connected address via instruction history
  • Change insn_to_opu64 result type to Result
  • Create x86_64 arch mod
  • Write some regex pattern for x86_64 op_str
  • Address structure can have no section
  • Write error handling about out-of-section assembly parsing
  • Some Bug fixes

Details

  • Improve parsing connected address via instruction history
    now, this program can parse connected address via instruction history with some pattern (in x86_64::parse_block.rs)
  • Change insn_to_opu64 result type to Result
    op_str could not parse target address cause of 'out-of-section' or 'dynamic generated',
  • Create x86_64 arch mod
  • Write some regex pattern for x86_64 op_str
    Add regex library to Cargo.toml
  • Address structure can have no section
    Add handling about out-of-section address, and this address will return None at file_offset address and get_section
  • Write error handling about out-of-section assembly parsing
    There are no information about linked section, so program should handle that situation.
  • Some Bug fixes
    Now, next instruction of jmp won't parsed

Need more things to do

  • improve parsing about connected address with unimplemented pattern
  • pe::parse_block renames to x86_64::parse_block

@Eveheeero
insn_to_opu64 함수에 대해, Result로 타입 변경
f41ae3d 
- insn_to_opu64함수에 대해 Result로 타입 변경
- 구현되지 않은 데이터에 대해 Err로 출력되게 변경
- 메세지가 있는 에러타입 생성
@Eveheeero
x86_64 아키텍처에 대한 op_str 정규식 작성
c7d8e4a 
- x86_64 아키텍처에 대한 모듈 작성
- x86_64 op_str에 대한 정규식 작성
- 정규식 라이브러리 Cargo.toml에 추가
@Eveheeero
Address의 오류 관련 조정
4fa7ae3 
- Address가 Option형태의 섹션을 가질 수 있도록 조정
- Address의 파일 오프셋이 없는 경우에 대한 처리 작성
@Eveheeero
=
8644586 
- 로그를 기반으로 레지스터 값 계산 작성
- jmp인스트럭션의 다음 라인에 대해 블럭을 파싱하지 않도록 변경
@Eveheeero
jmp문에 대해, 스택 리와인드 재작성
120e661
@Eveheeero
mov인스트럭션에 대한 인스트럭션 기록 기반 파싱 작성
cd36195
@Eveheeero
섹션 범위를 벗어난 파싱 시도에 대한 오류처리 작성
c30638f
@Eveheeero
Squash merge from master update workflow:
e9cf426 
commit 1a657e7
Author: Eveheeero <[email protected]>
Date:   Wed Dec 7 17:23:00 2022  0900

    Overall documentation improvements (#5)

    - Rust Clippy Update
    - Rust Workflow add flows
    - Update Readme
    - Generate Pull Request template
@Eveheeero Eveheeero added the Enhancement New feature or request label Dec 8, 2022
@Eveheeero Eveheeero added this to the 0.1.0 milestone Dec 8, 2022
@Eveheeero Eveheeero self-assigned this Dec 8, 2022
@Eveheeero Eveheeero linked an issue Dec 8, 2022 that may be closed by this pull request
[FIRE] pe parse_block improve op_str to address #2
Closed
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 8, 2022
View reviewed changes
fireball/src/pe/fire/parse_block.rs
let target = insn_to_opu64(now_address.clone(), &inst, history);
let target_address =
Address::from_virtual_address(&self.sections, target).unwrap();
let target = insn_to_opu64(now_address.clone(), &inst, history)?;

Check warning

Code scanning / clippy

this expression creates a reference which is immediately dereferenced by the compiler

this expression creates a reference which is immediately dereferenced by the compiler
fireball/src/pe/fire/parse_block.rs
let target_address =
Address::from_virtual_address(&self.sections, target).unwrap();
"jmp" => {
let target = insn_to_opu64(now_address.clone(), &inst, history)?;

Check warning

Code scanning / clippy

this expression creates a reference which is immediately dereferenced by the compiler

this expression creates a reference which is immediately dereferenced by the compiler
fireball/src/pe/fire/parse_block.rs
| "jl" | "jna" | "jb" | "jne" | "jle" | "jrcxz" | "jns" | "jc" | "jo" | "jnge"
| "jnbe" | "jecxz" | "jpo" | "jz" | "jae" | "jpe" | "jnl" | "jp" | "jge"
| "jbe" | "jcxz" | "jno" | "jnp" | "jng" => {
let target = insn_to_opu64(now_address.clone(), &inst, history)?;

