rz_basefind.h File Reference

#include <rz_core.h>

Go to the source code of this file.

Classes
struct	rz_basefind_t
struct	rz_basefind_info_t
struct	rz_basefind_options_t

Macros
#define	RZ_BASEFIND_STRING_MIN_LENGTH   (10)
#define	RZ_BASEFIND_BASE_MIN_ADDRESS   (0ull)
#define	RZ_BASEFIND_BASE_MAX_ADDRESS   (0xf0000000ull)
#define	RZ_BASEFIND_BASE_ALIGNMENT   (0x1000)
#define	RZ_BASEFIND_SCORE_MIN_VALUE   (1)

Typedefs
typedef struct rz_basefind_t	RzBaseFindScore
typedef struct rz_basefind_info_t	RzBaseFindThreadInfo
typedef bool(*	RzBaseFindThreadInfoCb) (const RzBaseFindThreadInfo *th_info, void *user)
typedef struct rz_basefind_options_t	RzBaseFindOpt

Functions
RZ_API RZ_OWN RzList *	rz_basefind (RZ_NONNULL RzCore *core, RZ_NONNULL RzBaseFindOpt *options)
	Calculates a list of possible base addresses candidates using the strings position. More...

Macro Definition Documentation

RZ_BASEFIND_BASE_ALIGNMENT

#define RZ_BASEFIND_BASE_ALIGNMENT   (0x1000)

Definition at line 16 of file rz_basefind.h.

RZ_BASEFIND_BASE_MAX_ADDRESS

#define RZ_BASEFIND_BASE_MAX_ADDRESS   (0xf0000000ull)

Definition at line 15 of file rz_basefind.h.

RZ_BASEFIND_BASE_MIN_ADDRESS

#define RZ_BASEFIND_BASE_MIN_ADDRESS   (0ull)

Definition at line 14 of file rz_basefind.h.

RZ_BASEFIND_SCORE_MIN_VALUE

#define RZ_BASEFIND_SCORE_MIN_VALUE   (1)

Definition at line 17 of file rz_basefind.h.

RZ_BASEFIND_STRING_MIN_LENGTH

#define RZ_BASEFIND_STRING_MIN_LENGTH   (10)

Definition at line 13 of file rz_basefind.h.

Typedef Documentation

RzBaseFindOpt

typedef struct rz_basefind_options_t RzBaseFindOpt

RzBaseFindScore

typedef struct rz_basefind_t RzBaseFindScore

RzBaseFindThreadInfo

typedef struct rz_basefind_info_t RzBaseFindThreadInfo

RzBaseFindThreadInfoCb

typedef bool(* RzBaseFindThreadInfoCb) (const RzBaseFindThreadInfo *th_info, void *user)

Definition at line 34 of file rz_basefind.h.

Function Documentation

rz_basefind()

RZ_API RZ_OWN RzList* rz_basefind	(	RZ_NONNULL RzCore *	core,
		RZ_NONNULL RzBaseFindOpt *	options
	)

Calculates a list of possible base addresses candidates using the strings position.

The code finds all the strings in memory with a minimum acceptable size (via opt.min_string_len) and calculates all possible words 32 or 64 bit large sizes (endianness via cfg.bigendian) in the given binary. These addresses are then compared with the strings and a variable base address which is increased over time by opt.alignment.

The scores are added to the result list with the associated base address if their score are higher than opt.min_score, otherwise they are ignored.

It is possible via opt.callback to set a callback function that can stop the search (when returning false) or display the thread statuses (the callback will be called N-times for N spawned threads.

Parameters

core	RzCore struct to use.
options	Pointer to the RzBaseFindOpt structure.

Definition at line 336 of file basefind.c.

                                                                                              {
    rz_return_val_if_fail(core && options, NULL);
    RzList *scores = NULL;
    BaseFindArray *array = NULL;
    HtUU *pointers = NULL;
    size_t pool_size = 1;
    RzThreadPool *pool = NULL;
    RzThreadLock *lock = NULL;
    RzThread *user_thread = NULL;
    BaseFindUIInfo ui_info = { 0 };
 
    ut64 base_start = options->start_address;
    ut64 base_end = options->end_address;
    ut64 alignment = options->alignment;
 
    if (options->pointer_size != 32 && options->pointer_size != 64) {
        RZ_LOG_ERROR("basefind: supported pointer sizes are 32 and 64 bits.\n");
        return NULL;
    } else if (!core->file) {
        RZ_LOG_ERROR("basefind: the file was not opened via RzCore.\n");
        return NULL;
    } else if (base_start >= base_end) {
        RZ_LOG_ERROR("basefind: start address is greater or equal to end address.\n");
        return NULL;
    } else if (alignment < 1) {
        RZ_LOG_ERROR("basefind: the alignment is set to zero bytes.\n");
        return NULL;
    } else if (options->min_score < 1) {
        RZ_LOG_ERROR("basefind: the minimum score is set to zero.\n");
        return NULL;
    } else if (options->min_string_len < 1) {
        RZ_LOG_ERROR("basefind: the minimum string length is set to zero.\n");
        return NULL;
    }
 
    if (alignment < RZ_BASEFIND_BASE_ALIGNMENT) {
        RZ_LOG_WARN("basefind: the alignment is less than 0x%x bytes, "
                "which may result in a very slow search.\n",
            RZ_BASEFIND_BASE_ALIGNMENT);
    }
 
