wip

Author: emesare

view/sharedcache/api/python/sharedcache.py

@@ -1,22 +1,22 @@
-import os
 import ctypes
 import dataclasses
-import traceback
 
 import binaryninja
+from binaryninja import BinaryView
 from binaryninja._binaryninjacore import BNFreeStringList, BNAllocString, BNFreeString
 
 from . import _sharedcachecore as sccore
 from .sharedcache_enums import *
 
 @dataclasses.dataclass
 class CacheRegion:
-    regionType: SharedCacheRegionType
+    region_type: SharedCacheRegionType
     name: str
     start: int
     size: int
-    imageStart: int
-    flags: binaryninja.enums.SegmentFlag
+    image_start: int
+    # TODO: Might want to make this use the BN segment flag enum?
+    flags: sccore.SegmentFlagEnum
 
     def __str__(self):
         return repr(self)
@@ -27,40 +27,73 @@ def __repr__(self):
 @dataclasses.dataclass
 class CacheImage:
     name: str
-    headerAddress: int
-    regionStarts: [int]
+    header_address: int
+    region_starts: [int]
 
     def __str__(self):
         return repr(self)
 
     def __repr__(self):
-        return f"<CacheImage '{self.name}': {self.headerAddress:x}>"
+        return f"<CacheImage '{self.name}': {self.header_address:x}>"
 
-def region_from_api(region):
+def region_from_api(region: sccore.BNSharedCacheRegion) -> CacheRegion:
     return CacheRegion(
-        SharedCacheRegionType(region.regionType),
-        region.name.decode('utf-8'),
-        region.start,
-        region.size,
-        region.imageStart,
-        binaryninja.enums.SegmentFlag(region.flags)
+        region_type=SharedCacheRegionType(region.regionType),
+        name=region.name,
+        start=region.vmAddress,
+        size=region.size,
+        image_start=region.imageStart,
+        flags=region.flags
     )
 
-def image_from_api(image):
+def region_to_api(region: CacheRegion) -> sccore.BNSharedCacheRegion:
+    return sccore.BNSharedCacheRegion(
+        regionType=region.region_type,
+        _name=BNAllocString(region.name),
+        vmAddress=region.start,
+        size=region.size,
+        imageStart=region.image_start,
+        flags=region.flags
+    )
+
+def image_from_api(image: sccore.BNSharedCacheImage) -> CacheImage:
     return CacheImage(
-        image.name.decode('utf-8'),
+        image.name,
         image.headerAddress,
         image.regionStarts
     )
 
+def image_to_api(image: CacheImage) -> sccore.BNSharedCacheImage:
+    region_start_array = (ctypes.POINTER(ctypes.c_ulonglong) * len(image.region_starts))()
+    for i, region_start in enumerate(image.region_starts):
+        region_start_array[i] = ctypes.c_ulonglong(region_start)
+    return sccore.BNSharedCacheImage(
+        _name=BNAllocString(image.name),
+        headerAddress=image.header_address,
+        regionStartCount=len(region_start_array),
+        regionStarts=region_start_array
+    )
+
 class SharedCacheController:
-    def __init__(self, view):
+    def __init__(self, view: BinaryView):
         self.handle = sccore.BNGetSharedCacheController(view.handle)
 
+    def load_region(self, view: BinaryView, region: CacheRegion) -> bool:
+        api_region: sccore.BNSharedCacheRegion = region_to_api(region)
+        result = sccore.BNSharedCacheControllerLoadRegion(self.handle, view.handle, api_region)
+        sccore.BNSharedCacheFreeRegion(api_region)
+        return result
+
+    def load_image(self, view: BinaryView, image: CacheImage) -> bool:
+        api_image: sccore.BNSharedCacheImage = image_to_api(image)
+        result = sccore.BNSharedCacheControllerLoadImage(self.handle, view.handle, api_image)
+        sccore.BNSharedCacheFreeImage(api_image)
+        return result
+
     @property
-    def regions(self):
+    def regions(self) -> [CacheRegion]:
         count = ctypes.c_ulonglong()
-        value = sccore.BNGetSharedCacheRegions(self.handle, count)
+        value = sccore.BNSharedCacheControllerGetRegions(self.handle, count)
         if value is None:
             return []
         result = []
@@ -69,15 +102,16 @@ def regions(self):
         sccore.BNSharedCacheFreeRegionList(value, count)
         return result
 
