feat: R2Qiling with refactored memory and de-flatten plugin #1244
Conversation
qiling/os/memory.py
Outdated
| @@ -166,7 +166,7 @@ def __perms_mapping(ps: int) -> str: | |||
|
|
|||
| return ''.join(val if idx & ps else '-' for idx, val in perms_d.items()) | |||
|
|
|||
| def __process(lbound: int, ubound: int, perms: int, label: str, is_mmio: bool) -> Tuple[int, int, str, str, str]: | |||
| def __process(lbound: int, ubound: int, perms: int, label: str, is_mmio: bool, _data: bytearray = None) -> Tuple[int, int, str, str, str]: | |||
There was a problem hiding this comment.
The wrapper R2Mem may call get_mapinfo then __process each entry in map_info, I add this optional argument since map_info in R2Mem has 6 elements instead of 5. I don't want to copy much code which only differs in # of parameters. Most importantly, it will not affect the behavior of existing code.
There was a problem hiding this comment.
@elicn Do you approve these changes on the existing code?
chinggg
force-pushed
the
r2qiling
branch
4 times, most recently
from
33892d8
to
becf881
Compare
|
@wtdcode are we ready to merge this ? |
|
Currently, the example code in Documentation is also required. I will continue to revise it in December after I complete my graduate applications. |
|
once this is merged and some minor bug fix. we can tag a release |
|
No, unfortunately it's not ready to merge yet and probably needs a few more revise. |
|
It seems #1293 has made some improvements to memory management functions like |
in addition to 'invalid' instruction
BUG: mips32 uc map 0x9000000 become 0x1000000
Add new class AnalOp and Operand @Property r2.offset returns current offset New methods of R2: write(addr: int, bs: bytes) get_fcn_at(addr: int) -> Function get_bb_at(addr: int) -> BasicBlock get_fcn_bbs(addr: int) -> List[BasicBlock] dis(Function | BasicBlock) -> List[Instruction] New attributes of R2Data: __str__ can hexlify int __contains__ makes range checking easier @Property: start_ea, end_ea Fix an error in @aaa decorator to accept args
example deflat_r2.py tests a x86 program compiled with OLLVM -mllvm -fla see https://blog.quarkslab.com/deobfuscation-recovering-an-ollvm-protected-program.html
assert_mem_equal is only needed for R2Qiling
refactor r2._cmd() to allow optional r_core passed
@wrap_arg_addr makes function accept name/R2Data as addr and return same func when args is empty rename: get_fcn_at -> get_fcn rename: get_bb_at -> get_bb
r2.shell() can now be launched at an address (PC by default)
only difference: use an extra dict cmap to store ctype buf map_info is the same as existing, no bytearray stored and updated
|
I have tried to keep the r2 extension compatible with existing code, now there is no extra record of bytearray in |
Checklist
Which kind of PR do you create?
Coding convention?
Extra tests?
Changelog?
Target branch?
One last thing
The draft PR #1213 refactors
ql.memby changing its internal implementation, which cannot get agreement from all developers. So I keep the existing code almost intact and move the promising but unstable feature intoR2QilingandR2Mem. Users can just replaceQilingwithR2Qilingto enjoy and test the r2-powered Qiling.