Comments (3)
Another curious thing is that, when I open bn_llil_test_app for the first time in binja, test_allocframe() infers FP as the first argument (I changed that to void in the snippets above). Specifically, binja infers
int32_t test_allocframe(int32_t arg1 @ FP)
This happens even when I add FP to GetCalleeSavedRegisters
in arch_hexagon.cc
from binja-hexagon.
I'm pretty sure the issue lies with Binja's analysis. Either it expects callee-saved regs and LR/FP to be manipulated with LLIL push and pops, or it cannot handle LLIL_SPLIT_REG and LLIL_SET_SPLIT_REG.
To be sure, I modified lift_L4_return() and lift_S2_allocframe() to use straightforward push and pop's, and produced the following IL's:
LLIL:
0 @ 00000020 push(LR)
1 @ 00000020 push(FP)
2 @ 00000020 FP = SP {__saved_FP}
3 @ 00000020 SP = SP - 8
4 @ 00000024 temp0.d = 0x100
5 @ 00000024 R0 = temp0.d
6 @ 00000028 SP = FP
7 @ 00000028 FP = pop
8 @ 00000028 LR = pop
9 @ 00000028 <return> jump(LR)
HLIL:
00000028 return 0x100
FP is no longer inferred as an implicit argument to the function, as well.
from binja-hexagon.
Yeah, I also encountered optimization problems with LLIL_SPLIT_REG
.
TempReg::CopyFromTemp
in plugin/packet_context.cc
also uses split registers, so I experimented a bit, and changed the split reg computation to two SetRegister
s with a logical shift:
void TempReg::CopyFromTemp(BinaryNinja::LowLevelILFunction &il) {
ExprId expr;
if (size_ == 1) {
expr = il.SetRegister(1, reg_, il.Register(1, LLIL_TEMP(reg_)));
il.AddInstruction(expr);
} else if (size_ == 4) {
expr = il.SetRegister(4, reg_, il.Register(4, LLIL_TEMP(reg_)));
il.AddInstruction(expr);
} else {
CHECK_EQ(size_, 8);
il.AddInstruction(il.SetRegister(
4, reg_, il.LowPart(4, il.Register(8, LLIL_TEMP(reg_)))));
il.AddInstruction(il.SetRegister(
4, reg_ + 1,
il.LowPart(4, il.LogicalShiftRight(8, il.Register(8, LLIL_TEMP(reg_)),
il.Const(1, 32)))));
}
}
However, I wasn't too happy with the results, so I didn't push the change.
from binja-hexagon.
Related Issues (12)
- ELF architecture 164 is not supported HOT 2
- Wrong handling of scalar predicates HOT 2
- Security Policy violation Binary Artifacts HOT 17
- Broken build on 3.4.4149-dev HOT 3
- Unable to have multiple hexagon binaries in same binaryninja instance HOT 3
- Lifting causes spurious conditionals HOT 5
- SourceReg causes incorrect lifting by clobbering already-written temporary HOT 3
- Incorrect lift of Auto-AND predicates HOT 2
- Undefined References when linking libbinaryninjaapi.a HOT 3
- in process_insn_tokens KeyError: 'J2_jump' HOT 2
- link error while compiling plugin on osx HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from binja-hexagon.