Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

incorrect tagging of the project memory #1125

Closed
ivg opened this issue Jun 12, 2020 · 0 comments
Closed

incorrect tagging of the project memory #1125

ivg opened this issue Jun 12, 2020 · 0 comments
Assignees
@gitoleg
Labels
bug

Comments

@ivg
Copy link
Member

ivg commented Jun 12, 2020

We have a case with an even number of bugs. The first bug, is in the stub-resolver plugin which searches for the sections named .plt in the data segments (while .plt and .plt.got are clearly executable, moreover, we're using these addresses to classify disassembled functions as stubs or not). Another bug is that the .plt entry is not present in the provided code segments and indeed we have to use data here otherwise the component won't work. The second bug has to be fixed and once it is the first one could also be fixed.
@ivg ivg added the bug label Jun 12, 2020
ivg added a commit to ivg/bap that referenced this issue Jun 12, 2020
@ivg
temprorary reverts the fix in stub resolver
f1f70d0 
see BinaryAnalysisPlatform#1125
ivg added a commit to ivg/bap that referenced this issue Jun 24, 2020
@ivg
temprorary reverts the fix in stub resolver
ba5c5cd 
see BinaryAnalysisPlatform#1125
ivg added a commit to ivg/bap that referenced this issue Jun 29, 2020
@ivg
temprorary reverts the fix in stub resolver
29b537a 
see BinaryAnalysisPlatform#1125
ivg added a commit to ivg/bap that referenced this issue Jun 29, 2020
@ivg
temprorary reverts the fix in stub resolver
ceaaace 
see BinaryAnalysisPlatform#1125
ivg added a commit to ivg/bap that referenced this issue Jul 9, 2020
@ivg
temprorary reverts the fix in stub resolver
1524fc0 
see BinaryAnalysisPlatform#1125
ivg added a commit to ivg/bap that referenced this issue Jul 15, 2020
@ivg
temprorary reverts the fix in stub resolver
985ceb4 
see BinaryAnalysisPlatform#1125
ivg added a commit that referenced this issue Jul 15, 2020
@ivg
enables multiple projects in the same knowledge base (#1119)
53da1ca 
* creates program modules in the current package

or in the user package if one is specified.

Also, demistifies the program objects and documents explicitly
how they are formed.

* adds package and set_package functions to the knowledge interface

* adds `?package` to corresponding function in the Tid module

* adds the package parameter to the Project.creat function

* fixes stub-resolver, it was adding bogus slots to the program class

* properly qualifies the start and exit nodes of the Tid graph

* uses the new package field in the disassemble command

* interns contexts in the current package

* adds the collator extension points

* adds the collate command

* adds the callgraph collators

* adds scoped promises and proposals to knowledge

* switches to scoped promises for arches

* enables lazy processing of the projects in the collate command

* improves the diagnostic message on non-monotonic update error

* tweaks the callgraph collator output

* introduces rules and their introspection

A rule is a static description of a promise. This commit introduces a
DSL from rule specification, as well as a documentation view on the
rule for its introspection.

* adds `bap list rules` command

It will list all rules known to the system.

* adds declaration for some of the existing rules

except objdump, it will be added later in a new form

* adds path and possible name to the core-theory

this commit should be pushed down, before the changes with rules

* adds more rule definitions and more rules

when a project is created the knowledge about the filename path and
architecture is reflected into the knowledge base.

* declares BIL rules

* a bulk rename of the package bap.std to bap

This .std is totally superfluous here, we need only one package for bap.

* moves logging facilities to Bap_main

* adds more of_string* parsers to Bitvec.

* rewrites objdump plugin so it no longer depends on bap.std

* moves bap attributes (aka value tags) to bap namespace

But keep uuids for typeid and serialization, otherwise we will break
presistence. While `package:name` denotes the name of a property,
`uuid:name` denotes its representation.

* provides the filename using scoped promises

* adds paths to symbolizers

to prevent symbolizers registered for one file provide names for other files.

