Mailing List Archives

Authenticated access

 		[Computer Systems Lab]

[← Prev[Date]  [Next →] [← Prev[Thread]  [Next →]

Re: [DynInst_API:] where to find the code for handling switch() statements?

Date: Tue, 22 Aug 2017 13:24:26 +0200
From: Thomas Dullien <thomasdullien@xxxxxxxxxx>
Subject: Re: [DynInst_API:] where to find the code for handling switch() statements?
Hey there,

I am back at work on this :-).Â

A few questions:
Â- Your fork is a fork of Dyninst 9 ?
Â- Are there any things I need to be aware of when building it?

The particular scenario I am dealing with right now is the following construct (x86_64 disassembly of
Visual Studio compiled code).

.text:000000014004D970         mov   [rsp+arg_8], edx
.text:000000014004D974         mov   [rsp+arg_0], rcx
.text:000000014004D979         push  Ârdi
.text:000000014004D97A         sub   rsp, 220h
.text:000000014004D981         mov   rdi, rsp
.text:000000014004D984         mov   ecx, 88h
.text:000000014004D989         mov   eax, 0CCCCCCCCh
.text:000000014004D98E Â Â Â Â Â Â Â Â rep stosd
.text:000000014004D990         mov   rcx, [rsp+228h+arg_0]
.text:000000014004D998         mov   rax, cs:__security_cookie
.text:000000014004D99F         xor   rax, rsp
.text:000000014004D9A2         mov   [rsp+228h+var_18], rax
.text:000000014004D9AA         mov   eax, [rsp+228h+arg_8]
.text:000000014004D9B1         mov   [rsp+228h+var_80], eax
.text:000000014004D9B8         mov   eax, [rsp+228h+var_80]
.text:000000014004D9BF         dec   eax
.text:000000014004D9C1         mov   [rsp+228h+var_80], eax
.text:000000014004D9C8         cmp   [rsp+228h+var_80], 5 ; switch 6 cases
.text:000000014004D9D0         ja   Âloc_14004EA48  ; jumptable 000000014004D9EF default case
.text:000000014004D9D6 Â Â Â Â Â Â Â Â movsxd Ârax, [rsp+228h+var_80]
.text:000000014004D9DE         lea   rcx, cs:140000000h
.text:000000014004D9E5         mov   eax, ds:(off_14004EA70 - 140000000h)[rcx+rax*4]
.text:000000014004D9EC         add   rax, rcx
.text:000000014004D9EF         jmp   rax       ; switch jump
.text:000000014004D9F1 ; ---------------------------------------------------------------------------

Cheers,
Thomas

On Tue, Jun 13, 2017 at 4:35 PM, Thomas Dullien <thomasdullien@xxxxxxxxxx> wrote:
Hey there,

excellent, thanks for your quick response :-) I will give your fork a try in the next 2-3 days -- I am currently
at a conference and hence won't have time to try it today :-)

Cheers,
Thomas

On Tue, Jun 13, 2017 at 10:30 AM, Xiaozhu Meng <mxz297@xxxxxxxxx> wrote:
Hi Thomas,Â

I am working with an improved jump table analysis. Its prototype is available at my Dyninst fork (https://github.com/mxz297/dyninst/tree/jump_table_multi_slices). This improved version should be merged back to mainstream Dyninst in the near future. Could you try my version to see whether it solves your problem? If the problem remains, could you provide me the problematic binary so that I can further improve my code?

Thanks,

--Xiaozhu

On Tue, Jun 13, 2017 at 7:25 AM, Thomas Dullien <thomasdullien@xxxxxxxxxx> wrote:
Hey all,

I am using DynInst for a small project that helps search for similar
and noticed that most switch statements that it encounters are not
handled properly (e.g. the control flow reconstruction fails to resolve
the switch targets).

Where in the source code should I go looking for the relevant code?
I'd love to have a look around to see if it can be improved.

Cheers,
Thomas

_______________________________________________
Dyninst-api mailing list
Dyninst-api@xxxxxxxxxxx
https://lists.cs.wisc.edu/mailman/listinfo/dyninst-api




[← Prev in Thread] Current Thread [Next in Thread→]
Previous by Date:  [DynInst_API:] [dyninst/dyninst], sashanicolas
Next by Date:  Re: [DynInst_API:] where to find the code for handling switch() statements?, Thomas Dullien
Previous by Thread:  Re: [DynInst_API:] where to find the code for handling switch() statements?, Thomas Dullien
Next by Thread:  Re: [DynInst_API:] where to find the code for handling switch() statements?, Thomas Dullien
Indexes:  [Date] [Thread]