wip wip

Author: emesare

view/sharedcache/core/Dyld.h

@@ -95,11 +95,11 @@ struct dyld_chained_ptr_arm64e_shared_cache_auth_rebase
 		auth            :  1;   // == 1
 };
 
-// dyld_cache_slide_info4 is used in watchOS which we are not close to supporting right now.
+// TODO: dyld_cache_slide_info4 is used in watchOS which we are not close to supporting right now.
 
 #define DYLD_CACHE_SLIDE_V5_PAGE_ATTR_NO_REBASE    0xFFFF    // page has no rebasing
 
-struct PACKED_STRUCT dyld_cache_slide_info5
+struct PACKED_STRUCT dyld_cache_slide_info_v5
 {
 	uint32_t    version;            // currently 5
 	uint32_t    page_size;          // currently 4096 (may also be 16384)

view/sharedcache/core/MachO.cpp

@@ -480,6 +480,7 @@ void SharedCacheMachOProcessor::ApplyHeader(Ref<BinaryView> view, SharedCacheMac
 			// Mach-O View symtab processing with
 			// a ton of stuff cut out so it can work
 			// NOTE: This table is read relative to the link edit segment file base.
+			// TODO: Remove this and use the m_symbols in the cache?
 			const auto symbols = header.ReadSymbolTable(*view, *m_vm);
 			for (const auto& sym : symbols)
 				ApplySymbol(view, typeLib, sym.ToBNSymbol());
@@ -489,6 +490,7 @@ void SharedCacheMachOProcessor::ApplyHeader(Ref<BinaryView> view, SharedCacheMac
 		if (header.exportTriePresent)
 		{
 			// NOTE: This table is read relative to the link edit segment file base.
+			// TODO: Remove this and use the m_symbols in the cache?
 			const auto exportSymbols = header.ReadExportSymbolTable(*view, *m_vm);
 			for (const auto& sym : exportSymbols)
 				ApplySymbol(view, typeLib, sym.ToBNSymbol());
@@ -811,13 +813,11 @@ std::vector<CacheSymbol> SharedCacheMachOHeader::ReadSymbolTable(BinaryView& vie
 	uint64_t symbolsAddress = GetLinkEditFileBase() + symtab.symoff;
 	uint64_t stringsAddress = GetLinkEditFileBase() + symtab.stroff;
 	uint64_t link = GetLinkEditFileBase();
-	LogInfo("link edit file base %llx", link);
 	if (!vm.IsAddressMapped(link))
 	{
-		LogError("Link edit segment not mapped");
+		LogError("Link edit segment not mapped %llx", link);
 		return {};
 	}
-	auto strings = vm.ReadBuffer(stringsAddress, symtab.strsize);
 
 	// TODO: This needs to be passed in as an optional argument.
 	// TODO: Sometimes symbol tables are shared and we have to offset into the table for a specific header.
@@ -857,23 +857,17 @@ std::vector<CacheSymbol> SharedCacheMachOHeader::ReadSymbolTable(BinaryView& vie
 			continue;
 		}
 
-		std::string symbolName((char*)strings.GetDataAt(nlist.n_strx));
+		std::string symbolName = vm.ReadCString(stringsAddress + nlist.n_strx);
 		if (symbolName == "<redacted>")
 			continue;
 
 		std::optional<BNSymbolType> symbolType;
 		if ((nlist.n_type & N_TYPE) == N_SECT && nlist.n_sect > 0 && (size_t)(nlist.n_sect - 1) < sections.size())
-		{
 			symbolType = DataSymbol;
-		}
 		else if ((nlist.n_type & N_TYPE) == N_ABS)
-		{
 			symbolType = DataSymbol;
-		}
 		else if ((nlist.n_type & N_EXT))
-		{
 			symbolType = ExternalSymbol;
-		}
 
 		if (!symbolType.has_value())
 		{
@@ -913,7 +907,7 @@ std::vector<CacheSymbol> SharedCacheMachOHeader::ReadSymbolTable(BinaryView& vie
 
 		CacheSymbol symbol;
 		symbol.address = symbolAddress;
-		symbol.name = symbolName;
+		symbol.name = std::move(symbolName);
 		symbol.type = symbolType.value();
 		symbolList.emplace_back(symbol);
 	}
@@ -956,10 +950,11 @@ std::optional<CacheSymbol> SharedCacheMachOHeader::AddExportTerminalSymbol(const
     return exportSym;
 }
 