-
     @property
-    def images(self):
+    def images(self) -> [CacheImage]:
         count = ctypes.c_ulonglong()
-        value = sccore.BNGetSharedCacheImages(self.handle, count)
+        value = sccore.BNSharedCacheControllerGetImages(self.handle, count)
         if value is None:
             return []
         result = []
         for i in range(count.value):
             result.append(image_from_api(value[i]))
         sccore.BNSharedCacheFreeImageList(value, count)
-        return result
+        return result
+    
+    

view/sharedcache/api/sharedcache.cpp

@@ -108,15 +108,15 @@ CacheSymbol SymbolFromApi(BNSharedCacheSymbol apiSymbol)
 	return symbol;
 }
 
-SharedCacheController::SharedCacheController(BNSharedCacheController *controller)
+SharedCacheController::SharedCacheController(BNSharedCacheController* controller)
 {
     m_object = controller;
 }
 
 DSCRef<SharedCacheController> SharedCacheController::GetController(BinaryView& view)
 {
     BNSharedCacheController* controller = BNGetSharedCacheController(view.GetObject());
-    if (!controller)
+    if (controller == nullptr)
         return nullptr;
     return new SharedCacheController(controller);
 }

view/sharedcache/api/sharedcacheapi.h

@@ -293,6 +293,11 @@ namespace SharedCacheAPI {
 		static DSCRef<SharedCacheController> GetController(BinaryNinja::BinaryView& view);
 
 		bool LoadRegion(BinaryNinja::BinaryView& view, const CacheRegion& region);
+
+		// Attempt to load the given image into the view.
+		//
+		// It is the callers responsibility to run linear sweep and update analysis, as you might want to add
+		// multiple images at a time.
 		bool LoadImage(BinaryNinja::BinaryView& view, const CacheImage& image);
 
 		std::optional<CacheRegion> GetRegionAt(uint64_t address) const;

view/sharedcache/api/sharedcachecore.h

@@ -116,11 +116,6 @@ extern "C"
 	SHAREDCACHE_FFI_API bool BNSharedCacheControllerLoadImage(BNSharedCacheController* controller, BNBinaryView* view, BNSharedCacheImage* image);
 	SHAREDCACHE_FFI_API bool BNSharedCacheControllerLoadRegion(BNSharedCacheController* controller, BNBinaryView* view, BNSharedCacheRegion* region);
 
-	// SHAREDCACHE_FFI_API void BNDSCViewProcessObjCSectionsForImageWithInstallName(BNSharedCacheController* cache, const char* name);
-	// SHAREDCACHE_FFI_API void BNDSCViewProcessAllObjCSections(BNSharedCacheController* cache);
-	// SHAREDCACHE_FFI_API BNDSCSymbolRep* BNSharedCacheControllerLoadAllSymbolsAndWait(BNSharedCacheController* cache, size_t* count);
-	// SHAREDCACHE_FFI_API void BNSharedCacheControllerFreeSymbols(BNDSCSymbolRep* symbols, size_t count);
-
 	SHAREDCACHE_FFI_API bool BNSharedCacheControllerGetRegionAt(BNSharedCacheController* controller, uint64_t address, BNSharedCacheRegion* outRegion);
 	SHAREDCACHE_FFI_API bool BNSharedCacheControllerGetRegionContaining(BNSharedCacheController* controller, uint64_t address, BNSharedCacheRegion* region);
 

