public override IEnumerable<Address> CreatePointerScanner(SegmentMap map, EndianImageReader rdr, IEnumerable<Address> knownAddresses, PointerScannerFlags flags) { return new Arm32PointerScanner(rdr, knownAddresses.Select(a => a.ToUInt32()).ToHashSet(), flags) .Select(lin => Address.Ptr32(lin)); }
public override IEnumerable <Address> CreatePointerScanner(SegmentMap map, EndianImageReader rdr, IEnumerable <Address> knownAddresses, PointerScannerFlags flags) { var knownLinAddresses = knownAddresses.Select(a => a.ToUInt32()).ToHashSet(); return(new M68kPointerScanner(rdr, knownLinAddresses, flags).Select(li => Address.Ptr32(li))); }
public override SystemService FindService(int vector, ProcessorState state, SegmentMap segmentMap) { throw new NotImplementedException(); }
public override IEnumerable <Address> CreatePointerScanner(SegmentMap map, EndianImageReader rdr, IEnumerable <Address> knownAddresses, PointerScannerFlags flags) { var knownLinAddresses = knownAddresses.Select(a => a.ToUInt32()).ToHashSet(); return(ProcessorModel.CreatePointerScanner(rdr, knownLinAddresses, flags).Select(li => map.MapLinearAddressToAddress(li))); }
public override IProcessorEmulator CreateEmulator(SegmentMap segmentMap, IPlatformEmulator envEmulator) { return(mode.CreateEmulator(this, segmentMap, envEmulator)); }
public override IProcessorEmulator CreateEmulator(SegmentMap segmentMap, IPlatformEmulator envEmulator) { throw new NotImplementedException(); }
public override Program Load(Address addrLoad) { uint dst = PspSize; for (;;) { if (bitStm.GetBit() == 0) { abU[dst++] = bitStm.GetByte(); continue; } // Read span length int CX = 0; int BX = bitStm.AccumulateBit(0); // bx= [0-1] BX = bitStm.AccumulateBit(BX); // bx= [0-3] if (BX < 0x02) { BX = bitStm.AccumulateBit(BX); // bx=[0-3] if (BX != 0) { BX = bitStm.AccumulateBit(BX); // bx=[2-7] if (BX >= 0x05) { BX = bitStm.AccumulateBit(BX); // bx=[0xA - 0xF] if (BX > 0x0C) { BX &= 0x03; BX = bitStm.AccumulateBit(BX); if (BX >= 0x05) { BX = bitStm.AccumulateBit(BX); if (BX > 0x0C) { BX = BX & 0x03; BX = bitStm.AccumulateBit(BX); if (BX >= 0x05) { BX = bitStm.AccumulateBit(BX); } CX = ab0211[BX + 0x0B]; goto l00C5; } } CX = ab0211[BX]; if (CX != 0x19) { goto l00C5; } byte AL = bitStm.GetByte(); CX += AL; if (AL < 0xFE) { goto l00C5; } /* * ES = ES + ((DI - 0x2000) >> 4); * DI = (DI & 0F) + 0x2000; * * DS = DS + (SI >> 4); * SI = SI & 0x0F; * DS = DS + BX; * */ if (AL == 0xFF) // done! { goto l01C8; } continue; } } } BX = ab0206[BX]; } CX = BX; // Read offset in dictionary. l00C5: BX = 0; if (CX == +02) { dst = CopyDictionaryWord(abU, BX, CX, bitStm, dst); continue; } if (bitStm.GetBit() != 0) { dst = CopyDictionaryWord(abU, BX, CX, bitStm, dst); continue; } BX = bitStm.AccumulateBit(BX); // bx: [0-1] BX = bitStm.AccumulateBit(BX); // bx: [0-3] BX = bitStm.AccumulateBit(BX); // bx: [0-7] if (BX < 02) { dst = CopyDictionaryWord2(abU, BX, CX, bitStm, dst); continue; } BX = bitStm.AccumulateBit(BX); if (BX < 08) { dst = CopyDictionaryWord2(abU, BX, CX, bitStm, dst); continue; } BX = bitStm.AccumulateBit(BX); if (BX < 0x17) { dst = CopyDictionaryWord2(abU, BX, CX, bitStm, dst); continue; } BX = bitStm.AccumulateBit(BX); BX = (BX & 0x00DF) << 8; dst = CopyDictionaryWord(abU, BX, CX, bitStm, dst); continue; } /* * l01C8: * 5B POP BX * 2DE9:01C9 8BEB MOV BP,BX // unpackedBase * 2DE9:01CB 83C310 ADD BX,+10 // BX => unpackedBase + 0x100 */ l01C8: imgU = new MemoryArea(addrLoad, abU); segmentMap = new SegmentMap(imgU.BaseAddress, new ImageSegment("image", imgU, AccessMode.ReadWriteExecute)); return(new Program(segmentMap, arch, platform)); }
public abstract IProcessorEmulator CreateEmulator(IntelArchitecture arch, SegmentMap segmentMap, IPlatformEmulator envEmulator);
public SystemService FindService(RtlInstruction call, ProcessorState state, SegmentMap segmentMap) { throw new NotImplementedException(); }
