Disassemble backwards in variable width instruction sets#3898
Disassemble backwards in variable width instruction sets#3898OBarronCS wants to merge 5 commits into
Conversation
|
The test failures are from now disassembling backwards where we previously couldn't. I'm considering adding a setting for the tests like `disable_backwards_heuristic_disassembly" for the tests, rather than changing the 75+ that have changed. |
I think that's fine, though would be nice to then have some tests that cover this behavior specifically. |
|
I'm thinking if we should only disassemble backwards until we hit a new symbol, or if it makes sense to do it this way where you can see behind the function you call into. |
We could color code them (greying them out seems quite intuitive) or set a marker right above the PC that denotes this maybe (something like |
|
btw i didn't check the source yet but do you use function beginnings as a heuristic to help with disassembling backwards |
|
It currently doesn't check function boundaries/symbols. |
…e linear fallback during for context display
…iddle of an instruction
…ode gray to indicate they are not emulated
b64efe8 to
5ccbcb4
Compare
This implements disassembling backwards in variable width instruction architectures to implement #3784.
Prior to this PR, if you hit a breakpoint or did
nearpc random_address, and if the disassembly system had not already encountered the surrounding sequence of instructions before, then we were unable to display the "previous" instructions behind the instruction pointer.This implements a method to "guess" the valid sequence of instructions that lead to the current instruction, allowing disassembling backwards. Since ISA's like x86 are not self-synchronizing, we do a best-effort guess at determining the true instruction boundaries.
The method is simple: start a certain amount of bytes in the past, and start disassembling towards the current instruction. We will assume that after a certain number of disassembled instructions, that the sequence will "self-align" to the real sequence (which works in practice).
There is one case where this might not be desirable (i.e. changes longstanding pwndbg behavior), which is stepping into a function call. Previously, when you stepped into a call, the first instruction would be the first one displayed. Now, because we can disassemble backwards, it displays the instructions linearly behind the instruction.
This can get confusing, giving we are now mixing emulation (displaying the true sequence of instruction) with sometimes displaying instructions linearly behind the address.