Load eh_frame/debug_frame from base bv instead of debug bv and make calculated cie offset ranges relative to bv start

negasora · negasora · commit e63edea7e667 · 2025-04-18T18:08:52.000-04:00
diff --git a/plugins/dwarf/dwarf_import/src/lib.rs b/plugins/dwarf/dwarf_import/src/lib.rs
@@ -374,37 +374,39 @@ where
 {
     let mut bases = gimli::BaseAddresses::default();
 
+    let view_start = view.start();
+
     if let Some(section) = view
         .section_by_name(".eh_frame_hdr")
         .or(view.section_by_name("__eh_frame_hdr"))
     {
-        bases = bases.set_eh_frame_hdr(section.start());
+        bases = bases.set_eh_frame_hdr(section.start() - view_start);
     }
 
     if let Some(section) = view
         .section_by_name(".eh_frame")
         .or(view.section_by_name("__eh_frame"))
     {
-        bases = bases.set_eh_frame(section.start());
+        bases = bases.set_eh_frame(section.start() - view_start);
     } else if let Some(section) = view
         .section_by_name(".debug_frame")
         .or(view.section_by_name("__debug_frame"))
     {
-        bases = bases.set_eh_frame(section.start());
+        bases = bases.set_eh_frame(section.start() - view_start);
     }
 
     if let Some(section) = view
         .section_by_name(".text")
         .or(view.section_by_name("__text"))
     {
-        bases = bases.set_text(section.start());
+        bases = bases.set_text(section.start() - view_start);
     }
 
     if let Some(section) = view
         .section_by_name(".got")
         .or(view.section_by_name("__got"))
     {
-        bases = bases.set_got(section.start());
+        bases = bases.set_got(section.start() - view_start);
     }
 
     let mut cies = HashMap::new();
@@ -453,6 +455,19 @@ where
                                 register: _,
                                 offset,
                             } => {
+                                //TODO: can we normalize this to be sp-based?
+                                /*
+                                Switching to RBP from RSP in this example breaks things, and we should know that RBP = RSP - 8
+                                    65   │   0x1139: CFA=RSP+8: RIP=[CFA-8]
+                                    66   │   0x113a: CFA=RSP+16: RBP=[CFA-16], RIP=[CFA-8]
+                                    67   │   0x113d: CFA=RBP+16: RBP=[CFA-16], RIP=[CFA-8]
+                                    68   │   0x1162: CFA=RSP+8: RBP=[CFA-16], RIP=[CFA-8]
+
+                                    can we
+                                    know that CFA=RSP+8 at the beginning
+                                    in the next instruction (66) we know RBP=[CFA-16]=[RSP-8]
+                                    and do something with that?
+                                */
                                 // TODO: we should store offsets by register
                                 if row.start_address() < row.end_address() {
                                     cfa_offsets
@@ -498,7 +513,7 @@ fn get_supplementary_build_id(bv: &BinaryView) -> Option<String> {
 }
 
 fn parse_dwarf(
-    _bv: &BinaryView,
+    bv: &BinaryView,
     debug_bv: &BinaryView,
     supplementary_bv: Option<&BinaryView>,
     progress: Box<dyn Fn(usize, usize) -> Result<(), ()>>,
@@ -549,30 +564,35 @@ fn parse_dwarf(
     }
 
     let range_data_offsets;
-    if view.section_by_name(".eh_frame").is_some() || view.section_by_name("__eh_frame").is_some() {
-        let eh_frame_endian = get_endian(view);
+    if bv.section_by_name(".eh_frame").is_some() || bv.section_by_name("__eh_frame").is_some() {
+        let eh_frame_endian = get_endian(bv);
         let eh_frame_section_reader = |section_id: SectionId| -> _ {
-            create_section_reader(section_id, view, eh_frame_endian, dwo_file)
+            create_section_reader(section_id, bv, eh_frame_endian, dwo_file)
         };
         let mut eh_frame = gimli::EhFrame::load(eh_frame_section_reader).unwrap();
-        if let Some(view_arch) = view.default_arch() {
+        if let Some(view_arch) = bv.default_arch() {
             if view_arch.name().as_str() == "aarch64" {
                 eh_frame.set_vendor(gimli::Vendor::AArch64);
             }
         }
-        eh_frame.set_address_size(view.address_size() as u8);
-        range_data_offsets = parse_unwind_section(view, eh_frame)
+        eh_frame.set_address_size(bv.address_size() as u8);
+        range_data_offsets = parse_unwind_section(bv, eh_frame)
             .map_err(|e| error!("Error parsing .eh_frame: {}", e))?;
-    } else if view.section_by_name(".debug_frame").is_some()
-        || view.section_by_name("__debug_frame").is_some()
+    } else if bv.section_by_name(".debug_frame").is_some()
+        || bv.section_by_name("__debug_frame").is_some()
     {
-        let debug_frame_endian = get_endian(view);
+        let debug_frame_endian = get_endian(bv);
         let debug_frame_section_reader = |section_id: SectionId| -> _ {
-            create_section_reader(section_id, view, debug_frame_endian, dwo_file)
+            create_section_reader(section_id, bv, debug_frame_endian, dwo_file)
         };
         let mut debug_frame = gimli::DebugFrame::load(debug_frame_section_reader).unwrap();
-        debug_frame.set_address_size(view.address_size() as u8);
-        range_data_offsets = parse_unwind_section(view, debug_frame)
+        if let Some(view_arch) = bv.default_arch() {
+            if view_arch.name().as_str() == "aarch64" {
+                debug_frame.set_vendor(gimli::Vendor::AArch64);
+            }
+        }
+        debug_frame.set_address_size(bv.address_size() as u8);
+        range_data_offsets = parse_unwind_section(bv, debug_frame)
             .map_err(|e| error!("Error parsing .debug_frame: {}", e))?;
     } else {
         range_data_offsets = Default::default();
