wip

Author: emesare

view/sharedcache/HeadlessPlugin.cpp

@@ -1,6 +1,5 @@
 #include <binaryninjaapi.h>
 #include "SharedCacheView.h"
-#include "SharedCache.h"
 
 #ifdef __cplusplus
 extern "C" {

view/sharedcache/api/sharedcache.cpp

@@ -137,6 +137,22 @@ bool SharedCacheController::LoadImage(BinaryView &view, const CacheImage &image)
 	return result;
 }
 
+bool SharedCacheController::IsRegionLoaded(const CacheRegion &region) const
+{
+	auto apiRegion = RegionToApi(region);
+	bool result = BNSharedCacheControllerIsRegionLoaded(m_object, &apiRegion);
+	BNSharedCacheFreeRegion(apiRegion);
+	return result;
+}
+
+bool SharedCacheController::IsImageLoaded(const CacheImage &image) const
+{
+	auto apiImage = ImageToApi(image);
+	bool result = BNSharedCacheControllerIsImageLoaded(m_object, &apiImage);
+	BNSharedCacheFreeImage(apiImage);
+	return result;
+}
+
 std::optional<CacheRegion> SharedCacheController::GetRegionAt(uint64_t address) const
 {
 	BNSharedCacheRegion apiRegion;
@@ -219,6 +235,30 @@ std::vector<CacheEntry> SharedCacheController::GetEntries() const
 	return result;
 }
 
+std::vector<CacheRegion> SharedCacheController::GetLoadedRegions() const
+{
+	size_t count;
+	BNSharedCacheRegion* regions = BNSharedCacheControllerGetLoadedRegions(m_object, &count);
+	std::vector<CacheRegion> result;
+	result.reserve(count);
+	for (size_t i = 0; i < count; i++)
+		result.emplace_back(RegionFromApi(regions[i]));
+	BNSharedCacheFreeRegionList(regions, count);
+	return result;
+}
+
+std::vector<CacheRegion> SharedCacheController::GetRegions() const
+{
+	size_t count;
+	BNSharedCacheRegion* regions = BNSharedCacheControllerGetRegions(m_object, &count);
+	std::vector<CacheRegion> result;
+	result.reserve(count);
+	for (size_t i = 0; i < count; i++)
+		result.emplace_back(RegionFromApi(regions[i]));
+	BNSharedCacheFreeRegionList(regions, count);
+	return result;
+}
+
 std::vector<CacheImage> SharedCacheController::GetImages() const
 {
 	size_t count;
@@ -231,6 +271,18 @@ std::vector<CacheImage> SharedCacheController::GetImages() const
 	return result;
 }
 
+std::vector<CacheImage> SharedCacheController::GetLoadedImages() const
+{
+	size_t count;
+	BNSharedCacheImage* images = BNSharedCacheControllerGetLoadedImages(m_object, &count);
+	std::vector<CacheImage> result;
+	result.reserve(count);
+	for (size_t i = 0; i < count; i++)
+		result.emplace_back(ImageFromApi(images[i]));
+	BNSharedCacheFreeImageList(images, count);
+	return result;
+}
+
 std::vector<CacheSymbol> SharedCacheController::GetSymbols() const
 {
 	size_t count;
@@ -241,4 +293,4 @@ std::vector<CacheSymbol> SharedCacheController::GetSymbols() const
 		result.emplace_back(SymbolFromApi(symbols[i]));
 	BNSharedCacheFreeSymbolList(symbols, count);
 	return result;
-}
+}

view/sharedcache/api/sharedcacheapi.h

@@ -300,6 +300,9 @@ namespace SharedCacheAPI {
 		// multiple images at a time.
 		bool LoadImage(BinaryNinja::BinaryView& view, const CacheImage& image);
 
+		bool IsRegionLoaded(const CacheRegion& region) const;
+		bool IsImageLoaded(const CacheImage& image) const;
+
 		std::optional<CacheRegion> GetRegionAt(uint64_t address) const;
 		std::optional<CacheRegion> GetRegionContaining(uint64_t address) const;
 
@@ -311,7 +314,10 @@ namespace SharedCacheAPI {
 		std::optional<CacheSymbol> GetSymbolWithName(const std::string& name) const;
 
 		std::vector<CacheEntry> GetEntries() const;
+		std::vector<CacheRegion> GetRegions() const;
+		std::vector<CacheRegion> GetLoadedRegions() const;
 		std::vector<CacheImage> GetImages() const;
+		std::vector<CacheImage> GetLoadedImages() const;
 		std::vector<CacheSymbol> GetSymbols() const;
 	};
 }

view/sharedcache/api/sharedcachecore.h

@@ -115,6 +115,9 @@ extern "C"
 
