binrec-tob icon indicating copy to clipboard operation
binrec-tob copied to clipboard
verified publisher icon trailofbits

Initial Support for Callbacks

Open ameily opened this issue 3 years ago • 1 comments

Add some initial support for lifting callback functions, which will entail:

  • Lift the actual callback function and make sure it is not removed by DCE
  • Update function calls that register the callback, for example: 
    // original code
atexit(&my_callback);
// lifted code
atexit(&lifted_my_callback);

This initial support will target atexit with the goal of having it extensible for other callbacks.

ameily avatar Aug 11 '22 14:08 ameily

I pushed my work in progress branch, which is currently broken, to support-callbacks. There are two new passes:

  • globalize_function_addresses - identifies potential funciton pointer values and makes them global variables named Callback_<address>
  • replace_local_function_pointers - for each global callback address variable, find uses, and replace the use with the lifted function's address

The lifting is crashing for a sample that uses atexit which I believe is because the cast from function to i32 is incorrect.

ameily avatar Aug 17 '22 19:08 ameily