Merge branch 'dev' of github.com:qilingframework/qiling into dev

xwings · xwings · commit 0372b5878437 · 2021-05-31T15:59:03.000+08:00
diff --git a/qiling/extensions/idaplugin/qilingida.py b/qiling/extensions/idaplugin/qilingida.py
@@ -1415,6 +1415,10 @@ def __is_next_mbb(self, mbb):
         return True
 
     def _get_jmp_ins(self, ida_addr, insns):
+        # This cloud really happen! See issue #804. TODO: Investigate or re-design insns structure or replace it with ESIL.
+        # So we have to fallback to legacy path.
+        if ida_addr not in insns:
+            return (None, None)
         ins_list = insns[ida_addr]
         result = []
         for bbid, ins in ins_list:
@@ -1497,7 +1501,7 @@ def _force_execution_by_parsing_assembly(self, ql, ida_addr):
                 high = IDA.get_operand(ida_addr, 1)
                 reg = IDA.print_operand(ida_addr, 0).lower()
                 val = (high << 16) + low
-                logging.info(f"Force set {reg1} to {hex(val)}")
+                logging.info(f"Force set {reg} to {hex(val)}")
                 ql.reg.__setattr__(reg, val)
                 return True
             elif "csel" in instr: # csel dst, src1, src2, cond
@@ -1563,8 +1567,11 @@ def _guide_hook(self, ql, addr, size):
             ql.emu_stop()
 
     def _skip_unmapped_rw(self, ql, type, addr, size, value):
-        map_addr = ql.mem.align(addr)
-        map_size = ql.mem.align(size)
+        alignment = 0x1000
+        # Round down
+        map_addr = addr & (~(alignment - 1))
+        # Round up
+        map_size = ((size + (alignment - 1)) & (~(alignment - 1)))
         if not ql.mem.is_mapped(map_addr, map_size):
             logging.warning(f"Invalid memory R/W, trying to map {hex(map_size)} at {hex(map_addr)}")
             ql.mem.map(map_addr, map_size)
@@ -1625,6 +1632,7 @@ def _search_path(self):
         self.paths = {bbid: [] for bbid in self.bb_mapping.keys()}
         reals = [self.first_block, *self.real_blocks]
         self.deflatqlemu = QlEmuQiling()
+        self.deflatqlemu.path = self.qlemu.path
         self.deflatqlemu.rootfs = self.qlemu.rootfs
         first_block = self.bb_mapping[self.first_block]
         if IDA.get_ql_arch_string() == "arm32":
@@ -1659,8 +1667,9 @@ def _search_path(self):
             }
             ql_bb_start_ea = self.deflatqlemu.ql_addr_from_ida(bb.start_ea) + self.append
             ctx = ql.save()
+            # Skip force execution in the first block.
             # `end=0` is a workaround for ql remembering last exit_point.
-            if braddr is None:
+            if braddr is None or bb.id == self.first_block:
                 ql.run(begin=ql_bb_start_ea, end=0, count=0xFFF)
             else:
                 self.hook_data['force'] = {braddr: True}
@@ -1844,6 +1853,9 @@ def _prepare_microcodes(self, decomp_flags=ida_hexrays.DECOMP_WARNINGS | ida_hex
     def ql_deflat(self):
         if len(self.bb_mapping) == 0:
             self.ql_parse_blocks_for_deobf()
+        if not self.qlinit:
+            logging.info("Qiling should be setup firstly!")
+            return
         self.mba, self.insns, self.mbbs = self._prepare_microcodes(maturity=3)
         logging.debug("Microcode generation done. Going to search path.")
         if not self._search_path():
