wip

emesare · emesare · commit 58309a429781 · 2025-03-26T01:07:56.000-04:00
diff --git a/view/sharedcache/core/SharedCache.cpp b/view/sharedcache/core/SharedCache.cpp
@@ -104,11 +104,13 @@ WeakFileAccessor CacheEntry::GetAccessor() const
     return FileAccessorCache::Global().Open(m_filePath);
 }
 
-SharedCache::SharedCache()
+SharedCache::SharedCache(uint64_t addressSize)
 {
+    m_addressSize = addressSize;
     m_vm = std::make_shared<VirtualMemory>();
 }
 
+
 void SharedCache::AddImage(CacheImage image)
 {
     m_images.insert({image.headerAddress, std::move(image)});
@@ -189,15 +191,14 @@ CacheEntryId SharedCache::AddEntry(CacheEntry entry)
     return id;
 }
 
-void SharedCache::ProcessEntries(BinaryView &view)
+void SharedCache::ProcessEntries()
 {
     for (const auto& [id, entry] : m_entries)
-        ProcessEntry(view, entry);
+        ProcessEntry(entry);
 }
 
-void SharedCache::ProcessEntry(BinaryView &view, const CacheEntry &entry)
+void SharedCache::ProcessEntry(const CacheEntry &entry)
 {
-    uint64_t addrSize = view.GetAddressSize();
     // !!! At this point in time we should have loaded all relevant mappings for the virtual memory.
     // If we do not we will throw an exception!
     auto machoProcessor = SharedCacheMachOProcessor(m_vm);
@@ -213,7 +214,7 @@ void SharedCache::ProcessEntry(BinaryView &view, const CacheEntry &entry)
     // Collect pool addresses as non image memory regions.
     for (size_t i = 0; i < entryHeader.branchPoolsCount; i++)
     {
-        auto branchPoolAddr = entryHeader.branchPoolsOffset + (i * addrSize);
+        auto branchPoolAddr = entryHeader.branchPoolsOffset + (i * m_addressSize);
         auto header = machoProcessor.ParseHeaderForAddress(branchPoolAddr, "dyld_shared_cache_branch_islands_" + std::to_string(i));
         // Stop processing branch pools if a header fails to parse.
         if (!header.has_value())
@@ -274,73 +275,77 @@ void SharedCache::ProcessEntry(BinaryView &view, const CacheEntry &entry)
         AddRegion(std::move(stubIslandRegion));
     }
 
-    // Process all images.
-    for (const auto& [imagePath, imageInfo] : entry.GetImages())
+    // Process all images. Only for primary right now i guess.
+    // TODO: When can an entry have images not found in the primary?
+    if (entry.GetType() == CacheEntryType::Primary)
     {
-        auto imageHeader = machoProcessor.ParseHeaderForAddress(imageInfo.address, imagePath);
-        if (!imageHeader.has_value())
-            continue;
-
-        // Add the image to the cache.
-        CacheImage image;
-        image.headerAddress = imageInfo.address;
-        image.path = imagePath;
-
-        // Add all image regions.
-        for (const auto& segment : imageHeader->segments)
+        for (const auto& [imagePath, imageInfo] : entry.GetImages())
         {
-            char segName[17];
-            memcpy(segName, segment.segname, 16);
-            segName[16] = 0;
+            auto imageHeader = machoProcessor.ParseHeaderForAddress(imageInfo.address, imagePath);
+            if (!imageHeader.has_value())
+                continue;
+
+            // Add the image to the cache.
+            CacheImage image;
+            image.headerAddress = imageInfo.address;
+            image.path = imagePath;
 