public MemoryArea Unpack(byte [] abC, Address addrLoad) { // Extract the LZ stuff. ImageReader rdr = new LeImageReader(abC, (uint)lzHdrOffset); lzIp = rdr.ReadLeUInt16(); lzCs = rdr.ReadLeUInt16(); ushort lzSp = rdr.ReadLeUInt16(); ushort lzSs = rdr.ReadLeUInt16(); ushort lzcpCompressed = rdr.ReadLeUInt16(); ushort lzcpDecompressed = rdr.ReadLeUInt16(); // Find the start of the compressed stream. int ifile = lzHdrOffset - (lzcpCompressed << 4); // Allocate space for the decompressed goo. int cbUncompressed = ((int)lzcpDecompressed + lzcpDecompressed) << 4; byte [] abU = new byte[cbUncompressed]; // Decompress this sorry mess. int len; int span; int p = 0; BitStream bits = new BitStream(abC, ifile); for (;;) { if (bits.GetBit() != 0) { // 1.... abU[p++] = bits.GetByte(); continue; } if (bits.GetBit() == 0) { // 00..... len = bits.GetBit() << 1; len |= bits.GetBit(); len += 2; span = bits.GetByte() | ~0xFF; } else { // 01..... span = bits.GetByte(); len = bits.GetByte();; span |= ((len & ~0x07) << 5) | ~0x1FFF; len = (len & 0x07) + 2; if (len == 2) { len = bits.GetByte(); if (len == 0) { break; // end mark of compressed load module } if (len == 1) { continue; // segment change } else { ++len; } } } for ( ; len > 0; --len, ++p) { abU[p] = abU[p + span]; } } // Create a new image based on the uncompressed data. this.imgLoaded = new MemoryArea(addrLoad, abU); this.segmentMap = imgLoaded.CreateImageMap(); return(imgLoaded); }
public override IProcessorEmulator CreateEmulator(IntelArchitecture arch, SegmentMap segmentMap, IPlatformEmulator envEmulator) { return(new X86Protected32Emulator(arch, segmentMap, envEmulator)); }
public Host(OdbgScriptLoader loader, SegmentMap segmentMap) { this.loader = loader; this.SegmentMap = segmentMap; }
public override IEnumerable <Address> CreatePointerScanner(SegmentMap map, ImageReader rdr, IEnumerable <Address> knownLinAddresses, PointerScannerFlags flags) { throw new NotImplementedException(); }
void parseSection64(uint protection, SegmentMap segmentMap) { var abSectname = rdr.ReadBytes(16); var abSegname = rdr.ReadBytes(16); ulong addr; ulong size; uint offset; uint align; uint reloff; uint nreloc; uint flags; uint reserved1; uint reserved2; uint reserved3; if (!rdr.TryReadUInt64(out addr) || !rdr.TryReadUInt64(out size) || !rdr.TryReadUInt32(out offset) || !rdr.TryReadUInt32(out align) || !rdr.TryReadUInt32(out reloff) || !rdr.TryReadUInt32(out nreloc) || !rdr.TryReadUInt32(out flags) || !rdr.TryReadUInt32(out reserved1) || !rdr.TryReadUInt32(out reserved2) || !rdr.TryReadUInt32(out reserved3)) { throw new BadImageFormatException("Could not read Mach-O section."); } var sectionName = GetAsciizString(abSectname); var segmentName = GetAsciizString(abSegname); Debug.Print("Found section '{0}' in segment '{1}, addr = 0x{2:X}, size = 0x{3:X}.", sectionName, segmentName, addr, size); AccessMode am = 0; if ((protection & VM_PROT_READ) != 0) { am |= AccessMode.Read; } if ((protection & VM_PROT_WRITE) != 0) { am |= AccessMode.Write; } if ((protection & VM_PROT_EXECUTE) != 0) { am |= AccessMode.Execute; } var bytes = rdr.CreateNew(this.ldr.RawImage, offset); var mem = new MemoryArea( Address.Ptr64(addr), bytes.ReadBytes((uint)size)); var imageSection = new ImageSegment( string.Format("{0},{1}", segmentName, sectionName), mem, am); //imageSection.setBss((section.flags & SECTION_TYPE) == S_ZEROFILL); //if (!imageSection.isBss()) { // auto pos = source_->pos(); // if (!source_->seek(section.offset)) { // throw ParseError("Could not seek to the beginning of the section's content."); // } // auto bytes = source_->read(section.size); // if (checked_cast<uint>(bytes.size()) != section.size) { // log_.warning("Could not read all the section's content."); // } else { // imageSection->setContent(std::move(bytes)); // } // source_->seek(pos); //} //sections_.push_back(imageSection.get()); //image_->addSection(std::move(imageSection)); segmentMap.AddSegment(imageSection); }