    array = basefind_create_array_of_addresses(core, options->min_string_len);
    if (!array) {
        goto rz_basefind_end;
    }
 
    pointers = basefind_create_pointer_map(core, options->pointer_size / 8);
    if (!pointers) {
        goto rz_basefind_end;
    }
 
    scores = rz_list_newf((RzListFree)free);
    if (!scores) {
        RZ_LOG_ERROR("basefind: cannot allocate new scores list.\n");
        goto rz_basefind_end;
    }
 
    pool = rz_th_pool_new(options->max_threads);
    if (!pool) {
        RZ_LOG_ERROR("basefind: cannot allocate thread pool.\n");
        goto rz_basefind_end;
    }
    pool_size = rz_th_pool_size(pool);
 
    lock = rz_th_lock_new(false);
    if (!lock) {
        RZ_LOG_ERROR("basefind: cannot allocate thread lock.\n");
        goto rz_basefind_end;
    }
 
    RZ_LOG_VERBOSE("basefind: using %u threads\n", (ut32)pool_size);
 
    ut64 io_size = rz_io_size(core->io);
    ut64 sector_size = (((base_end - base_start) + pool_size - 1) / pool_size);
    for (size_t i = 0; i < pool_size; ++i) {
        BaseFindThreadData *bftd = RZ_NEW(BaseFindThreadData);
        if (!bftd) {
            RZ_LOG_ERROR("basefind: cannot allocate BaseFindThreadData.\n");
            basefind_stop_all_search_threads(pool);
            goto rz_basefind_end;
        }
        bftd->alignment = alignment;
        bftd->base_start = base_start + (sector_size * i);
        bftd->current = bftd->base_start;
        bftd->base_end = bftd->base_start + sector_size;
        bftd->score_min = options->min_score;
        bftd->io_size = io_size;
        bftd->lock = lock;
        bftd->scores = scores;
        bftd->pointers = pointers;
        bftd->array = array;
        bftd->loop = rz_atomic_bool_new(true);
        if (!create_thread_interval(pool, bftd)) {
            free(bftd);
            basefind_stop_all_search_threads(pool);
            goto rz_basefind_end;
        }
    }
 
    if (options->callback) {
        ui_info.pool = pool;
        ui_info.user = options->user;
        ui_info.callback = options->callback;
        ui_info.loop = rz_atomic_bool_new(true);
        user_thread = rz_th_new((RzThreadFunction)basefind_thread_ui, &ui_info);
        if (!user_thread) {
            basefind_stop_all_search_threads(pool);
            goto rz_basefind_end;
        }
    }
 
    // wait the pool to finish
    rz_th_pool_wait(pool);
 
    if (options->callback) {
        rz_atomic_bool_set(ui_info.loop, false);
        rz_th_wait(user_thread);
        rz_th_free(user_thread);
        rz_atomic_bool_free(ui_info.loop);
 
        RzBaseFindThreadInfo th_info;
        th_info.n_threads = pool_size;
        for (ut32 i = 0; i < pool_size; ++i) {
            RzThread *th = rz_th_pool_get_thread(pool, i);
            if (!th) {
                continue;
            }
            BaseFindThreadData *bftd = rz_th_get_user(th);
            basefind_set_thread_info(bftd, &th_info, i);
            options->callback(&th_info, options->user);
        }
    }
 
    rz_list_sort(scores, (RzListComparator)basefind_score_compare);
 
rz_basefind_end:
    if (pool) {
        for (ut32 i = 0; i < pool_size; ++i) {
            RzThread *th = rz_th_pool_get_thread(pool, i);
            if (!th) {
                continue;
            }
            BaseFindThreadData *bftd = rz_th_get_user(th);
            rz_atomic_bool_free(bftd->loop);
            free(bftd);
        }
        rz_th_pool_free(pool);
    }
    rz_th_lock_free(lock);
    basefind_array_free(array);
    ht_uu_free(pointers);
    return scores;
}

References basefind_thread_data_t::alignment, basefind_thread_data_t::array, basefind_thread_data_t::base_end, basefind_thread_data_t::base_start, basefind_array_free(), basefind_create_array_of_addresses(), basefind_create_pointer_map(), basefind_score_compare(), basefind_set_thread_info(), basefind_stop_all_search_threads(), basefind_thread_ui(), basefind_ui_info_t::callback, create_thread_interval(), basefind_thread_data_t::current, free(), i, basefind_thread_data_t::io_size, basefind_thread_data_t::lock, lock(), basefind_thread_data_t::loop, basefind_ui_info_t::loop, rz_basefind_info_t::n_threads, NULL, options, basefind_thread_data_t::pointers, basefind_ui_info_t::pool, rz_atomic_bool_free(), rz_atomic_bool_new(), rz_atomic_bool_set(), RZ_BASEFIND_BASE_ALIGNMENT, rz_io_size(), rz_list_newf(), rz_list_sort(), RZ_LOG_ERROR, RZ_LOG_VERBOSE, RZ_LOG_WARN, RZ_NEW, rz_return_val_if_fail, rz_th_free(), rz_th_get_user(), rz_th_lock_free(), rz_th_lock_new(), rz_th_new(), rz_th_pool_free(), rz_th_pool_get_thread(), rz_th_pool_new(), rz_th_pool_size(), rz_th_pool_wait(), rz_th_wait(), basefind_thread_data_t::score_min, basefind_thread_data_t::scores, basefind_ui_info_t::user, and ut64().

Referenced by rz_core_bin_basefind_print().