-            // Many images include a __LINKEDIT segment that share a single region in the shared cache.
-            // Reuse the same `MemoryRegion` to represent all of these link edit regions.
-            // Check to see if we have a shared region, if so skip it.
-            if (std::string(segName) == "__LINKEDIT")
+            // Add all image regions.
+            for (const auto& segment : imageHeader->segments)
             {
-                auto existingRegion = m_regions.find(AddressRange(segment.vmaddr, segment.vmaddr + segment.vmsize));
-                if (existingRegion != m_regions.end())
+                char segName[17];
+                memcpy(segName, segment.segname, 16);
+                segName[16] = 0;
+
+                // Many images include a __LINKEDIT segment that share a single region in the shared cache.
+                // Reuse the same `MemoryRegion` to represent all of these link edit regions.
+                // Check to see if we have a shared region, if so skip it.
+                if (std::string(segName) == "__LINKEDIT")
                 {
-                    image.regionStarts.push_back(existingRegion->second.start);
-                    continue;
+                    // TODO: Loosen this to any shared region?
+                    if (auto linkEditRegion = GetRegionAt(segment.vmaddr))
+                    {
+                        image.regionStarts.push_back(linkEditRegion->start);
+                        continue;
+                    }
                 }
-            }
 
-            CacheRegion sectionRegion;
-            sectionRegion.type = CacheRegionType::Image;
-            sectionRegion.name = imageHeader->identifierPrefix + "::" + std::string(segName);
-            sectionRegion.start = segment.vmaddr;
-            sectionRegion.size = segment.vmsize;
-            // Associate this region with this image, this makes it easier to identify what image owns this region.
-            sectionRegion.imageStart = image.headerAddress;
-
-            uint32_t flags = SegmentFlagsFromMachOProtections(segment.initprot, segment.maxprot);
-            // if we're positive we have an entry point for some reason, force the segment
-            // executable. this helps with kernel images.
-            for (auto &entryPoint : imageHeader->m_entryPoints)
-                if (segment.vmaddr <= entryPoint && (entryPoint < (segment.vmaddr + segment.filesize)))
-                    flags |= SegmentExecutable;
-            sectionRegion.flags = static_cast<BNSegmentFlag>(flags);
-
-            // Add the image section to the cache and also to the image region starts
-            if (AddNonOverlappingRegion(sectionRegion))
-                image.regionStarts.push_back(sectionRegion.start);
-        }
+                CacheRegion sectionRegion;
+                sectionRegion.type = CacheRegionType::Image;
+                sectionRegion.name = imageHeader->identifierPrefix + "::" + std::string(segName);
+                sectionRegion.start = segment.vmaddr;
+                sectionRegion.size = segment.vmsize;
+                // Associate this region with this image, this makes it easier to identify what image owns this region.
+                sectionRegion.imageStart = image.headerAddress;
+
+                uint32_t flags = SegmentFlagsFromMachOProtections(segment.initprot, segment.maxprot);
+                // if we're positive we have an entry point for some reason, force the segment
+                // executable. this helps with kernel images.
+                for (auto &entryPoint : imageHeader->m_entryPoints)
+                    if (segment.vmaddr <= entryPoint && (entryPoint < (segment.vmaddr + segment.filesize)))
+                        flags |= SegmentExecutable;
+                sectionRegion.flags = static_cast<BNSegmentFlag>(flags);
+
+                // Add the image section to the cache and also to the image region starts
+                if (AddNonOverlappingRegion(sectionRegion))
+                    image.regionStarts.push_back(sectionRegion.start);
+            }
 
-        // TODO: Populating symbols here means that we have all of the symbols for the entire shared cache loaded always.
-        // TODO: We should make this lazy (i.e. GetSymbolAt should check the symbols list then do actual work).
-        // Populate symbols with this images symbols.
-        // std::vector<CacheSymbol> symbols = imageHeader->ReadSymbolTable(view, *m_vm);
-        // AddSymbols(std::move(symbols));
+            // TODO: Populating symbols here means that we have all of the symbols for the entire shared cache loaded always.
+            // TODO: We should make this lazy (i.e. GetSymbolAt should check the symbols list then do actual work).
+            // Populate symbols with this images symbols.
+            // std::vector<CacheSymbol> symbols = imageHeader->ReadSymbolTable(view, *m_vm);
+            // AddSymbols(std::move(symbols));
 