* adds the Stream.Variadic documentation

it is really hard to grok how to use it without documentation, even
for an author :)

* adds paths to rooters

* updates the byteweight rooter

* updates read-symbols to use the path

* updates IDA service to provide rooter and symbolizer with path

* drops debugging info

* use the path as the package not the digest

Rationale: in a multi-project analysis we will need to know the
package to obtain the information relative to a project and getting
the digest is a bit long road. Moreover, it is less
readable. Concerning the possible conflicts from the different files
with the same name, it is quite unlikely, since the caching mechanism
separates knowledge bases by the digests and other systems that we or
anyone else will develop will manage their own separation schemes.

* adds path constraint to branchers also

* updates the ida brancher to respect the paths

* adds `bap list collators` command

* code clean up, adds docs and the rest

* fixes the symbolizer block parsing function

Instead of giving the name to the entry address it was naming all
addresses belonging to a function.

* adds the missing base binary to the comparison

* adds filters and custom output destination to callgraph collator

also normalizes names and fixes a few bugs.

* cleans up documentation

* stops objdump from providing addresses from ambiguous names

* temprorary reverts the fix in stub resolver

see #1125

* makes radare2 plugin respect the paths

* introduces code units

A new class of Core Theory objects that represents compilation units,
libaries, executables, and other aggregations of programs.

The path property now belongs to the unit, not the the program itself,
so we basically introduced an extra layer of indirection.

One of the important properties of units is that they could be shifted
in memory, which paves the road to the llvm-base fix.

* passes through bias from llvm up to the knowledge base

fixes (hot) objdump (we still need to know the modulus of the
address), radare2 and other symbolizers will follow.

* treat all old rooters and symbolizers as unbiased sources

* adds more target-specific information in the llvm backend output

and did some refactoring

* adds bits and endianessness to the target properties

* adds a rule that provides bap:arch from unit's target defs

* improves signature mismatch error in the OGRE parser

* fixes abi printer

* adds the newly added fields to the image specification

* enables propagation of spec into KB and arch into spec

* initializes the unit for the low-level disassembler interface

* enables biased information sources

We assumed by default that all our information sources (rooters,
symbolizers, and branchers) are unbiased but it wasn't true for
the sources that we created of images (using corresponding of_image)
that were already operating using the biased information from the
loader.

To fix this issue we added a hidden parameter to mark information
sources as biased or unbiased and perform bias substraction (and also
addition in case when the destinations are provided) based on this
parameter. We may later make it public, but so far it is only set for
information sources that are derived from images.

Also the common code between information sources were factored out
into the Bap_disasm_source module.

* fixes the hardcoded modulus in the objdump plugin

We are now able to query the bitness without having to pull in the
Bap.Std interface so we can implement everything neatly.

* scopes the information sources obtained from the image

* enables scopes promises for information sources

and uses it for the rec, as far as I can grep, I don't see any
information sources that are not properly scoped, either by limiting
them to the path or to a function.

* updates the project documentation, documents the toplevel interface

also exports the full toplevel interface

* documents and tweaks some function in the unit module

The [for_file] function now also sets the path (the same as the
corresponding [for_addr] function sets the address).

The [for_region] now interns the boundaries in the current package
and builds the finaly symbol from their concatenation to enable
intersecting regions from different files in the same knowledge base.

* flushes the formatter in the callgraph collator.

* documents the Bap_main_event module

also establishes equalities between it and its re-export in Bap.Std
and adds an convenience alias in the Bap_main module for the loggers.

* adds the compare command tests
ivg added a commit to ivg/bap that referenced this issue Nov 2, 2020
@ivg
adds the memory slot and optimizes stub resolver
886fd0b 
Introduces memory (Memmap.t) to the knowledge base accessible via the
`Project.memory_slot` and uses it for computing stubs in the
stub-resolver plugin.

Also fixes BinaryAnalysisPlatform#1125.
@ivg ivg closed this as completed in 32391a7 Nov 3, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gitoleg gitoleg

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ivg @gitoleg