view/sharedcache/core/FileAccessorCache.cpp

@@ -62,7 +62,7 @@ WeakFileAccessor FileAccessorCache::Open(const std::string &filePath)
         // TODO: Make this mechanism more thought out...
         throw std::runtime_error("Failed to open file: " + filePath);
     }
-    auto sharedAccessor = std::make_shared<MappedFileAccessor>(*accessor);
+    auto sharedAccessor = std::make_shared<MappedFileAccessor>(std::move(*accessor));
     m_accessors.insert_or_assign(id, sharedAccessor);
     m_cache.push_back(id);
 

view/sharedcache/core/MachO.cpp

@@ -15,6 +15,11 @@ SharedCacheMachOProcessor::SharedCacheMachOProcessor(std::shared_ptr<VirtualMemo
 
 std::optional<SharedCacheMachOHeader> SharedCacheMachOProcessor::ParseHeaderForAddress(uint64_t address, const std::string& imagePath)
 {
+	// Sanity check to make sure that the header is mapped.
+	// This should really only fail if we didn't grab all the required entries.
+	if (!m_vm->IsAddressMapped(address))
+		return std::nullopt;
+
 	SharedCacheMachOHeader header;
 
 	header.textBase = address;
@@ -434,8 +439,6 @@ void SharedCacheMachOProcessor::ApplyHeader(Ref<BinaryView> view, SharedCacheMac
 	if (settings && settings->Contains("loader.dsc.processFunctionStarts"))
 		applyFunctionStarts = settings->Get<bool>("loader.dsc.processFunctionStarts", view);
 
-	BinaryReader virtualReader(view);
-
 	header.ApplyHeaderSections(view);
 
 	// TODO: Wtf is this?
@@ -807,6 +810,13 @@ std::vector<CacheSymbol> SharedCacheMachOHeader::ReadSymbolTable(BinaryView& vie
 	// NOTE: The symbol table will exist within the link edit segment, the table offsets are relative to the file not the linkedit segment.
 	uint64_t symbolsAddress = GetLinkEditFileBase() + symtab.symoff;
 	uint64_t stringsAddress = GetLinkEditFileBase() + symtab.stroff;
+	uint64_t link = GetLinkEditFileBase();
+	LogInfo("link edit file base %llx", link);
+	if (!vm.IsAddressMapped(link))
+	{
+		LogError("Link edit segment not mapped");
+		return {};
+	}
 	auto strings = vm.ReadBuffer(stringsAddress, symtab.strsize);
 
 	// TODO: This needs to be passed in as an optional argument.
@@ -843,7 +853,7 @@ std::vector<CacheSymbol> SharedCacheMachOHeader::ReadSymbolTable(BinaryView& vie
 		if (nlist.n_strx >= symtab.strsize)
 		{
 			// TODO: where logger?
-			LogError("Symbol entry at index %llu has a string offset of %u which is outside the strings buffer of size %llu for symbol table %llx", entryIndex, nlist.n_strx, symtab.strsize, symtab.stroff);
+			LogError("Symbol entry at index %llu has a string offset of %u which is outside the strings buffer of size %u for symbol table %x", entryIndex, nlist.n_strx, symtab.strsize, symtab.stroff);
 			continue;
 		}
 

view/sharedcache/core/MappedFile.cpp

@@ -3,7 +3,7 @@
 #else
 #include <sys/mman.h>
 #include <fcntl.h>
-#include <stdlib.h>
+#include <cstdlib>
 #include <sys/resource.h>
 #endif
 
@@ -14,10 +14,17 @@
 #ifndef _MSC_VER
 uint64_t AdjustFileDescriptorLimit()
 {
+    // The soft file descriptor limit on Linux and Mac is a lot lower than
+    // on Windows (1024 for Linux, 256 for Mac). Recent iOS shared caches
+    // have 60+ files which may not leave much headroom if a user opens
+    // more than one at a time. Attempt to increase the file descriptor
+    // limit to 1024, and limit ourselves to caching half of them as a
+    // memory vs performance trade-off (closing and re-opening a file
+    // requires parsing and applying the slide information again).
+    uint64_t maxFPLimit = 1024;
+
     //check for BN_SHAREDCACHE_FP_MAX
     // if it exists, set maxFPLimit to that value
-    uint64_t maxFPLimit = 0;
-
     if (auto env = getenv("BN_SHAREDCACHE_FP_MAX"); env)
     {
         // FIXME behav on 0 here is unintuitive, '0123' will interpret as octal and be 83 according to manpage. meh.
@@ -33,20 +40,13 @@ uint64_t AdjustFileDescriptorLimit()
         }
     }
 