public Program ParseLoadCommands(mach_header_64 hdr, Address addrLoad) { var imageMap = new SegmentMap(addrLoad); Debug.Print("Parsing {0} load commands.", hdr.ncmds); for (uint i = 0; i < hdr.ncmds; ++i) { var pos = rdr.Offset; if (!rdr.TryReadUInt32(out uint cmd) || !rdr.TryReadUInt32(out uint cmdsize)) { throw new BadImageFormatException(string.Format( "Unable to read Mach-O command ({0:X}).", rdr.Offset)); } Debug.Print("{0,2}: Read MachO load command 0x{1:X} {2} of size {3}.", i, cmd, (Command)cmd, cmdsize); switch ((Command)(cmd & ~(uint)LC_REQ_DYLD)) { case LC_SEGMENT: ParseSegmentCommand32(imageMap); break; case LC_SEGMENT_64: ParseSegmentCommand64(imageMap); break; case LC_SYMTAB: ParseSymtabCommand(specific.Architecture); break; case LC_DYSYMTAB: ParseDysymtabCommand(); break; case LC_FUNCTION_STARTS: ParseFunctionStarts(rdr.Clone()); break; case LC_UNIXTHREAD: ParseUnixThread(hdr.cputype); break; case LC_VERSION_MIN_MACOSX: platformName = "macOsX"; break; case LC_MAIN & ~LC_REQ_DYLD: ParseMain(); break; } rdr.Offset = pos + cmdsize; } ldr.program.Architecture = specific.Architecture; ldr.program.SegmentMap = imageMap; if (!string.IsNullOrEmpty(platformName)) { var env = cfgSvc.GetEnvironment(platformName); ldr.program.Platform = env.Load(ldr.Services, specific.Architecture); } else { ldr.program.Platform = new DefaultPlatform(ldr.Services, specific.Architecture); } return(ldr.program); }
public C64Emulator(SegmentMap segmentMap, Dictionary <Address, ImportReference> importReferences) { this.segmentMap = segmentMap; this.importReferences = importReferences; this.InterceptedCalls = new Dictionary <Address, ExternalProcedure>(); }
public override SegmentMap LoadImageBytes(IPlatform platform, byte[] rawImage, Address addrPreferred) { var segMap = AllocateMemoryAreas( Segments .Where(p => IsLoadable(p.p_pmemsz, p.p_type)) .Select(p => Tuple.Create( Address.Ptr32((uint)p.p_vaddr), (uint)p.p_pmemsz))); foreach (var ph in Segments) { ElfImageLoader.trace.Inform("ph: addr {0:X8} filesize {0:X8} memsize {0:X8}", ph.p_vaddr, ph.p_filesz, ph.p_pmemsz); if (!IsLoadable(ph.p_pmemsz, ph.p_type)) { continue; } var vaddr = Address.Ptr32((uint)ph.p_vaddr); segMap.TryGetLowerBound(vaddr, out var mem); if (ph.p_filesz > 0) { Array.Copy( rawImage, (long)ph.p_offset, mem.Bytes, vaddr - mem.BaseAddress, (long)ph.p_filesz); } } var segmentMap = new SegmentMap(addrPreferred); if (Sections.Count > 0) { foreach (var section in Sections) { if (string.IsNullOrEmpty(section.Name) || section.Address == null) { continue; } if (segMap.TryGetLowerBound(section.Address, out var mem) && section.Address < mem.EndAddress) { AccessMode mode = AccessModeOf(section.Flags); var seg = segmentMap.AddSegment(new ImageSegment( section.Name, section.Address, mem, mode) { Size = (uint)section.Size }); seg.Designer = CreateRenderer(section, machine); } else { //$TODO: warn } } } else { // There are stripped ELF binaries with 0 sections. If we have one // create a pseudo-section from the segMap. foreach (var segment in segMap) { var elfSegment = this.GetSegmentByAddress(segment.Value.BaseAddress.ToLinear()); var imgSegment = new ImageSegment( segment.Value.BaseAddress.GenerateName("seg", ""), segment.Value, elfSegment != null ? elfSegment.GetAccessMode() : AccessMode.ReadExecute) { Size = (uint)segment.Value.Length, }; segmentMap.AddSegment(imgSegment); } } segmentMap.DumpSections(); return(segmentMap); }
public override IPlatformEmulator CreateEmulator(SegmentMap segmentMap, Dictionary <Address, ImportReference> importReferences) { return(new DefaultPlatformEmulator()); }
public void Setup() { this.pf = new ProgramDataFlow(); this.progBuilder = new ProgramBuilder(); this.segmentMap = new SegmentMap(Address.Ptr32(0)); }
