This is the third and last digest for 2016 about what happened to the the development of Chrysalide during the last months.
The following news is based on commit cfe99bb, so you can give this version of Chrysalide a try by running:
git clone http://git.0xdeadc0de.fr/chrysalide.git cd chrysalide git checkout cfe99bb
And then follow the installation procedure.
A lot of time was spent on code refactoring these last two months. The process is not yet completed, but Chrysalide already became less memory consuming and loading big binaries now run faster.
Here are some Git statistics:
git diff --stat df579a2..HEAD | tail -1 1041 files changed, 20630 insertions(+), 27234 deletions(-)
As there are 4334 files in the repository and about 86k lines of C code, this is a big change !
All the work is not yet done, so some features are currently disabled.
New way to display code
The chaos of widgets rendering code has disappared, and the new display widgets now better follow the Model-View-Controler design pattern (commit 932ea7c).
This is the main commit of this digest. Rendering lines now rely on generators, which produce output only when requested. This saves a lot of memory and provides enough flexibility to create hexadecimal displays for instance:
A new "--enable-dump-stats" option available at compile time allows to see the benefits:
GDalvikRegister: current = 66 / 2640 - needed = 496299 / 19851960 (size=40, saved=19849320) GDalvikArgsOperand: current = 1551 / 111672 - needed = 59007 / 4248504 (size=72, saved=4136832) GDalvikPoolOperand: current = 27123 / 1952856 - needed = 199966 / 14397552 (size=72, saved=12444696) GDalvikRegisterOperand: current = 66 / 4752 - needed = 496299 / 35733528 (size=72, saved=35728776)
In this case, for the Dalvik operands, more than 100Mb of RAM were saved!
To track shared instances, the old GHashTable has been abandoned for a faster sorted array (commit d50544a).
Use all CPUs Luke!
Cutting binaries into parts of code and data to disassemble has been improved (commit 9f9041e) and now runs faster.
Collecting disassembled instructions is now faster too (commit 5e76e91).
Thus instructions can be browsed in a loop such as:
for ins in binary.processor.instrs: print(ins.keyword)
There is also an incoming change in Chrysalide theme handling. For now, the commit 2df715e prepares the base of this evolution by defining one directory per theme.
Most of this code was a first naive attempt to get decompilation features or to deal with basic blocks in the hard way. Currently useless, and easily improvable in case of a new try to implement such features.
Moreover, the compilation process lost a lot of warnings thanks to these removals and extra care (commit 172e450).
And there is finally no more reference to OpenIDA, the old name of Chrysalide, in the sources (commit 01f6cd5).
Happy new year!
Posted on December 31, 2016 at 19:24.