-        // TODO: Should export symbols be put in a different bucket? How are they consumed differently?
-        std::vector<CacheSymbol> exportSymbols = imageHeader->ReadExportSymbolTable(view, *m_vm);
-        AddSymbols(std::move(exportSymbols));
+            // TODO: Should export symbols be put in a different bucket? How are they consumed differently?
+            std::vector<CacheSymbol> exportSymbols = imageHeader->ReadExportSymbolTable(*m_vm);
+            AddSymbols(std::move(exportSymbols));
 
-        // This is behind a shared pointer as the header itself is very large.
-        image.header = std::make_shared<SharedCacheMachOHeader>(*imageHeader);
+            // This is behind a shared pointer as the header itself is very large.
+            image.header = std::make_shared<SharedCacheMachOHeader>(*imageHeader);
 
-        AddImage(std::move(image));
+            AddImage(std::move(image));
+        }
     }
 
     // TODO: See note above about slide info writes.
diff --git a/view/sharedcache/core/SharedCacheView.cpp b/view/sharedcache/core/SharedCacheView.cpp
@@ -1,17 +1,3 @@
-//
-// Created by kat on 5/23/23.
-//
-
-/*
- * If you're here looking for the code to load caches, out of luck.
- *
- * The VIEW_NAME is essentially a blank slate that only knows how to deserialize and reserialize itself
- * 	based on some metadata encoded in it.
- *
- * The actual controller logic that does _all_ of the image loading is invoked via API -> SharedCache.cpp
- *
- * */
-
 #include "SharedCacheView.h"
 
 #include <regex>
@@ -636,7 +622,7 @@ bool SharedCacheView::Init()
 	DefineType("dyld_cache_header", headerType.name, headerType.type);
 	DefineAutoSymbolAndVariableOrFunction(GetDefaultPlatform(), new Symbol(DataSymbol, "primary_cache_header", primaryBase), headerType.type);
 
-	auto sharedCache = SharedCache();
+	auto sharedCache = SharedCache(GetAddressSize());
 
 	CacheProcessor cacheProcessor = CacheProcessor(this);
 	if (!cacheProcessor.ProcessCache(sharedCache))
@@ -651,7 +637,7 @@ bool SharedCacheView::Init()
 	// TODO: Add up everything here blud
 	// TODO: Run this up on a seperate thread maybe and have callback notifications?
 	auto startTime = std::chrono::high_resolution_clock::now();
-	sharedCache.ProcessEntries(*this);
+	sharedCache.ProcessEntries();
 	auto endTime = std::chrono::high_resolution_clock::now();
 	std::chrono::duration<double> elapsed = endTime - startTime;
 	LogInfo("Processing entries took %.3f seconds", elapsed.count());
@@ -672,6 +658,7 @@ SharedCacheViewType::SharedCacheViewType() : BinaryViewType(VIEW_NAME, VIEW_NAME
 {
 }
 
+// We register all our one-shot stuff here, such as the object destructor.
 void SharedCacheViewType::Register()
 {
 	auto fdLimit = AdjustFileDescriptorLimit();
@@ -681,7 +668,7 @@ void SharedCacheViewType::Register()
 	FileAccessorCache::Global().SetCacheSize(fdLimit);
 
 	// TODO: Register object destructor to clear accessor cache
-	// TODO: Register object destructor to clear shared cache controller
+	RegisterSharedCacheControllerDestructor();
 
 	static SharedCacheViewType type;
 	BinaryViewType::Register(&type);
@@ -790,7 +777,7 @@ Ref<BinaryView> SharedCacheViewType::Parse(BinaryView* data)
 	return new SharedCacheView(VIEW_NAME, data, true);
 }
 
-bool SharedCacheViewType::IsTypeValidForData(BinaryNinja::BinaryView* data)
+bool SharedCacheViewType::IsTypeValidForData(BinaryView* data)
 {
 	if (!data)
 		return false;
diff --git a/view/sharedcache/ui/dsctriage.cpp b/view/sharedcache/ui/dsctriage.cpp