 	SHAREDCACHE_FFI_API bool BNSharedCacheControllerLoadImage(BNSharedCacheController* controller, BNBinaryView* view, BNSharedCacheImage* image);
 	SHAREDCACHE_FFI_API bool BNSharedCacheControllerLoadRegion(BNSharedCacheController* controller, BNBinaryView* view, BNSharedCacheRegion* region);
+
+	SHAREDCACHE_FFI_API bool BNSharedCacheControllerIsImageLoaded(BNSharedCacheController* controller, BNSharedCacheImage* image);
+	SHAREDCACHE_FFI_API bool BNSharedCacheControllerIsRegionLoaded(BNSharedCacheController* controller, BNSharedCacheRegion* region);
 
 	SHAREDCACHE_FFI_API bool BNSharedCacheControllerGetRegionAt(BNSharedCacheController* controller, uint64_t address, BNSharedCacheRegion* outRegion);
 	SHAREDCACHE_FFI_API bool BNSharedCacheControllerGetRegionContaining(BNSharedCacheController* controller, uint64_t address, BNSharedCacheRegion* region);

view/sharedcache/core/MachO.cpp

@@ -441,21 +441,7 @@ void SharedCacheMachOProcessor::ApplyHeader(Ref<BinaryView> view, SharedCacheMac
 		applyFunctionStarts = settings->Get<bool>("loader.dsc.processFunctionStarts", view);
 
 	header.ApplyHeaderSections(view);
-
-	// TODO: Wtf is this?
-	bool applyHeaderTypes = true;
-	// for (const auto& region : regionsToLoad)
-	// {
-	// 	if (header.textBase >= region->start && header.textBase < region->start + region->size)
-	// 	{
-	// 		if (!MemoryRegionIsHeaderInitialized(lock, *region))
-	// 			applyHeaderTypes = true;
-	//
-	// 		break;
-	// 	}
-	// }
-	if (applyHeaderTypes)
-		header.ApplyHeaderDataVariables(view);
+	header.ApplyHeaderDataVariables(view);
 
 	if (header.linkeditPresent && m_vm->IsAddressMapped(header.linkeditSegment.vmaddr))
 	{
@@ -492,20 +478,12 @@ void SharedCacheMachOProcessor::ApplyHeader(Ref<BinaryView> view, SharedCacheMac
 		{
 			// NOTE: This table is read relative to the link edit segment file base.
 			// TODO: Remove this and use the m_symbols in the cache?
-			const auto exportSymbols = header.ReadExportSymbolTable(*view, *m_vm);
+			const auto exportSymbols = header.ReadExportSymbolTable(*m_vm);
 			for (const auto& sym : exportSymbols)
 				ApplySymbol(view, typeLib, sym.ToBNSymbol());
 		}
 		view->EndBulkModifySymbols();
 	}
-
-	// Update the regions to initialized so we dont repeat work.
-	// TODO: Should this really be here?
-	// TODO: Cant we just check to see if the header info exists in the view?
-	// for (auto region : regionsToLoad)
-	// {
-	// 	SetMemoryRegionHeaderInitialized(lock, *region);
-	// }
 }
 
 uint64_t SharedCacheMachOHeader::ApplyHeaderSections(Ref<BinaryView> view)
@@ -790,6 +768,7 @@ std::vector<uint64_t> SharedCacheMachOHeader::ReadFunctionTable(VirtualMemory& v
 	return functionTable;
 }
 
+// TODO: Replace view with address size?
 std::vector<CacheSymbol> SharedCacheMachOHeader::ReadSymbolTable(BinaryView& view, VirtualMemory& vm) const
 {
 	auto addressSize = view.GetAddressSize();
@@ -976,7 +955,7 @@ bool SharedCacheMachOHeader::ProcessLinkEditTrie(std::vector<CacheSymbol>& symbo
 	return true;
 }
 
-std::vector<CacheSymbol> SharedCacheMachOHeader::ReadExportSymbolTable(BinaryView& view, VirtualMemory& vm) const
+std::vector<CacheSymbol> SharedCacheMachOHeader::ReadExportSymbolTable(VirtualMemory& vm) const
 {
 	if (exportTrie.datasize == 0)
 		return {};

view/sharedcache/core/MachO.h

@@ -55,6 +55,7 @@ struct SharedCacheMachOHeader
 	// Use this if you want to read offsets relative to the file containing the link edit segment.
 	uint64_t GetLinkEditFileBase() const { return linkeditSegment.vmaddr - linkeditSegment.fileoff; };
 
+	// TODO: Replace view with address size?
 	std::vector<CacheSymbol> ReadSymbolTable(BinaryNinja::BinaryView& view, VirtualMemory& vm) const;
 
 	std::optional<CacheSymbol> AddExportTerminalSymbol(const std::string &symbolName, const uint8_t *current,
@@ -63,10 +64,11 @@ struct SharedCacheMachOHeader
 	bool ProcessLinkEditTrie(std::vector<CacheSymbol> &symbols, const std::string &currentText, const uint8_t *begin,
 	                         const uint8_t *current, const uint8_t *end) const;
 
