Beispiel #1
0
        public ImageSymbol CreateImageSymbol(ElfSymbol sym, bool isExecutable)
        {
            if (!isExecutable && sym.SectionIndex > 0 && sym.SectionIndex >= Sections.Count)
            {
                return(null);
            }
            SymbolType?st = GetSymbolType(sym);

            if (st == null || st.Value == SymbolType.Unknown)
            {
                return(null);
            }
            // If this is a relocatable file, the symbol value is
            // an offset from the section's virtual address.
            // If this is an executable file, the symbol value is
            // the virtual address.
            var addr = isExecutable
                ? platform.MakeAddressFromLinear(sym.Value, true)
                : Sections[(int)sym.SectionIndex].Address + sym.Value;

            var dt     = GetSymbolDataType(sym);
            var imgSym = ImageSymbol.Create(
                st.Value,
                this.Architecture,
                addr,
                sym.Name,
                dt);

            imgSym.ProcessorState = Architecture.CreateProcessorState();
            return(imgSym);
        }
Beispiel #2
0
        /// <summary>
        /// Generates a stream of <see cref="RtlInstructionCluster"/>s.
        /// </summary>
        /// <remarks>
        /// The default implementation should work for most architectures, but you have the option
        /// of overriding for specialized testing.
        /// </remarks>
        protected virtual IEnumerable <RtlInstructionCluster> GetRtlStream(MemoryArea mem, IStorageBinder binder, IRewriterHost host)
        {
            var state = Architecture.CreateProcessorState();
            var rdr   = Architecture.Endianness.CreateImageReader(mem, 0);

            return(Architecture.CreateRewriter(rdr, state, binder, host));
        }
 protected override IEnumerable <RtlInstructionCluster> GetRtlStream(IStorageBinder binder, IRewriterHost host)
 {
     return(Architecture.CreateRewriter(
                new BeImageReader(image, image.BaseAddress),
                Architecture.CreateProcessorState(),
                binder,
                host));
 }
Beispiel #4
0
 protected override IEnumerable <RtlInstructionCluster> GetRtlStream(MemoryArea mem, IStorageBinder binder, IRewriterHost host)
 {
     return(Architecture.CreateRewriter(
                mem.CreateBeReader(mem.BaseAddress),
                Architecture.CreateProcessorState(),
                binder,
                host));
 }
Beispiel #5
0
        public override RelocationResults Relocate(Address addrLoad)
        {
            var eps = new List <EntryPoint>();

            if (OriginalEntryPoint != null)
            {
                eps.Add(new EntryPoint(OriginalEntryPoint, Architecture.CreateProcessorState()));
            }
            return(new RelocationResults(eps, new RelocationDictionary()));
        }
Beispiel #6
0
        public override ProcedureBase GetTrampolineDestination(EndianImageReader rdr, IRewriterHost host)
        {
            var rw = Architecture.CreateRewriter(
                rdr,
                Architecture.CreateProcessorState(),
                Architecture.CreateFrame(), host);
            var rtlc = rw.FirstOrDefault();

            if (rtlc == null || rtlc.Instructions.Count == 0)
            {
                return(null);
            }

            // Match x86 pattern.
            // jmp [destination]
            Address addrTarget = null;
            var     jump       = rtlc.Instructions[0] as RtlGoto;

            if (jump != null)
            {
                var pc = jump.Target as ProcedureConstant;
                if (pc != null)
                {
                    return(pc.Procedure);
                }
                var access = jump.Target as MemoryAccess;
                if (access == null)
                {
                    return(null);
                }
                addrTarget = access.EffectiveAddress as Address;
                if (addrTarget == null)
                {
                    var wAddr = access.EffectiveAddress as Constant;
                    if (wAddr == null)
                    {
                        return(null);
                    }
                    addrTarget = MakeAddressFromConstant(wAddr);
                }
            }
            if (addrTarget == null)
            {
                return(null);
            }
            ProcedureBase proc = host.GetImportedProcedure(addrTarget, rtlc.Address);

            if (proc != null)
            {
                return(proc);
            }
            return(host.GetInterceptedCall(addrTarget));
        }
Beispiel #7
0
 protected ImageSymbol EnsureEntryPoint(List <ImageSymbol> entryPoints, SortedList <Address, ImageSymbol> symbols, Address addr)
 {
     if (addr == null)
     {
         return(null);
     }
     if (!symbols.TryGetValue(addr, out ImageSymbol ep))
     {
         ep = ImageSymbol.Procedure(this.Architecture, addr);
         ep.ProcessorState = Architecture.CreateProcessorState();
         symbols.Add(addr, ep);
     }
     entryPoints.Add(ep);
     return(ep);
 }
Beispiel #8
0
        public override RelocationResults Relocate(Program program, Address addrLoad)
        {
            var eps  = new List <ImageSymbol>();
            var syms = new SortedList <Address, ImageSymbol>();

