DEV IN PROGRESS

This is the third and last digest for 2016 about what happened to the the development of Chrysalide during the last months.

The following news is based on commit cfe99bb, so you can give this version of Chrysalide a try by running:

git clone http://git.0xdeadc0de.fr/chrysalide.git
cd chrysalide
git checkout cfe99bb

And then follow the installation procedure.

TL;DR

A lot of time was spent on code refactoring these last two months. The process is not yet completed, but Chrysalide already became less memory consuming and loading big binaries now run faster.

Here are some Git statistics:

git diff --stat df579a2..HEAD | tail -1
 1041 files changed, 20630 insertions(+), 27234 deletions(-)

As there are 4334 files in the repository and about 86k lines of C code, this is a big change !

All the work is not yet done, so some features are currently disabled.

New way to display code

The chaos of widgets rendering code has disappared, and the new display widgets now better follow the Model-View-Controler design pattern (commit 932ea7c).

This is the main commit of this digest. Rendering lines now rely on generators, which produce output only when requested. This saves a lot of memory and provides enough flexibility to create hexadecimal displays for instance:

Moreover, sharing common instances is spreading through the whole code (commits b0bcf25 and 7d6d3ac).

A new "--enable-dump-stats" option available at compile time allows to see the benefits:

GDalvikRegister: current = 66 / 2640 - needed = 496299 / 19851960 (size=40, saved=19849320)
GDalvikArgsOperand: current = 1551 / 111672 - needed = 59007 / 4248504 (size=72, saved=4136832)
GDalvikPoolOperand: current = 27123 / 1952856 - needed = 199966 / 14397552 (size=72, saved=12444696)
GDalvikRegisterOperand: current = 66 / 4752 - needed = 496299 / 35733528 (size=72, saved=35728776)

In this case, for the Dalvik operands, more than 100Mb of RAM were saved!

To track shared instances, the old GHashTable has been abandoned for a faster sorted array (commit d50544a).

Use all CPUs Luke!

Cutting binaries into parts of code and data to disassemble has been improved (commit 9f9041e) and now runs faster.

Collecting disassembled instructions is now faster too (commit 5e76e91).

Moreover, the GUI is not freezing anymore at the begining of binary loading (commit deadb8b), and refreshing the progress bar only when needed speeds up the process (commit cfe99bb).

Misc

Python bindings have been extended to deal with disassembled instructions (commits 124c841 and db1a617) or to access to binary content (commit 25576d8).

Thus instructions can be browsed in a loop such as:

for ins in binary.processor.instrs:
    print(ins.keyword)

There is also an incoming change in Chrysalide theme handling. For now, the commit 2df715e prepares the base of this evolution by defining one directory per theme.

Code cleaning

Large parts of old and unmaintained code (commits 3754a5e, 12ebd54, ece6eb6, 16757c6, 2473177) have been removed.

Most of this code was a first naive attempt to get decompilation features or to deal with basic blocks in the hard way. Currently useless, and easily improvable in case of a new try to implement such features.

Moreover, the compilation process lost a lot of warnings thanks to these removals and extra care (commit 172e450).

Debug output (commit 6bde401) or runtime mistakes (commits b3aa48e and ba6ca32) have been fixed.

And there is finally no more reference to OpenIDA, the old name of Chrysalide, in the sources (commit 01f6cd5).

Happy new year!


Posted on December 31, 2016 at 19:24.