-    // The soft file descriptor limit on Linux and Mac is a lot lower than
-    // on Windows (1024 for Linux, 256 for Mac). Recent iOS shared caches
-    // have 60+ files which may not leave much headroom if a user opens
-    // more than one at a time. Attempt to increase the file descriptor
-    // limit to 1024, and limit ourselves to caching half of them as a
-    // memory vs performance trade-off (closing and re-opening a file
-    // requires parsing and applying the slide information again).
-    constexpr rlim_t TargetFileDescriptorLimit = 1024;
     rlimit rlim {};
     getrlimit(RLIMIT_NOFILE, &rlim);
     uint64_t previousLimit = rlim.rlim_cur;
-    if (rlim.rlim_cur < TargetFileDescriptorLimit)
+    uint64_t targetLimit = std::min(maxFPLimit, rlim.rlim_max);
+    if (rlim.rlim_cur < targetLimit)
     {
-        rlim.rlim_cur = std::min(TargetFileDescriptorLimit, rlim.rlim_max);
+        rlim.rlim_cur = targetLimit;
         if (setrlimit(RLIMIT_NOFILE, &rlim) < 0)
         {
             perror("setrlimit(RLIMIT_NOFILE)");
@@ -58,6 +58,12 @@ uint64_t AdjustFileDescriptorLimit()
     return maxFPLimit;
 }
 
+MappedFile::~MappedFile()
+{
+    Unmap();
+    if (fd) fclose(fd);
+}
+
 std::optional<MappedFile> MappedFile::OpenFile(const std::string& path)
 {
     MappedFile file;
@@ -75,24 +81,26 @@ std::optional<MappedFile> MappedFile::OpenFile(const std::string& path)
 
 MapStatus MappedFile::Map()
 {
-    if (mapped)
+    if (_mmap)
         return MapStatus::Success;
 
     void *result = mmap(nullptr, len, PROT_READ | PROT_WRITE, MAP_PRIVATE, fileno(fd), 0u);
     if (result == MAP_FAILED)
+    {
+        BinaryNinja::LogInfo("mmap failed: %s", strerror(errno)); // Use errno to log the reason
         return MapStatus::Error;
+    }
     _mmap = static_cast<uint8_t*>(result);
 
-    mapped = true;
     return MapStatus::Success;
 }
 
 MapStatus MappedFile::Unmap()
 {
-    if (mapped)
+    if (_mmap)
     {
         munmap(_mmap, len);
-        mapped = false;
+        _mmap = nullptr;
     }
     return MapStatus::Success;
 }
@@ -102,6 +110,12 @@ uint64_t AdjustFileDescriptorLimit()
     return 0x1000000;
 }
 
+MappedFile::~MappedFile()
+{
+    Unmap();
+    if (hFile) CloseHandle(hFile);
+}
+
 std::optional<MappedFile> MappedFile::OpenFile(const std::string &path)
 {
     MappedFile file;
@@ -131,7 +145,7 @@ std::optional<MappedFile> MappedFile::OpenFile(const std::string &path)
 
 MMapStatus MappedFile::Map()
 {
-    if (mapped)
+    if (_mmap)
         return MMapStatus::Success;
 
     HANDLE hMapping = CreateFileMapping(
@@ -162,8 +176,6 @@ MMapStatus MappedFile::Map()
         return MMapStatus::Error;
     }
 
-    mapped = true;
-
     CloseHandle(hMapping);
     CloseHandle(hFile);
 
@@ -175,7 +187,6 @@ MMapStatus MappedFile::Unmap()
     if (_mmap)
     {
         UnmapViewOfFile(_mmap);
-        mapped = false;
     }
     return MMapStatus::Success;
 }