            if (OriginalEntryPoint != null)
            {
                var sym = new ImageSymbol(OriginalEntryPoint)
                {
                    ProcessorState = Architecture.CreateProcessorState()
                };
                syms.Add(sym.Address, sym);
                eps.Add(sym);
            }
            return(new RelocationResults(eps, syms));
        }
Beispiel #9
0
        /// <summary>
        /// The sequence
        ///     lui rX,hiword
        ///     lw  rY,[rX + loword]
        ///     jr  rY
        /// is treated as a trampoline.
        /// </summary>
        /// <param name="imageReader"></param>
        /// <param name="host"></param>
        /// <returns></returns>
        public override ProcedureBase GetTrampolineDestination(ImageReader imageReader, IRewriterHost host)
        {
            var rtls = Architecture.CreateRewriter(
                imageReader,
                Architecture.CreateProcessorState(),
                Architecture.CreateFrame(),
                host)
                       .Take(3)
                       .ToArray();

            if (rtls.Length < 3)
            {
                return(null);
            }
            var instrs = rtls
                         .SelectMany(rtl => rtl.Instructions)
                         .ToArray();

            for (int i = 0; i < 3; ++i)
            {
                if (!trampPattern[i].Match(instrs[i]))
                {
                    return(null);
                }
            }
            if (trampPattern[0].CapturedExpressions("r0d") != trampPattern[1].CapturedExpressions("r1s"))
            {
                return(null);
            }
            if (trampPattern[1].CapturedExpressions("r1d") != trampPattern[2].CapturedExpressions("r2s"))
            {
                return(null);
            }
            var           hi         = (Constant)trampPattern[0].CapturedExpressions("hi");
            var           lo         = (Constant)trampPattern[1].CapturedExpressions("lo");
            var           c          = Operator.IAdd.ApplyConstants(hi, lo);
            var           addrTarget = MakeAddressFromConstant(c);
            ProcedureBase proc       = host.GetImportedProcedure(addrTarget, rtls[2].Address);

            if (proc != null)
            {
                return(proc);
            }
            return(host.GetInterceptedCall(addrTarget));
        }
Beispiel #10
0
 public ProcessorState CreateProcessorState()
 {
     return(Architecture.CreateProcessorState());
 }
Beispiel #11
0
        public override Program LoadProgram(Address?addrLoad)
        {
            // First load the file. This gives us a (writeable) image and
            // the packed entry point.
            var origLdr = this.originalImageLoader;
            var program = origLdr.LoadProgram(origLdr.PreferredBaseAddress);

            this.ImageMap     = program.SegmentMap;
            this.Architecture = program.Architecture;
            var ep = program.EntryPoints.Values.First();

            program.ImageSymbols.Clear();
            program.EntryPoints.Clear();
            var envEmu = program.Platform.CreateEmulator(program.SegmentMap, program.ImportReferences);
            var emu    = program.Architecture.CreateEmulator(program.SegmentMap, envEmu);

            this.debugger                   = new Debugger(program.Architecture, emu);
            this.scriptInterpreter          = new OllyLangInterpreter(Services, program.Architecture);
            this.scriptInterpreter.Host     = new OdbgScriptHost(this, program);
            this.scriptInterpreter.Debugger = this.debugger;
            emu.InstructionPointer          = ep.Address;
            emu.BeforeStart                += emu_BeforeStart;
            emu.ExceptionRaised            += emu_ExceptionRaised;

            var stackSeg = envEmu.InitializeStack(emu, ep.ProcessorState !);

            scriptInterpreter.Script = LoadScript(scriptInterpreter.Host, Argument !);
            emu.Start();
            envEmu.TearDownStack(stackSeg);

            foreach (var ic in envEmu.InterceptedCalls)
            {
                program.InterceptedCalls.Add(ic.Key, ic.Value);
            }
            if (OriginalEntryPoint != null)
            {
                var sym = ImageSymbol.Procedure(program.Architecture, OriginalEntryPoint, state: Architecture.CreateProcessorState());
                program.ImageSymbols[sym.Address] = sym;
                program.EntryPoints[sym.Address]  = sym;
            }
            return(program);
        }