-void SharedCacheMachOHeader::ProcessLinkEditTrie(std::vector<CacheSymbol>& symbols, const std::string& currentText, const uint8_t* begin, const uint8_t* current, const uint8_t* end) const
+// TODO: This is like 90% of the runtime.
+bool SharedCacheMachOHeader::ProcessLinkEditTrie(std::vector<CacheSymbol>& symbols, const std::string& currentText, const uint8_t* begin, const uint8_t* current, const uint8_t* end) const
 {
 	if (current >= end)
-		throw ReadException();
+		return false;
 
 	uint64_t terminalSize = readValidULEB128(current, end);
 	const uint8_t* child = current + terminalSize;
@@ -980,18 +975,21 @@ void SharedCacheMachOHeader::ProcessLinkEditTrie(std::vector<CacheSymbol>& symbo
 	for (uint8_t i = 0; i < childCount; ++i)
 	{
 		if (current >= end)
-			throw ReadException();
+			return false;
 		const auto it = std::find(current, end, 0);
 		childText.append(current, it);
 		current = it + 1;
 		if (current >= end)
-			throw ReadException();
-		auto next = readValidULEB128(current, end);
+			return false;
+		const auto next = readValidULEB128(current, end);
 		if (next == 0)
-			throw ReadException();
-		ProcessLinkEditTrie(symbols, childText, begin, begin + next, end);
+			return false;
+		if (!ProcessLinkEditTrie(symbols, childText, begin, begin + next, end))
+			return false;
 		childText.resize(currentText.size());
 	}
+
+	return true;
 }
 
 std::vector<CacheSymbol> SharedCacheMachOHeader::ReadExportSymbolTable(BinaryView& view, VirtualMemory& vm) const

view/sharedcache/core/MachO.h

@@ -60,7 +60,7 @@ struct SharedCacheMachOHeader
 	std::optional<CacheSymbol> AddExportTerminalSymbol(const std::string &symbolName, const uint8_t *current,
 	                                                   const uint8_t *end) const;
 
-	void ProcessLinkEditTrie(std::vector<CacheSymbol> &symbols, const std::string &currentText, const uint8_t *begin,
+	bool ProcessLinkEditTrie(std::vector<CacheSymbol> &symbols, const std::string &currentText, const uint8_t *begin,
 	                         const uint8_t *current, const uint8_t *end) const;
 
 	std::vector<CacheSymbol> ReadExportSymbolTable(BinaryNinja::BinaryView& view, VirtualMemory& vm) const;

view/sharedcache/core/SharedCache.cpp

@@ -151,6 +151,12 @@ void SharedCache::AddSymbol(CacheSymbol symbol)
     m_symbols.insert({symbol.address, std::move(symbol)});
 }
 
+void SharedCache::AddSymbols(std::vector<CacheSymbol> symbols)
+{
+    for (auto& symbol : symbols)
+        m_symbols.insert({symbol.address, std::move(symbol)});
+}
+
 CacheEntryId SharedCache::AddEntry(CacheEntry entry)
 {
     // TODO: Maybe check to see if we already added the file?
@@ -163,8 +169,8 @@ CacheEntryId SharedCache::AddEntry(CacheEntry entry)
 
     // Populate virtual memory using the entry mappings, by doing so we can now
     // read the memory of the mapped regions of the cache entry file.
-    const auto &mappings = entry.GetMappings();
-    for (const auto &mapping: mappings)
+    const auto& mappings = entry.GetMappings();
+    for (const auto& mapping: mappings)
         m_vm->MapRegion(fileAccessor, {mapping.address, mapping.address + mapping.size}, mapping.fileOffset);
 
     // We are done and can make the entry visible to the entire cache.
@@ -311,14 +317,12 @@ void SharedCache::ProcessEntry(BinaryView &view, const CacheEntry &entry)
         // TODO: Populating symbols here means that we have all of the symbols for the entire shared cache loaded always.
         // TODO: We should make this lazy (i.e. GetSymbolAt should check the symbols list then do actual work).
         // Populate symbols with this images symbols.
-        std::vector<CacheSymbol> symbols = imageHeader->ReadSymbolTable(view, *m_vm);
-        for (const CacheSymbol& symbol : symbols)
-            AddSymbol(symbol);
+        // std::vector<CacheSymbol> symbols = imageHeader->ReadSymbolTable(view, *m_vm);
+        // AddSymbols(std::move(symbols));
 
         // TODO: Should export symbols be put in a different bucket? How are they consumed differently?
         std::vector<CacheSymbol> exportSymbols = imageHeader->ReadExportSymbolTable(view, *m_vm);
-        for (const CacheSymbol& exportSymbol : exportSymbols)
-            AddSymbol(exportSymbol);
+        AddSymbols(std::move(exportSymbols));
 
