annotate Attributes argument for SetVariable() when possible (#102)

* improve tid_t initialisation for MACRO_ types (enums); annotate Attributes argument for SetVariable() when possible * apply op_enum() for Attributes only when operand is an immediate value
binarly-io · Dec 7, 2024 · 1dd1ef7 · 1dd1ef7
1 parent 55d3f23
commit 1dd1ef7
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 17 deletions.
diff --git a/efiXplorer/efi_analysis.h b/efiXplorer/efi_analysis.h
@@ -130,6 +130,7 @@ class efi_analyser_t {
   ea_list_t m_double_get_variable;
 
   tid_t m_macro_efi_tid;
+  tid_t m_macro_var_attr_tid;
 
   // mask and masked value for MACRO_EFI enum value detection
   uint64_t m_mask = 0;
@@ -373,14 +374,8 @@ class efi_analyser_x86_t : public efi_analyser_t {
     import_type(idati, -1, "EFI_PEI_SERVICES");
     import_type(idati, -1, "EFI_PEI_READ_ONLY_VARIABLE2_PPI");
     import_type(idati, -1, "EFI_SMM_VARIABLE_PROTOCOL");
-    import_type(idati, -1, "MACRO_VARIABLE_ATTRIBUTE");
-
-#if IDA_SDK_VERSION >= 900
-    tinfo_t tinfo;
-    if (tinfo.get_named_type(idati, "MACRO_EFI")) {
-      m_macro_efi_tid = tinfo.force_tid();
-    }
-#endif
+    m_macro_efi_tid = import_type(idati, -1, "MACRO_EFI");
+    m_macro_var_attr_tid = import_type(idati, -1, "MACRO_VARIABLE_ATTRIBUTE");
 
 #ifdef HEX_RAYS
     for (auto idx = 0; idx < get_entry_qty(); idx++) {
@@ -436,14 +431,8 @@ class efi_analyser_arm_t : public efi_analyser_t {
     import_type(idati, -1, "EFI_HANDLE");
     import_type(idati, -1, "EFI_RUNTIME_SERVICES");
     import_type(idati, -1, "EFI_SYSTEM_TABLE");
-    import_type(idati, -1, "MACRO_VARIABLE_ATTRIBUTE");
-
-#if IDA_SDK_VERSION >= 900
-    tinfo_t tinfo;
-    if (tinfo.get_named_type(idati, "MACRO_EFI")) {
-      m_macro_efi_tid = tinfo.force_tid();
-    }
-#endif
+    m_macro_efi_tid = import_type(idati, -1, "MACRO_EFI");
+    m_macro_var_attr_tid = import_type(idati, -1, "MACRO_VARIABLE_ATTRIBUTE");
   }
 
   ~efi_analyser_arm_t() {
@@ -469,6 +458,7 @@ class efi_analyser_arm_t : public efi_analyser_t {
   ea_list_t m_rt_list_arm;
 
   tid_t m_macro_efi_tid;
+  tid_t m_macro_var_attr_tid;
 
   bool get_protocol(ea_t address, uint32_t p_reg, std::string service_name);
   bool set_enums_repr(ea_t ea, insn_t insn);

diff --git a/efiXplorer/efi_analysis_x86.cc b/efiXplorer/efi_analysis_x86.cc
@@ -2372,9 +2372,22 @@ bool efi_analysis::efi_analyser_t::analyse_variable_service(
       {0x00000008, "HARDWARE_ERROR_RECORD"},
       {0x00000010, "AUTHENTICATED_WRITE_ACCESS"}};
 
-  addr = args[2]; // attributes argument
+  addr = args[2]; // Attributes argument
   decode_insn(&insn, addr);
 
+  if (insn.itype == NN_mov && insn.ops[1].type == o_imm) {
+    // attempt to annotate Attributes argument
+    //
+    // mostly we see such code where op_enum() does not
+    // help, because operand is not an immediate value:
+    // mov r9d, X      ; DataSize
+    // lea r8d, [r9+Y] ; Attributes (X + Y)
+    //
+    // however, it will work when we encounter:
+    // mov r8d, X      ; Attributes
+    op_enum(addr, 1, m_macro_var_attr_tid, 0);
+  }
+
   if (insn.itype == NN_xor && insn.ops[0].type == o_reg &&
       insn.ops[1].type == o_reg && insn.ops[0].reg == insn.ops[1].reg &&
       insn.ops[0].reg == R_R8) {