OLD | NEW |
(Empty) | |
| 1 // Copyright 2015 Google Inc. All Rights Reserved. |
| 2 // |
| 3 // Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 // you may not use this file except in compliance with the License. |
| 5 // You may obtain a copy of the License at |
| 6 // |
| 7 // http://www.apache.org/licenses/LICENSE-2.0 |
| 8 // |
| 9 // Unless required by applicable law or agreed to in writing, software |
| 10 // distributed under the License is distributed on an "AS IS" BASIS, |
| 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 // See the License for the specific language governing permissions and |
| 13 // limitations under the License. |
| 14 |
| 15 #include "syzygy/refinery/analyzers/type_propagator_analyzer.h" |
| 16 |
| 17 #include <queue> |
| 18 |
| 19 #include "syzygy/refinery/process_state/process_state_util.h" |
| 20 #include "syzygy/refinery/process_state/refinery.pb.h" |
| 21 #include "syzygy/refinery/types/type.h" |
| 22 |
| 23 namespace refinery { |
| 24 |
| 25 // static |
| 26 const char TypePropagatorAnalyzer::kTypePropagatorAnalyzerName[] = |
| 27 "TypePropagatorAnalyzer"; |
| 28 |
| 29 TypePropagatorAnalyzer::TypePropagatorAnalyzer( |
| 30 scoped_refptr<SymbolProvider> symbol_provider) |
| 31 : symbol_provider_(symbol_provider) { |
| 32 DCHECK(symbol_provider.get() != nullptr); |
| 33 } |
| 34 |
| 35 Analyzer::AnalysisResult TypePropagatorAnalyzer::Analyze( |
| 36 const minidump::Minidump& minidump, |
| 37 ProcessState* process_state) { |
| 38 DCHECK(process_state != nullptr); |
| 39 |
| 40 // Analyzers that build content for the bytes and typed block layer must have |
| 41 // already run. We use the existence of a bytes layer and a typed block layer |
| 42 // as a proxy for this. Longer term, a proper notion of analyzer dependencies |
| 43 // should be introduced. |
| 44 BytesLayerPtr bytes_layer; |
| 45 if (!process_state->FindLayer(&bytes_layer)) { |
| 46 LOG(ERROR) << "Missing bytes layer."; |
| 47 return ANALYSIS_ERROR; |
| 48 } |
| 49 TypedBlockLayerPtr typed_layer; |
| 50 if (!process_state->FindLayer(&typed_layer)) { |
| 51 LOG(ERROR) << "Missing typed block layer."; |
| 52 return ANALYSIS_ERROR; |
| 53 } |
| 54 |
| 55 ModuleLayerAccessor accessor(process_state); |
| 56 |
| 57 std::queue<TypedData> process_queue; |
| 58 |
| 59 // Recover typed data from the typed block layer. |
| 60 for (TypedBlockRecordPtr rec : *typed_layer) { |
| 61 const TypedBlock& typedblock = rec->data(); |
| 62 |
| 63 // Recover the type. |
| 64 pe::PEFile::Signature signature; |
| 65 if (!accessor.GetModuleSignature(typedblock.module_id(), &signature)) |
| 66 return ANALYSIS_ERROR; |
| 67 |
| 68 scoped_refptr<TypeRepository> type_repository; |
| 69 if (!symbol_provider_->FindOrCreateTypeRepository(signature, |
| 70 &type_repository)) { |
| 71 return ANALYSIS_ERROR; |
| 72 } |
| 73 |
| 74 TypePtr type = type_repository->GetType(typedblock.type_id()); |
| 75 if (type == nullptr) |
| 76 return ANALYSIS_ERROR; |
| 77 |
| 78 // Queue typed data for processing. |
| 79 process_queue.push(TypedData(process_state, type, rec->range().start())); |
| 80 } |
| 81 |
| 82 // Process typed data looking for pointers or contained pointers. |