         // This is behind a shared pointer as the header itself is very large.
         image.header = std::make_shared<SharedCacheMachOHeader>(*imageHeader);

view/sharedcache/core/SharedCache.h

@@ -15,6 +15,17 @@ struct CacheSymbol
 	uint64_t address;
 	std::string name;
 
+	CacheSymbol() = default;
+	CacheSymbol(BNSymbolType type, uint64_t address, std::string name)
+		: type(type), address(address), name(std::move(name)) {}
+	~CacheSymbol() = default;
+
+	CacheSymbol(const CacheSymbol& other) = default;
+	CacheSymbol& operator=(const CacheSymbol& other) = default;
+
+	CacheSymbol(CacheSymbol&& other) noexcept = default;
+	CacheSymbol& operator=(CacheSymbol&& other) noexcept = default;
+
 	// NOTE: you should really only call this when adding the symbol to the view.
 	BinaryNinja::Ref<BinaryNinja::Symbol> ToBNSymbol() const;
 };
@@ -39,6 +50,15 @@ struct CacheRegion
 	std::optional<uint64_t> imageStart;
 	BNSegmentFlag flags;
 
+	CacheRegion() = default;
+	~CacheRegion() = default;
+
+	CacheRegion(const CacheRegion& other) = default;
+	CacheRegion& operator=(const CacheRegion& other) = default;
+
+	CacheRegion(CacheRegion&& other) noexcept = default;
+	CacheRegion& operator=(CacheRegion&& other) noexcept = default;
+
 	AddressRange AsAddressRange() const
 	{
 		return { start, start + size };
@@ -69,6 +89,15 @@ struct CacheImage
 	std::vector<uint64_t> regionStarts;
 	std::shared_ptr<SharedCacheMachOHeader> header;
 
+	CacheImage() = default;
+	~CacheImage() = default;
+
+	CacheImage(const CacheImage& other) = default;
+	CacheImage& operator=(const CacheImage& other) = default;
+
+	CacheImage(CacheImage&& other) noexcept = default;
+	CacheImage& operator=(CacheImage&& other) noexcept = default;
+
 	// Get the file name from the path.
 	std::string GetName() const { return ImageName(path); }
 };
@@ -164,6 +193,7 @@ class SharedCache {
 	bool AddNonOverlappingRegion(CacheRegion region);
 
 	void AddSymbol(CacheSymbol symbol);
+	void AddSymbols(std::vector<CacheSymbol> symbols);
 
 	// Adds the cache entry and populates the virtual memory using the mapping information.
 	// After being added the entry is read only, there is nothing that can modify it.
@@ -186,6 +216,7 @@ class SharedCache {
 
 	std::optional<CacheImage> GetImageAt(uint64_t address) const;
 	std::optional<CacheImage> GetImageContaining(uint64_t address) const;
+	// TODO: Rename to GetImageWithPath and then make another one for the image name.
 	std::optional<CacheImage> GetImageWithName(const std::string& name) const;
 
 	std::optional<CacheSymbol> GetSymbolAt(uint64_t address) const;

view/sharedcache/core/SharedCacheView.cpp

@@ -647,19 +647,19 @@ bool SharedCacheView::Init()
 
 	// TODO: Add up everything here blud
 	// TODO: Run this up on a seperate thread maybe and have callback notifications?
+	auto startTime = std::chrono::high_resolution_clock::now();
 	sharedCache.ProcessEntries(*this);
+	auto endTime = std::chrono::high_resolution_clock::now();
+	std::chrono::duration<double> elapsed = endTime - startTime;
+	LogInfo("Processing entries took %.3f seconds", elapsed.count());
 
 	auto cacheController = SharedCacheController::Initialize(*this, sharedCache);
 
 	// TODO: Load the auto loaded images.
 	// TODO: Make this configurable, so users can select images in OwO.
-	// TODO: This probably wont work, the image name will be the full path rn.
-	auto autoLoadedLib = cacheController->GetCache().GetImageWithName("libsystem_c.dylib");
-	if (autoLoadedLib.has_value())
-	{
-		LogInfo("Loading libsystem_c.dylib... BLAH BLAH");
-		cacheController->LoadImage(*this, *autoLoadedLib);
-	}
+	for (const auto& [_, image] : sharedCache.GetImages())
+		if (image.GetName() == "libsystem_c.dylib")
+			cacheController->LoadImage(*this, image);
 
 	return true;
 }