From 5e4cb38db62dd069692c28bbe7afa34d2edfebdd Mon Sep 17 00:00:00 2001 From: Ilfak Guilfanov Date: Tue, 21 Feb 2023 12:09:18 +0100 Subject: [PATCH] optimize candidate replacement instructions before scoring them. this leads to better scores because useless mov(0) operands disappear and we apply optimizations more aggressively (fixes #3) --- mba.cfg | 17 ----------------- optimizer.cpp | 11 ++++++++--- optimizer.hpp | 2 -- 3 files changed, 8 insertions(+), 22 deletions(-) delete mode 100644 mba.cfg diff --git a/mba.cfg b/mba.cfg deleted file mode 100644 index 8d00f3d..0000000 --- a/mba.cfg +++ /dev/null @@ -1,17 +0,0 @@ - -// This configuration file is used by the mixed_bool_arith plugin, which -// provides deobfuscation functionality for expressions obfuscated with -// mixed boolean arithmetic expressions. - -// By default, the plugin only engages through a right-click menu option. -// Set the below option to YES to make the plugin engage automatically -// when the decompiler is invoked. -MBA_RUN_AUTOMATICALLY = NO -// The timeout in ms for z3 proofs. Set this to 0 to disable z3 proofs -// entirely and assume simplifications are correct after heuristic checks. -MBA_Z3_TIMEOUT = 1000 -// When z3 times out, should the simplification be assumed correct? -MBA_Z3_ASSUME_TIMEOUTS_CORRECT = YES -// Path to an MBA oracle. Leave this empty to disable the function -// fingerprinting algorithm and use only linear methods. -MBA_ORACLE_PATH = ""; diff --git a/optimizer.cpp b/optimizer.cpp index de3ed09..83a0476 100644 --- a/optimizer.cpp +++ b/optimizer.cpp @@ -5,10 +5,10 @@ * gooMBA plugin for Hex-Rays Decompiler. * */ + #include #include "z3++_no_warn.h" - #include "optimizer.hpp" //-------------------------------------------------------------------------- @@ -26,7 +26,11 @@ inline void set_cmt(ea_t ea, const char *cmt) } //-------------------------------------------------------------------------- -bool check_and_substitute(minsn_t *insn, minsn_t *cand_insn, uint z3_timeout, bool z3_assume_timeouts_correct) +static bool check_and_substitute( + minsn_t *insn, + minsn_t *cand_insn, + uint z3_timeout, + bool z3_assume_timeouts_correct) { bool ok = false; int original_score = score_complexity(*insn); @@ -103,7 +107,6 @@ bool optimizer_t::optimize_insn(minsn_t *insn) { bool success = false; auto start_time = std::chrono::high_resolution_clock::now(); - minsn_set_t candidate_set; // recall minsn_set_t is automatically sorted by complexity if ( insn->has_side_effects(true) ) { @@ -117,6 +120,7 @@ bool optimizer_t::optimize_insn(minsn_t *insn) try { + minsn_set_t candidate_set; // recall minsn_set_t is automatically sorted by complexity auto equiv_class_start = std::chrono::high_resolution_clock::now(); if ( equiv_classes != nullptr ) equiv_classes->find_candidates(candidate_set, *insn); @@ -137,6 +141,7 @@ bool optimizer_t::optimize_insn(minsn_t *insn) for ( minsn_t *cand : candidate_set ) { + cand->optimize_solo(); // get rid of useless mov(#0) operands if ( check_and_substitute(insn, cand, z3_timeout, z3_assume_timeouts_correct) ) { if ( qgetenv("VD_MBA_LOG_PERF") ) diff --git a/optimizer.hpp b/optimizer.hpp index f654424..79d9d59 100644 --- a/optimizer.hpp +++ b/optimizer.hpp @@ -21,8 +21,6 @@ inline void substitute(minsn_t *insn, minsn_t *cand) insn->swap(*cand); } -bool check_and_substitute(minsn_t *insn, const candidate_expr_t &cand); - //-------------------------------------------------------------------------- class optimizer_t {