There have been 31 commits for this month, and the statistics provide a small overview of the done work:
git diff --stat 027305c..HEAD | tail -1 157 files changed, 14424 insertions(+), 3393 deletions(-)
Bugs have been fixed, some new features have been implemented and but many ideas are still pending...
It is hard to find enough time to code everything!
The following news is based on commit ebe248f, so you can give this version of Chrysalide a try by running:
git clone http://git.0xdeadc0de.fr/chrysalide.git cd chrysalide git checkout ebe248f
As usual, the next step is to follow the installation procedure.
Once again the memory footprint has been reduced!
At first, the size of operands with no alternative rendering has been compressed (commit 0320d85).
A memory leak in the disassembling process has been fixed, too (commit f2f54bb).
The first change is about displayed binary raw code: its rendering has been restored (commit b3471e0, but it got hidden by default (commit c447efb) and the quantity of binary code shown for arrays has been limited (commit 9703198).
The expected behavior of the reference naming convention was restored by the commit 222c14b: the "sub_" prefix is now always assigned to subroutines and the "loc_" one to code labels.
- all string symbols referenced by instructions now get a label.
- the last byte is taken into account when analyzing the string section.
So we leaved this initial situation:
To get this final state:
Then this has been extended to various items by the commit a2f149e: immediate operands and strings.
For routines, the number of displayed items is defined from the global configuration (commit 4f3f96c).
The last part targets immediate operand conversions: a bug in the production of binary values has been fixed in commit 78169fc. A validation in the test suite has been added thanks to the new Python bindings for immediate operands brought by the commit 4319c0a.
Debugging with Chrysalide
Initial support for the GDB Remote Serial Protocol has been added. This is a big change (see commit 94fd405).
Currently the following new features can only be reached though the Python bindings:
- resume or run step by step a static ARM binary.
- read or write registers.
- read or write memory.
- define user breakpoints.
- get the call stack.
Rebasing a disassembled code or driving a debugging session from the GUI is scheduled for later!
Improved ELF support
The remaining space is now checked before inserting new instructions (commit 499f009).
Moreover, all sections which are not allocated in the memory of a running process are handled (commit b8d5a53).
This drives to new special situations, such as handling overlapping sections:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al ...  .bss NOBITS 00012088 002084 000044 00 WA 0 0 8  .ARM.attributes ARM_ATTRIBUTES 00000000 002084 000037 00 0 0 1  .shstrtab STRTAB 00000000 0020bb 0000ed 00 0 0 1
Handling more sections also pointed that the built binary portion tree was not accurate. A proper algorithm has been implemented to fix the building (commit 2409614). It adds more checks, but nothing that can be noticed at runtime.
Finally, strings are searched from extra ELF sections (".interp", ".shstrtab" and ".strtab") with the commit ebe248f.
Testing bits in bitfields has also been improved. The old test_in_bit_field() method was processing a range of bits and was providing true if all bits were set. But false as result didn't mean that all bits were unset. So two new functions called test_all_in_bit_field() and test_none_in_bit_field() have been created, and test_in_bit_field() now only tests one bit (commit dda6863).
The instruction link type meaning there is no link has been removed (commit 404c117).
The useless STP_FUNCTION symbol type has been removed and replaced by STP_ROUTINE when needed (commit e5bda75).
The connection to the database is working again: buggy code involved when updating database for connected clients (commit 94792f7) and various copy/paste mistakes in the database protocol (packing vs unpacking data: commit 1de9967) have been fixed.
The rendering of lines in the "Goto" dialog box is back (commit 88e34a0). Thus the first line content of each entry point is displayed again for instance.
Posted on March 31, 2017 at 20:43.