miasm icon indicating copy to clipboard operation
miasm copied to clipboard
verified publisher icon cea-sec

Jump tables not supported

Open nofiv opened this issue 6 years ago • 5 comments

Function _dis_block could try to recognize jump tables

nofiv avatar Feb 01 '19 11:02 nofiv

Well, I think @serpilliere has some tries with pattern matching jump tables. In general case, it is actually a more complex problem, as some kind of range analysis is needed to track range of values used in the jump expression. In addition, this could be architecture agnostic. For these reasons, it would probably be better to do this analysis in IR, rather than at disassembly time.

commial avatar Feb 03 '19 11:02 commial

Hi!

Actually, the poc is pattern matching on the IR, so it actually recognize jump table on multiple architectures (x86/arm/powerpc/...). I will push this in a near future :smiley:

serpilliere avatar Feb 03 '19 13:02 serpilliere

Has there, please, been any progress regarding the jump table recognition in the meantime @serpilliere ?

nofiv avatar Jun 17 '20 19:06 nofiv

Nop: we didn't take time to implement this for now.

serpilliere avatar Jun 19 '20 09:06 serpilliere

Hello, I eventually came up with this, I also ended up converting jump tables to if-else chains since it made reassembling them easy later on. In case the solution resembles your idea of range analysis and you don't intend to push your version anytime soon, I can rewrite mine properly and open a PR if you're interested

nofiv avatar Jan 14 '21 18:01 nofiv