wip

Author: emesare

docs/dev/workflows.md

@@ -145,7 +145,7 @@ You can query the list of all registered workflows or filter them by type using
 # List all Module and Function workflows
 list(Workflow)
 [<Workflow: core.function.baseAnalysis>,
-<Workflow: core.function.dsc>,
+<Workflow: core.function.sharedCache>,
 <Workflow: core.function.metaAnalysis>,
 <Workflow: core.function.objectiveC>,
 <Workflow: core.module.baseAnalysis>,
@@ -157,7 +157,7 @@ Settings().query_property_string_list("analysis.workflows.moduleWorkflow", "enum
 
 # List all function workflows from the Settings API
 >>> Settings().query_property_string_list("analysis.workflows.functionWorkflow", "enum")
-['core.function.baseAnalysis', 'core.function.dsc', 'core.function.metaAnalysis', 'core.function.objectiveC']
+['core.function.baseAnalysis', 'core.function.sharedCache', 'core.function.metaAnalysis', 'core.function.objectiveC']
 ```
 
 Once you've queried the available workflows, you can create your own by cloning and modifying an existing workflow. Below are some simple examples that demonstrate how to modify module-level analysis.

view/sharedcache/api/python/sharedcache.py

@@ -107,8 +107,21 @@ def symbol_to_api(symbol: CacheSymbol) -> sccore.BNSharedCacheSymbol:
 
 class SharedCacheController:
     def __init__(self, view: BinaryView):
+        """
+        Retrieve the shared cache controller for a given view.
+        Call `is_valid` to check if the controller is valid.
+        """
         self.handle = sccore.BNGetSharedCacheController(view.handle)
 
+    def __str__(self):
+        return repr(self)
+
+    def __repr__(self):
+        return f"<SharedCacheController: {len(self.images)} images, {len(self.regions)} regions>"
+
+    def is_valid(self) -> bool:
+        return self.handle is not None
+
     def apply_region(self, view: BinaryView, region: CacheRegion) -> bool:
         api_region: sccore.BNSharedCacheRegion = region_to_api(region)
         result = sccore.BNSharedCacheControllerApplyRegion(self.handle, view.handle, api_region)
@@ -256,13 +269,21 @@ def symbols(self) -> [CacheSymbol]:
         return result
 
 
-def _get_dsc(instance: binaryninja.PythonScriptingInstance):
-	if instance.interpreter.active_view is None:
-		return None
-	return SharedCache(instance.interpreter.active_view)
+def _get_shared_cache(instance: binaryninja.PythonScriptingInstance):
+    if instance.interpreter.active_view is None:
+        return None
+    controller = SharedCacheController(instance.interpreter.active_view)
+    if not controller.is_valid():
+        return None
+    return controller
 
 
 binaryninja.PythonScriptingProvider.register_magic_variable(
 	"dsc",
-	_get_dsc
+    _get_shared_cache
+)
+
+binaryninja.PythonScriptingProvider.register_magic_variable(
+    "shared_cache",
+    _get_shared_cache
 )

view/sharedcache/api/sharedcache.cpp

@@ -108,6 +108,23 @@ CacheSymbol SymbolFromApi(BNSharedCacheSymbol apiSymbol)
 	return symbol;
 }
 
+std::string SharedCacheAPI::GetRegionTypeAsString(const BNSharedCacheRegionType &type)
+{
+	switch (type)
+	{
+		case SharedCacheRegionTypeImage:
+			return "Image";
+		case SharedCacheRegionTypeStubIsland:
+			return "StubIsland";
+		case SharedCacheRegionTypeDyldData:
+			return "DyldData";
+		case SharedCacheRegionTypeNonImage:
+			return "NonImage";
+		default:
+			return "Unknown";
+	}
+}
+
 SharedCacheController::SharedCacheController(BNSharedCacheController* controller)
 {
     m_object = controller;

view/sharedcache/api/sharedcacheapi.h