| 83 while (!process_queue.empty()) { |
| 84 if (!AnalyzeTypedData(process_queue.front(), process_state)) |
| 85 return ANALYSIS_ERROR; |
| 86 process_queue.pop(); |
| 87 } |
| 88 |
| 89 return ANALYSIS_COMPLETE; |
| 90 } |
| 91 |
| 92 bool TypePropagatorAnalyzer::AnalyzeTypedData(const TypedData& typed_data, |
| 93 ProcessState* process_state) { |
| 94 DCHECK(process_state != nullptr); |
| 95 |
| 96 TypePtr type = typed_data.type(); |
| 97 DCHECK(type.get()); |
| 98 |
| 99 switch (type->kind()) { |
| 100 case Type::USER_DEFINED_TYPE_KIND: |
| 101 return AnalyzeTypedDataUDT(typed_data, process_state); |
| 102 case Type::POINTER_TYPE_KIND: |
| 103 return AnalyzeTypedDataPointer(typed_data, process_state); |
| 104 case Type::ARRAY_TYPE_KIND: |
| 105 return AnalyzeTypedDataArray(typed_data, process_state); |
| 106 case Type::BASIC_TYPE_KIND: |
| 107 case Type::FUNCTION_TYPE_KIND: |
| 108 case Type::GLOBAL_TYPE_KIND: |
| 109 case Type::WILDCARD_TYPE_KIND: |
| 110 // Nothing to do with these. |
| 111 return true; |
| 112 default: |
| 113 DCHECK(false); |
| 114 return false; |
| 115 } |
| 116 } |
| 117 |
| 118 bool TypePropagatorAnalyzer::AnalyzeTypedDataUDT(const TypedData& typed_data, |
| 119 ProcessState* process_state) { |
| 120 DCHECK_EQ(Type::USER_DEFINED_TYPE_KIND, typed_data.type()->kind()); |
| 121 DCHECK(process_state != nullptr); |
| 122 |
| 123 // TODO(manzagop): implement. |
| 124 |
| 125 return true; |
| 126 } |
| 127 |
| 128 bool TypePropagatorAnalyzer::AnalyzeTypedDataPointer( |
| 129 const TypedData& typed_data, |
| 130 ProcessState* process_state) { |
| 131 DCHECK_EQ(Type::POINTER_TYPE_KIND, typed_data.type()->kind()); |
| 132 DCHECK(process_state != nullptr); |
| 133 |
| 134 TypedData content_data; |
| 135 if (!typed_data.Dereference(&content_data)) { |
| 136 // Unable to dereference. This may be because the pointer's contents (the |
| 137 // address of the pointee) are not available. |
| 138 // TODO(manzagop): have a better way to distinguish a failure (can't cast |
| 139 // pointer) from an acceptable negative result (missing the required bytes) |
| 140 // and have counters for these kinds of events. |
| 141 return true; |
| 142 } |
| 143 |
| 144 return AddTypedBlock(content_data, process_state); |
| 145 } |
| 146 |
| 147 bool TypePropagatorAnalyzer::AnalyzeTypedDataArray( |
| 148 const TypedData& typed_data, |
| 149 ProcessState* process_state) { |
| 150 DCHECK_EQ(Type::ARRAY_TYPE_KIND, typed_data.type()->kind()); |
| 151 DCHECK(process_state != nullptr); |
| 152 |
| 153 // TODO(manzagop): implement. |
| 154 return true; |
| 155 } |
| 156 |
| 157 bool TypePropagatorAnalyzer::AddTypedBlock(const TypedData& typed_data, |
| 158 ProcessState* process_state) { |
| 159 ModuleLayerAccessor accessor(process_state); |
| 160 pe::PEFile::Signature signature; |
| 161 if (!typed_data.type()->repository()->GetModuleSignature(&signature)) |
| 162 return false; |
| 163 ModuleId module_id = accessor.GetModuleId(signature); |
| 164 if (module_id == kNoModuleId) |
| 165 return false; |
| 166 |
| 167 return AddTypedBlockRecord(typed_data.GetRange(), L"", module_id, |
| 168 typed_data.type()->type_id(), process_state); |
| 169 } |
| 170 |
| 171 } // namespace refinery |
OLD | NEW |