Hey there, an example from 32-bit code where the default switch handling fails:
.text:00412990 sub esp, 50h .text:00412993 mov eax, ___security_cookie .text:00412998 xor eax, esp .text:0041299A mov [esp+50h+var_4], eax .text:0041299E mov edx, [esp+50h+arg_0] .text:004129A2 push ebx .text:004129A3 mov ebx, ecx .text:004129A5 lea eax, [edx-1] .text:004129A8 cmp eax, 6 ; switch 7 cases .text:004129AB ja loc_412F7E ; jumptable 004129B4 default case .text:004129B1 push ebp .text:004129B2 push esi .text:004129B3 push edi .text:004129B4 jmp ds:off_412F90[eax*4] ; switch jump Enough of this for the moment, though :-)) -- I will check your branch now :-) Cheers, Thomas On Tue, Aug 22, 2017 at 1:24 PM, Thomas Dullien <[email protected]> wrote: > Hey there, > > I am back at work on this :-). > > A few questions: > - Your fork is a fork of Dyninst 9 ? > - Are there any things I need to be aware of when building it? > > The particular scenario I am dealing with right now is the following > construct (x86_64 disassembly of > Visual Studio compiled code). > > .text:000000014004D970 mov [rsp+arg_8], edx > .text:000000014004D974 mov [rsp+arg_0], rcx > .text:000000014004D979 push rdi > .text:000000014004D97A sub rsp, 220h > .text:000000014004D981 mov rdi, rsp > .text:000000014004D984 mov ecx, 88h > .text:000000014004D989 mov eax, 0CCCCCCCCh > .text:000000014004D98E rep stosd > .text:000000014004D990 mov rcx, [rsp+228h+arg_0] > .text:000000014004D998 mov rax, cs:__security_cookie > .text:000000014004D99F xor rax, rsp > .text:000000014004D9A2 mov [rsp+228h+var_18], rax > .text:000000014004D9AA mov eax, [rsp+228h+arg_8] > .text:000000014004D9B1 mov [rsp+228h+var_80], eax > .text:000000014004D9B8 mov eax, [rsp+228h+var_80] > .text:000000014004D9BF dec eax > .text:000000014004D9C1 mov [rsp+228h+var_80], eax > .text:000000014004D9C8 cmp [rsp+228h+var_80], 5 ; > switch 6 cases > .text:000000014004D9D0 ja loc_14004EA48 ; jumptable > 000000014004D9EF default case > .text:000000014004D9D6 movsxd rax, [rsp+228h+var_80] > .text:000000014004D9DE lea rcx, cs:140000000h > .text:000000014004D9E5 mov eax, ds:(off_14004EA70 - > 140000000h)[rcx+rax*4] > .text:000000014004D9EC add rax, rcx > .text:000000014004D9EF jmp rax ; switch > jump > .text:000000014004D9F1 ; ------------------------------ > --------------------------------------------- > > Cheers, > Thomas > > On Tue, Jun 13, 2017 at 4:35 PM, Thomas Dullien <[email protected]> > wrote: > >> Hey there, >> >> excellent, thanks for your quick response :-) I will give your fork a try >> in the next 2-3 days -- I am currently >> at a conference and hence won't have time to try it today :-) >> >> Cheers, >> Thomas >> >> On Tue, Jun 13, 2017 at 10:30 AM, Xiaozhu Meng <[email protected]> wrote: >> >>> Hi Thomas, >>> >>> I am working with an improved jump table analysis. Its prototype is >>> available at my Dyninst fork (https://github.com/mxz297/dyn >>> inst/tree/jump_table_multi_slices). This improved version should be >>> merged back to mainstream Dyninst in the near future. Could you try my >>> version to see whether it solves your problem? If the problem remains, >>> could you provide me the problematic binary so that I can further improve >>> my code? >>> >>> Thanks, >>> >>> --Xiaozhu >>> >>> On Tue, Jun 13, 2017 at 7:25 AM, Thomas Dullien < >>> [email protected]> wrote: >>> >>>> Hey all, >>>> >>>> I am using DynInst for a small project that helps search for similar >>>> flowgraph in a search index (https://www.github.com/thomas >>>> dullien/functionsimsearch) >>>> and noticed that most switch statements that it encounters are not >>>> handled properly (e.g. the control flow reconstruction fails to resolve >>>> the switch targets). >>>> >>>> Where in the source code should I go looking for the relevant code? >>>> I'd love to have a look around to see if it can be improved. >>>> >>>> Cheers, >>>> Thomas >>>> >>>> _______________________________________________ >>>> Dyninst-api mailing list >>>> [email protected] >>>> https://lists.cs.wisc.edu/mailman/listinfo/dyninst-api >>>> >>>> >>> >> >
_______________________________________________ Dyninst-api mailing list [email protected] https://lists.cs.wisc.edu/mailman/listinfo/dyninst-api
