Custom use cases - projectbtle/argXtract GitHub Wiki
If you want to configure argXtract to test for API calls that have not been provided in this repo, then you will need to:
- Create a vendor-specific folder.
- Create a
chipset-analyser.pyfile. - Provide mechanisms for
argXtractto identify the API calls within disassembled code. This process is simple if the API calls are translated tosvcinstructions and less simple if they are normal function calls. - Specify the argument structures within argument defintion files.
If you're interested only in extending the range of API calls for an existing vendor, then you can skip steps 1 and 2. The example below assumes creating a new use case from scratch.
To better illustrate how to configure argXtract for custom use cases, we will use an artificial example. We will assume we are interested in an API call that we name ExampleAPICall, from a vendor ExampleVendor.
The first step is to create a folder: <root>/argxtract/resources/vendor/ExampleVendor/.
Create a subfolder named args, i.e., <root>/argxtract/resources/vendor/ExampleVendor/args/.
If ExampleAPICall is a normal function call, then also create a subfolder named fpfs within the vendor folder: <root>/argxtract/resources/vendor/ExampleVendor/fpfs/. If ExampleAPICall gets translated to a supervisor call (i.e., svc instruction), then this can be skipped. We will describe both possibilities.
Copy the chipset_analyser.py file from <root>/argxtract/resources/vendor/stm to <root>/argxtract/resources/vendor/ExampleVendor/. If you want to perform vendor/chipset-specific tests, you can modify the relevant parts within the file. Otherwise, leave it as it is for now.
If ExampleAPICall gets translated to a supervisor call (i.e., svc instruction), then go to SVC mode.
If ExampleAPICall is a normal function call, then go to Function mode