@@ -259,6 +259,8 @@ namespace SharedCacheAPI {
 		BNSegmentFlag flags;
 	};
 
+	std::string GetRegionTypeAsString(const BNSharedCacheRegionType& type);
+
 	struct CacheMappingInfo
 	{
 		uint64_t vmAddress;

view/sharedcache/core/FileAccessorCache.cpp

@@ -67,4 +67,45 @@ WeakFileAccessor FileAccessorCache::Open(const std::string &filePath)
     m_cache.push_back(id);
 
     return WeakFileAccessor(sharedAccessor, filePath);
-}
+}
+
+void FileAccessorWriteLog::AddPointer(const size_t address, const size_t pointer)
+{
+    std::unique_lock<std::shared_mutex> lock(m_persistedMutex);
+    m_persistedPointers[address] = pointer;
+}
+
+void FileAccessorWriteLog::ApplyWrites(MappedFileAccessor& accessor)
+{
+    std::shared_lock<std::shared_mutex> lock(m_persistedMutex);
+    for (const auto &[address, pointer]: m_persistedPointers)
+        accessor.WritePointer(address, pointer);
+}
+
+std::shared_ptr<MappedFileAccessor> WeakFileAccessor::lock()
+{
+    auto sharedPtr = m_weakPtr.lock();
+    if (!sharedPtr)
+    {
+        // This will revive other weak pointers to the same shared ptr.
+        // Update the weak pointer to the newly created shared instance
+        m_weakPtr = FileAccessorCache::Global().Open(m_filePath).m_weakPtr;
+        sharedPtr = m_weakPtr.lock();
+
+        // Apply any previously written pointers back.
+        if (sharedPtr)
+            m_writeLog->ApplyWrites(*sharedPtr);
+    }
+
+    return sharedPtr;
+}
+
+void WeakFileAccessor::WritePointer(const size_t address, const size_t pointer)
+{
+    // Persist the pointer after the file accessor is revived.
+    m_writeLog->AddPointer(address, pointer);
+
+    // And then actually apply the written pointer...
+    if (auto sharedPtr = m_weakPtr.lock())
+        sharedPtr->WritePointer(address, pointer);
+}

view/sharedcache/core/FileAccessorCache.h

@@ -39,31 +39,44 @@ class FileAccessorCache
     void SetCacheSize(uint64_t size) { m_cacheSize = size; };
 };
 
+// Write log to be used in conjunction with `WeakFileAccessor` to re-apply written data to a "revived" file.
+struct FileAccessorWriteLog
+{
+    // To persist writes to a file accessor being revived (within the lock() function)
+    // we keep a list of writes that will be re-applied in the lock function.
+    std::shared_mutex m_persistedMutex;
+    std::unordered_map<size_t, uint64_t> m_persistedPointers;
+
+    FileAccessorWriteLog() = default;
+
+    // Add the pointer to the persisted pointers.
+    void AddPointer(size_t address, size_t pointer);
+
+    // Apply all logged writes to the given accessor.
+    void ApplyWrites(MappedFileAccessor& accessor);
+};
+
 class WeakFileAccessor
 {
     // Weak pointer to the mapped file accessor, once this is expired we will re-open.
     std::weak_ptr<MappedFileAccessor> m_weakPtr;
     // File path for re-opening if needed
     std::string m_filePath;
+
+    std::shared_ptr<FileAccessorWriteLog> m_writeLog;
+
     // TODO: Store a weak_ptr/shared_ptr to FileAccessorCache? That way we dont access Global()
     // TODO: Only need to do the above if we want multiple caches.
 public:
     explicit WeakFileAccessor(std::weak_ptr<MappedFileAccessor> weakPtr, std::string filePath)
         : m_weakPtr(std::move(weakPtr))
         , m_filePath(std::move(filePath))
+        , m_writeLog(std::make_shared<FileAccessorWriteLog>())
     {}
 
-    std::shared_ptr<MappedFileAccessor> lock()
-    {
-        auto sharedPtr = m_weakPtr.lock();
-        if (!sharedPtr)
-        {
-            // This will revive other weak pointers to the same shared ptr.