-	std::vector<CacheSymbol> ReadExportSymbolTable(BinaryNinja::BinaryView& view, VirtualMemory& vm) const;
+	std::vector<CacheSymbol> ReadExportSymbolTable(VirtualMemory& vm) const;
 
 	std::vector<uint64_t> ReadFunctionTable(VirtualMemory& vm) const;
 
+	// TODO: Move the apply functions to the processor.
 	// Applies header sections to the view if not already existing, returning the number
 	// of newly added sections to the view. The return value will be zero if no new sections were added.
 	uint64_t ApplyHeaderSections(BinaryNinja::Ref<BinaryNinja::BinaryView> view);

view/sharedcache/core/MappedFileAccessor.cpp

@@ -3,8 +3,6 @@
 
 std::shared_ptr<MappedFileAccessor> MappedFileAccessor::Open(const std::string& filePath)
 {
-    // TODO: Log here just to make sure we are not constantly opening the same files.
-    BinaryNinja::LogInfo("Opening mapped file: %s", filePath.c_str());
     auto file = MappedFile::OpenFile(filePath);
     if (!file.has_value())
         return nullptr;

view/sharedcache/core/ObjC.cpp

@@ -5,7 +5,7 @@
 using namespace BinaryNinja;
 using namespace DSCObjC;
 
-SharedCacheObjCReader::SharedCacheObjCReader(VirtualMemoryReader reader, size_t addressSize) : m_reader(reader), m_addressSize(addressSize)
+SharedCacheObjCReader::SharedCacheObjCReader(VirtualMemoryReader reader) : m_reader(reader)
 {
 }
 
@@ -90,8 +90,8 @@ std::shared_ptr<ObjCReader> SharedCacheObjCProcessor::GetReader()
 	// TODO: This should never happen.
 	if (!controller)
 		throw std::runtime_error("SharedCacheController not found for SharedCacheObjCProcessor::GetReader!");
-	auto reader = VirtualMemoryReader(controller->GetCache().GetVirtualMemory());
-	return std::make_shared<SharedCacheObjCReader>(reader, m_data->GetAddressSize());
+	auto reader = VirtualMemoryReader(controller->GetCache().GetVirtualMemory(), m_data->GetAddressSize());
+	return std::make_shared<SharedCacheObjCReader>(reader);
 }
 
 void SharedCacheObjCProcessor::GetRelativeMethod(ObjCReader* reader, method_t& meth)

view/sharedcache/core/ObjC.h

@@ -19,7 +19,6 @@ struct ObjCOptimizationHeader
 namespace DSCObjC {
 	class SharedCacheObjCReader : public BinaryNinja::ObjCReader {
 		VirtualMemoryReader m_reader;
-		size_t m_addressSize;
 
 	public:
 		void Read(void* dest, size_t len) override;
@@ -39,7 +38,7 @@ namespace DSCObjC {
 
 		VirtualMemoryReader& GetVMReader();
 
-		SharedCacheObjCReader(VirtualMemoryReader reader, size_t addressSize);
+		SharedCacheObjCReader(VirtualMemoryReader reader);
 	};
 
 	class SharedCacheObjCProcessor : public BinaryNinja::ObjCProcessor {

view/sharedcache/core/SharedCache.h

@@ -166,6 +166,7 @@ typedef uint32_t CacheEntryId;
 // Creating this is expensive, both in actual processing and just copying, so we only generate this
 // once every time the database is open.
 class SharedCache {
+	uint64_t m_addressSize = 8;
 	uint64_t m_baseAddress = 0;
 	// TODO: Figure out when to lock the mutex on this shit lmfao
 	// The shared cache can own the virtual memory, this is fine...
@@ -179,9 +180,9 @@ class SharedCache {
 	std::unordered_map<uint64_t, CacheSymbol> m_symbols {};
 
 	// Process the images and regions of the entry and add them to the cache.
-	void ProcessEntry(BinaryNinja::BinaryView& view, const CacheEntry& entry);
+	void ProcessEntry(const CacheEntry& entry);
 public:
-	explicit SharedCache();
+	explicit SharedCache(uint64_t addressSize);
 
 	uint64_t GetBaseAddress() const { return m_baseAddress; }
 	std::shared_ptr<VirtualMemory> GetVirtualMemory() { return m_vm; }
@@ -207,7 +208,7 @@ class SharedCache {
 	CacheEntryId AddEntry(CacheEntry entry);
 
 	// Call this after adding all the entries. This will process them to pull out the regions and images.
-	void ProcessEntries(BinaryNinja::BinaryView& view);
+	void ProcessEntries();
 
 	// TODO: This stuff might just be loading stuff, in that case move this to the controller class. :/
 	// Objective-C processing is done inline so that later analysis is aware of it.