public override abstract IEnumerable <Address> CreatePointerScanner( SegmentMap map, EndianImageReader rdr, IEnumerable <Address> addrs, PointerScannerFlags flags);
public override IProcessorEmulator CreateEmulator(SegmentMap segmentMap, IPlatformEmulator envEmulator) => ProcessorModel.CreateEmulator(this, segmentMap, envEmulator);
public Expression GetValue(SegmentedAccess access, SegmentMap segmentMap) { return(access); }
public override IEnumerable <Address> CreatePointerScanner(SegmentMap map, EndianImageReader rdr, IEnumerable <Address> knownAddresses, PointerScannerFlags flags) { return(mode.CreateInstructionScanner(map, rdr, knownAddresses, flags)); }
public EmulatorBase(SegmentMap map) { this.map = map; this.bpExecute = new Dictionary <ulong, Action>(); }
public override RelocationResults Relocate(Program program, Address addrLoad) { SegmentMap imageMap = segmentMap; EndianImageReader rdr = new LeImageReader(ExeLoader.RawImage, ExeLoader.e_lfaRelocations); int i = ExeLoader.e_cRelocations; var segments = new Dictionary <Address, ushort>(); var linBase = addrLoad.ToLinear(); segmentMap.AddOverlappingSegment( addrLoad.Selector.Value.ToString("X4"), imgLoaded, addrLoad, AccessMode.ReadWriteExecute); segments.Add(addrLoad, addrLoad.Selector.Value); while (i != 0) { uint offset = rdr.ReadLeUInt16(); ushort segOffset = rdr.ReadLeUInt16(); offset += segOffset * 0x0010u; ushort seg = (ushort)(imgLoaded.ReadLeUInt16(offset) + addrLoad.Selector.Value); imgLoaded.WriteLeUInt16(offset, seg); var segment = AddSegmentReference(offset + linBase, seg); segments[segment.Address] = seg; --i; } // Create an identifier for each segment. foreach (var de in segments) { var tmp = new TemporaryStorage( string.Format("seg{0:X4}", de.Value), 0, PrimitiveType.SegmentSelector); segmentMap.Segments[de.Key].Identifier = new Identifier( tmp.Name, PrimitiveType.SegmentSelector, tmp); } // Found the start address. Address addrStart = Address.SegPtr((ushort)(ExeLoader.e_cs + addrLoad.Selector.Value), ExeLoader.e_ip); segmentMap.AddSegment(new ImageSegment( addrStart.Selector.Value.ToString("X4"), Address.SegPtr(addrStart.Selector.Value, 0), imgLoaded, AccessMode.ReadWriteExecute)); DumpSegments(imageMap); var ep = CreateEntryPointSymbol(addrLoad, addrStart, addrStackTop); var sym = platform.FindMainProcedure(program, addrStart); var results = new RelocationResults( new List <ImageSymbol> { ep }, new SortedList <Address, ImageSymbol> { { ep.Address, ep } }); if (sym != null) { results.Symbols[sym.Address] = sym; ep.NoDecompile = true; } try { LoadDebugSymbols(results.Symbols, addrLoad); } catch (Exception ex) { var listener = Services.RequireService <DecompilerEventListener>(); listener.Error( new NullCodeLocation(Filename), ex, "Detected debug symbols but failed to load them."); } return(results); }
public override IEnumerable <Address> CreateInstructionScanner(SegmentMap map, EndianImageReader rdr, IEnumerable <Address> knownAddresses, PointerScannerFlags flags) { var knownLinAddresses = knownAddresses.Select(a => (ulong)a.ToLinear()).ToHashSet(); return(new X86PointerScanner64(rdr, knownLinAddresses, flags).Select(li => map.MapLinearAddressToAddress(li))); }
public override IPlatformEmulator CreateEmulator(SegmentMap segmentMap, Dictionary <Address, ImportReference> importReferences) { throw new NotImplementedException(); }
public abstract IEnumerable <Address> CreateInstructionScanner(SegmentMap map, EndianImageReader rdr, IEnumerable <Address> knownAddresses, PointerScannerFlags flags);
public IEnumerable <Address> CreatePointerScanner(SegmentMap map, EndianImageReader rdr, IEnumerable <Address> addr, PointerScannerFlags flags) { throw new NotImplementedException(); }
public ConstantPointerTraversal(IProcessorArchitecture arch, StructureType globalStr, SegmentMap segmentMap) { this.arch = arch; this.globalStr = globalStr; this.segmentMap = segmentMap; this.Discoveries = new List <StructureField>(); }