-            // Update the weak pointer to the newly created shared instance
-            m_weakPtr = FileAccessorCache::Global().Open(m_filePath).m_weakPtr;
-            sharedPtr = m_weakPtr.lock();
-        }
-
-        return sharedPtr;
-    }
+    std::shared_ptr<MappedFileAccessor> lock();
+
+    // Persists the written pointer within this weak file accessor.
+    // This works as we expect the weak file accessor to be stored per virtual memory region.
+    void WritePointer(size_t address, size_t pointer);
 };

view/sharedcache/core/MachO.cpp

@@ -580,6 +580,9 @@ std::optional<CacheSymbol> SharedCacheMachOHeader::AddExportTerminalSymbol(const
             break;
         }
     }
+
+	// TODO: Is this enough to determine a function symbol?
+	// TODO: Might be the cause of https://github.com/Vector35/binaryninja-api/issues/6526
     // Check the sections flags to see if we actually have a function symbol instead.
     if ((sectionFlags & S_ATTR_PURE_INSTRUCTIONS) == S_ATTR_PURE_INSTRUCTIONS
         || (sectionFlags & S_ATTR_SOME_INSTRUCTIONS) == S_ATTR_SOME_INSTRUCTIONS)

view/sharedcache/core/MachOProcessor.cpp

@@ -183,6 +183,8 @@ uint64_t SharedCacheMachOProcessor::ApplyHeaderSections(SharedCacheMachOHeader&
 			semantics = ReadWriteDataSectionSemantics;
 		if (strncmp(section.segname, "__DATA_CONST", sizeof(section.segname)) == 0)
 			semantics = ReadOnlyDataSectionSemantics;
+		if (strncmp(section.segname, "__auth_got", sizeof(section.segname)) == 0)
+			semantics = ReadOnlyDataSectionSemantics;
 
 		m_view->AddUserSection(sectionName, section.addr, section.size, semantics,
 			type, section.align);

view/sharedcache/core/MappedFile.cpp

@@ -8,7 +8,6 @@
 #endif
 
 #include "MappedFile.h"
-
 #include "binaryninjaapi.h"
 
 #ifndef _MSC_VER

view/sharedcache/core/MappedFileAccessor.cpp

@@ -11,6 +11,7 @@ std::shared_ptr<MappedFileAccessor> MappedFileAccessor::Open(const std::string&
     return std::make_shared<MappedFileAccessor>(std::move(*file));
 }
 
+// TODO: Will obviously not work on 32bit binaries, need to make WritePointer64 and 32 equiv.
 void MappedFileAccessor::WritePointer(size_t address, size_t pointer)
 {
     m_dirty = true;
@@ -72,23 +73,22 @@ int64_t MappedFileAccessor::ReadInt64(size_t address)
 BinaryNinja::DataBuffer MappedFileAccessor::ReadBuffer(size_t addr, size_t length)
 {
     if (addr + length > Length())
-        throw UnmappedAccessException();
-
+        throw UnmappedAccessException(addr + length, Length());
     return {&m_file._mmap[addr], length};
 }
 
 std::pair<const uint8_t*, const uint8_t*> MappedFileAccessor::ReadSpan(size_t addr, size_t length)
 {
     if (addr + length > Length())
-        throw UnmappedAccessException();
+        throw UnmappedAccessException(addr + length, Length());
     const uint8_t* data = &m_file._mmap[addr];
     return {data, data + length};
 }
 
 void MappedFileAccessor::Read(void *dest, size_t addr, size_t length) const
 {
     if (addr + length > Length())
-        throw UnmappedAccessException();
+        throw UnmappedAccessException(addr + length, Length());
     memcpy(dest, &m_file._mmap[addr], length);
 }