Self-made Disassembly reverse analysis tool Iteration Sixth version (v)

This tool from the original version of the jump distribution map only to more visually analyze the branch structure of the disassembly code, the third version of the visual map to start the reverse branching code output, the fourth version of the branch output strategy of some exploration, the fifth version of the combination of previous exploration to improve. The sixth edition is enhanced on the basis of the current functionality, using the basic functions of the sixth edition (i)-literal translation, Sixth edition (ii) to add conditional judgment to conditional branching, and to improve the reference to alternate parameters at function calls.

The sixth edition (iii) combines (i) and (ii) Together for reverse code output.

The sixth edition (iv), on the basis of (c), increases the inverse of the Atomic Operations Directive and the inverse of C + + functions.

This article is (v), to the C-style function symbol call translation, by importing C-style symbol function prototype to reference the analysis.

In an introduction to the use of C + + style function symbol call case, referred to the C-style function symbol does not have much prototype information for reference, but it is not overloaded, parameter conventions use standard conventions, so the ancient (old-fashioned) approach is good. Is the function prototype that imports C-style symbols (mainly symbol names and parameter sequences).

With external reference information, you can use the appropriate registers and storage units for function calls. I do not want the machine to try to assumption guess a sequence of function parameters that do not know the prototype, because it is too much, and not rigorous, the machine guess misleading pits bigger. Imagine a C-style function, can you tell whether it is foo (double, int) or foo (int, double) from the workflow of the prepared parameters before the function is called? I can not do this Superman program, I have to use external information to guide the machine for analysis work.

The following code is attached to the reverse machine:

ca::transaction::add_root{//0 Pushq%RBP//1 RBP = RSP; //4 Pushq%r14//6 Pushq%RBX//7 RBX = RSI; //ten R14 = RDI; //RDI = & ca::transaction::roots_lock; // CallOsspinlocklock (Ca::transaction::roots_lock); //rdi = ca::transaction::roots; //testq%rdi,%rdi// *    if(!) {//(0! = RDI)//PNs edi = 0; //0 esi =; //edx = 0; //ecx = 0; //r8d = 0; //r9d = 0; // CallX_hash_table_new_ (0,0,0,0,0,0); //rdi = Rax; //ca::transaction::roots = RDI;}// the//The rsi = RBX; //The RDX = RBX; // CallX_hash_table_insert ((x_hash_table*) Rax, (uintptr_t) ESI, (uintptr_t) edx); //testb%al,%al// -    if(!) {//(0 = = AL)//Bayi Lock//OSAtomicIncrement32 (volatile int32_t*) &rbx->_0); //Testb $0x10, 0x84 (%r14)// the        if(!) {//(0 = = (0x10 & r14->_84))//94 Rax = (int64_t) (int32_t&) r14->_8; //98 TESTQ%rax,%rax//101            if() {//98 (0 > Rax)//Gen JMP 113                Goto_f113; //103 Cmpl $0x0, 0xa8 (%rbx,%rax,4)}//111            Else if() {//103 ((int32_t&) ((uint32_t*) &rbx->_a8) [Rax]! = 0x0)//Gen JMP 124                Goto_f124; }            Else{//111 Next_f113://From 101}//113//113 Rdi = RBX; //The rsi = R14; //119 Call((ca::layer*) RBX)->thread_flags_ ((ca::transaction*) R14); _f124://From 111}//124}//124//124 Rdi = & Ca::transaction::roots_lock; //131 POPQ%RBX//POPQ%r14//134 POPQ%RBP//135 ret    return;//jmp 0x1041ecb2a; symbol stub for:osspinlockunlock//RBX = Rax; //143 rdi = & Ca::transaction::roots_lock; // CallOsspinlockunlock (Ca::transaction::roots_lock); //155 rdi = RBX; //158 Call_unwind_resume; //163 NOP/** * * Global variables**///extern ent_off__0x5146c;     Leaq 0x51458 (%rip),%rdi; Ca::transaction::roots_lock//extern ent_off__0x51464;     Movq 0x51444 (%rip),%rdi; Ca::transaction::roots//ent_off__0x51464 extern;     Movq%rdi, 0x51422 (%rip); Ca::transaction::roots//124 extern ent_off__0x5146c;     Leaq 0x513e9 (%rip),%rdi; Ca::transaction::roots_lock//143 extern ent_off__0x5146c;     Leaq 0x513d6 (%rip),%rdi; Ca::transaction::roots_lock}

Ca::transaction::add_root

ca::transaction::run_deferred_visibility_layer_calls{//0 Pushq%RBP//1 RBP = RSP; //4 Pushq%r15//6 Pushq%r14//8 Pushq%RBX//9 Pushq%rax//ten R14 = RDI; //RBX = r14->_78; //testq%RBX,%RBX// -    if(!) {//(0 = = RBX)_b22://From Bayi//R15 = rbx->_0; //testq%r15,%r15// -        if(!) {//(0 = = R15)//rdi = R15; // Call((ca::layer*) R15)call_did_become_visible (); //eax = 0xFFFFFFFF; //Lock//OSAtomicAdd32 (eax, (volatile int32_t*) &r15->_0); //Cmpl $0x1,%eax//Wuyi            if(!) {//(eax! = 0x1)//rdi = R15; // Call((ca::layer*) R15)->~Layer (); //The edi = 0XB; //The rsi = R15; // CallX_mem_dealloc_bucket (0xb, (void*) R15); } // About}// About//RBX = rbx->_8; //testq%RBX,%RBX//Bayi        if()//(0! = RBX)            Goto_b22; //RDI = r14->_78; // CallX_list_free ((x_list*) r14->_78); //r14->_78 = 0x0;}// -//RSP = rsp + 0x8; //104 POPQ%RBX//POPQ%r14//107 POPQ%r15//109 POPQ%RBP//retreturn;//111 NOP}

Ca::transaction::run_deferred_visibility_layer_calls

Self-made Disassembly reverse analysis tool Iteration Sixth version (v)