Check warning

Code scanning / clippy

this expression creates a reference which is immediately dereferenced by the compiler

this expression creates a reference which is immediately dereferenced by the compiler
fireball/src/arch/x86_64/op_parse.rs
Comment on lines 5 to 10
pub const FUNCTIONS: &[&dyn Fn(
Address,
&capstone::Insn,
&mut InstructionHistory,
Captures,
) -> Result<u64, &'static str>] = &[&function0, &function1, &function2];

Check warning

Code scanning / clippy

very complex type used. Consider factoring parts into `type` definitions

very complex type used. Consider factoring parts into `type` definitions
fireball/src/arch/x86_64/op_parse.rs
_history: &mut InstructionHistory,
captures: Captures,
) -> Result<u64, &'static str> {
let virtual_address;

Check warning

Code scanning / clippy

unneeded late initialization

unneeded late initialization
@Eveheeero Eveheeero merged commit 846288a into master Dec 8, 2022
@Eveheeero Eveheeero deleted the 2-fire-pe-parse_block-improve-op_str-to-address branch December 8, 2022 01:38
@Eveheeero
Copy link
Owner Author

Squashed commit of the following:

commit e9cf426
Author: Eveheeero [email protected]
Date: Wed Dec 7 12:36:50 2022 0000

Squash merge from master update workflow:

commit 1a657e7eba52bc3d7a3517646aa182a9b7e0edaa
Author: Eveheeero <[email protected]>
Date:   Wed Dec 7 17:23:00 2022  0900

    Overall documentation improvements (#5)

    - Rust Clippy Update
    - Rust Workflow add flows
    - Update Readme
    - Generate Pull Request template

commit c30638f
Author: Eveheeero [email protected]
Date: Wed Dec 7 12:30:53 2022 0000

섹션 범위를 벗어난 파싱 시도에 대한 오류처리 작성

commit cd36195
Author: Eveheeero [email protected]
Date: Wed Dec 7 12:26:29 2022 0000

mov인스트럭션에 대한 인스트럭션 기록 기반 파싱 작성

commit 120e661
Author: Eveheeero [email protected]
Date: Wed Dec 7 12:08:50 2022 0000

jmp문에 대해, 스택 리와인드 재작성

commit 8644586
Author: Eveheeero [email protected]
Date: Wed Dec 7 11:39:56 2022 0000

=

- 로그를 기반으로 레지스터 값 계산 작성
- jmp인스트럭션의 다음 라인에 대해 블럭을 파싱하지 않도록 변경

commit 4fa7ae3
Author: Eveheeero [email protected]
Date: Wed Dec 7 04:18:58 2022 0000

Address의 오류 관련 조정

- Address가 Option형태의 섹션을 가질 수 있도록 조정
- Address의 파일 오프셋이 없는 경우에 대한 처리 작성

commit c7d8e4a
Author: Eveheeero [email protected]
Date: Tue Dec 6 15:11:43 2022 0000

x86_64 아키텍처에 대한 op_str 정규식 작성

- x86_64 아키텍처에 대한 모듈 작성
- x86_64 op_str에 대한 정규식 작성
- 정규식 라이브러리 Cargo.toml에 추가

commit f41ae3d
Author: Eveheeero [email protected]
Date: Thu Dec 1 04:18:34 2022 0000

insn_to_opu64 함수에 대해, Result로 타입 변경

- insn_to_opu64함수에 대해 Result로 타입 변경
- 구현되지 않은 데이터에 대해 Err로 출력되게 변경
- 메세지가 있는 에러타입 생성

This was referenced Dec 8, 2022
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@Eveheeero Eveheeero

Labels
Enhancement New feature or request
Projects
Fireball
Status: Done
Milestone
0.1.0
Development

Successfully merging this pull request may close these issues.

[FIRE] pe parse_block improve op_str to address
1 participant
@Eveheeero