public ImageSymbol CreateImageSymbol(ElfSymbol sym, bool isExecutable) { if (!isExecutable && sym.SectionIndex > 0 && sym.SectionIndex >= Sections.Count) { return(null); } SymbolType?st = GetSymbolType(sym); if (st == null || st.Value == SymbolType.Unknown) { return(null); } // If this is a relocatable file, the symbol value is // an offset from the section's virtual address. // If this is an executable file, the symbol value is // the virtual address. var addr = isExecutable ? platform.MakeAddressFromLinear(sym.Value, true) : Sections[(int)sym.SectionIndex].Address + sym.Value; var dt = GetSymbolDataType(sym); var imgSym = ImageSymbol.Create( st.Value, this.Architecture, addr, sym.Name, dt); imgSym.ProcessorState = Architecture.CreateProcessorState(); return(imgSym); }
/// <summary> /// Generates a stream of <see cref="RtlInstructionCluster"/>s. /// </summary> /// <remarks> /// The default implementation should work for most architectures, but you have the option /// of overriding for specialized testing. /// </remarks> protected virtual IEnumerable <RtlInstructionCluster> GetRtlStream(MemoryArea mem, IStorageBinder binder, IRewriterHost host) { var state = Architecture.CreateProcessorState(); var rdr = Architecture.Endianness.CreateImageReader(mem, 0); return(Architecture.CreateRewriter(rdr, state, binder, host)); }
protected override IEnumerable <RtlInstructionCluster> GetRtlStream(IStorageBinder binder, IRewriterHost host) { return(Architecture.CreateRewriter( new BeImageReader(image, image.BaseAddress), Architecture.CreateProcessorState(), binder, host)); }
protected override IEnumerable <RtlInstructionCluster> GetRtlStream(MemoryArea mem, IStorageBinder binder, IRewriterHost host) { return(Architecture.CreateRewriter( mem.CreateBeReader(mem.BaseAddress), Architecture.CreateProcessorState(), binder, host)); }
public override RelocationResults Relocate(Address addrLoad) { var eps = new List <EntryPoint>(); if (OriginalEntryPoint != null) { eps.Add(new EntryPoint(OriginalEntryPoint, Architecture.CreateProcessorState())); } return(new RelocationResults(eps, new RelocationDictionary())); }
public override ProcedureBase GetTrampolineDestination(EndianImageReader rdr, IRewriterHost host) { var rw = Architecture.CreateRewriter( rdr, Architecture.CreateProcessorState(), Architecture.CreateFrame(), host); var rtlc = rw.FirstOrDefault(); if (rtlc == null || rtlc.Instructions.Count == 0) { return(null); } // Match x86 pattern. // jmp [destination] Address addrTarget = null; var jump = rtlc.Instructions[0] as RtlGoto; if (jump != null) { var pc = jump.Target as ProcedureConstant; if (pc != null) { return(pc.Procedure); } var access = jump.Target as MemoryAccess; if (access == null) { return(null); } addrTarget = access.EffectiveAddress as Address; if (addrTarget == null) { var wAddr = access.EffectiveAddress as Constant; if (wAddr == null) { return(null); } addrTarget = MakeAddressFromConstant(wAddr); } } if (addrTarget == null) { return(null); } ProcedureBase proc = host.GetImportedProcedure(addrTarget, rtlc.Address); if (proc != null) { return(proc); } return(host.GetInterceptedCall(addrTarget)); }
protected ImageSymbol EnsureEntryPoint(List <ImageSymbol> entryPoints, SortedList <Address, ImageSymbol> symbols, Address addr) { if (addr == null) { return(null); } if (!symbols.TryGetValue(addr, out ImageSymbol ep)) { ep = ImageSymbol.Procedure(this.Architecture, addr); ep.ProcessorState = Architecture.CreateProcessorState(); symbols.Add(addr, ep); } entryPoints.Add(ep); return(ep); }
public override RelocationResults Relocate(Program program, Address addrLoad) { var eps = new List <ImageSymbol>(); var syms = new SortedList <Address, ImageSymbol>(); if (OriginalEntryPoint != null) { var sym = new ImageSymbol(OriginalEntryPoint) { ProcessorState = Architecture.CreateProcessorState() }; syms.Add(sym.Address, sym); eps.Add(sym); } return(new RelocationResults(eps, syms)); }
/// <summary> /// The sequence /// lui rX,hiword /// lw rY,[rX + loword] /// jr rY /// is treated as a trampoline. /// </summary> /// <param name="imageReader"></param> /// <param name="host"></param> /// <returns></returns> public override ProcedureBase GetTrampolineDestination(ImageReader imageReader, IRewriterHost host) { var rtls = Architecture.CreateRewriter( imageReader, Architecture.CreateProcessorState(), Architecture.CreateFrame(), host) .Take(3) .ToArray(); if (rtls.Length < 3) { return(null); } var instrs = rtls .SelectMany(rtl => rtl.Instructions) .ToArray(); for (int i = 0; i < 3; ++i) { if (!trampPattern[i].Match(instrs[i])) { return(null); } } if (trampPattern[0].CapturedExpressions("r0d") != trampPattern[1].CapturedExpressions("r1s")) { return(null); } if (trampPattern[1].CapturedExpressions("r1d") != trampPattern[2].CapturedExpressions("r2s")) { return(null); } var hi = (Constant)trampPattern[0].CapturedExpressions("hi"); var lo = (Constant)trampPattern[1].CapturedExpressions("lo"); var c = Operator.IAdd.ApplyConstants(hi, lo); var addrTarget = MakeAddressFromConstant(c); ProcedureBase proc = host.GetImportedProcedure(addrTarget, rtls[2].Address); if (proc != null) { return(proc); } return(host.GetInterceptedCall(addrTarget)); }
public ProcessorState CreateProcessorState() { return(Architecture.CreateProcessorState()); }
public override Program LoadProgram(Address?addrLoad) { // First load the file. This gives us a (writeable) image and // the packed entry point. var origLdr = this.originalImageLoader; var program = origLdr.LoadProgram(origLdr.PreferredBaseAddress); this.ImageMap = program.SegmentMap; this.Architecture = program.Architecture; var ep = program.EntryPoints.Values.First(); program.ImageSymbols.Clear(); program.EntryPoints.Clear(); var envEmu = program.Platform.CreateEmulator(program.SegmentMap, program.ImportReferences); var emu = program.Architecture.CreateEmulator(program.SegmentMap, envEmu); this.debugger = new Debugger(program.Architecture, emu); this.scriptInterpreter = new OllyLangInterpreter(Services, program.Architecture); this.scriptInterpreter.Host = new OdbgScriptHost(this, program); this.scriptInterpreter.Debugger = this.debugger; emu.InstructionPointer = ep.Address; emu.BeforeStart += emu_BeforeStart; emu.ExceptionRaised += emu_ExceptionRaised; var stackSeg = envEmu.InitializeStack(emu, ep.ProcessorState !); scriptInterpreter.Script = LoadScript(scriptInterpreter.Host, Argument !); emu.Start(); envEmu.TearDownStack(stackSeg); foreach (var ic in envEmu.InterceptedCalls) { program.InterceptedCalls.Add(ic.Key, ic.Value); } if (OriginalEntryPoint != null) { var sym = ImageSymbol.Procedure(program.Architecture, OriginalEntryPoint, state: Architecture.CreateProcessorState()); program.ImageSymbols[sym.Address] = sym; program.EntryPoints[sym.Address] = sym; } return(program); }