Exemplo n.º 1
0
 public override IEnumerable<Address> CreatePointerScanner(SegmentMap map, EndianImageReader rdr, IEnumerable<Address> knownAddresses, PointerScannerFlags flags)
 {
     return new Arm32PointerScanner(rdr, knownAddresses.Select(a => a.ToUInt32()).ToHashSet(), flags)
         .Select(lin => Address.Ptr32(lin));
 }
Exemplo n.º 2
0
        public override IEnumerable <Address> CreatePointerScanner(SegmentMap map, EndianImageReader rdr, IEnumerable <Address> knownAddresses, PointerScannerFlags flags)
        {
            var knownLinAddresses = knownAddresses.Select(a => a.ToUInt32()).ToHashSet();

            return(new M68kPointerScanner(rdr, knownLinAddresses, flags).Select(li => Address.Ptr32(li)));
        }
Exemplo n.º 3
0
 public override SystemService FindService(int vector, ProcessorState state, SegmentMap segmentMap)
 {
     throw new NotImplementedException();
 }
Exemplo n.º 4
0
        public override IEnumerable <Address> CreatePointerScanner(SegmentMap map, EndianImageReader rdr, IEnumerable <Address> knownAddresses, PointerScannerFlags flags)
        {
            var knownLinAddresses = knownAddresses.Select(a => a.ToUInt32()).ToHashSet();

            return(ProcessorModel.CreatePointerScanner(rdr, knownLinAddresses, flags).Select(li => map.MapLinearAddressToAddress(li)));
        }
Exemplo n.º 5
0
 public override IProcessorEmulator CreateEmulator(SegmentMap segmentMap, IPlatformEmulator envEmulator)
 {
     return(mode.CreateEmulator(this, segmentMap, envEmulator));
 }
Exemplo n.º 6
0
 public override IProcessorEmulator CreateEmulator(SegmentMap segmentMap, IPlatformEmulator envEmulator)
 {
     throw new NotImplementedException();
 }
Exemplo n.º 7
0
        public override Program Load(Address addrLoad)
        {
            uint dst = PspSize;

            for (;;)
            {
                if (bitStm.GetBit() == 0)
                {
                    abU[dst++] = bitStm.GetByte();
                    continue;
                }

                // Read span length

                int CX = 0;
                int BX = bitStm.AccumulateBit(0);                                               // bx= [0-1]
                BX = bitStm.AccumulateBit(BX);                                                  // bx= [0-3]
                if (BX < 0x02)
                {
                    BX = bitStm.AccumulateBit(BX);                                      // bx=[0-3]
                    if (BX != 0)
                    {
                        BX = bitStm.AccumulateBit(BX);                                          // bx=[2-7]
                        if (BX >= 0x05)
                        {
                            BX = bitStm.AccumulateBit(BX);                                      // bx=[0xA - 0xF]
                            if (BX > 0x0C)
                            {
                                BX &= 0x03;
                                BX  = bitStm.AccumulateBit(BX);
                                if (BX >= 0x05)
                                {
                                    BX = bitStm.AccumulateBit(BX);
                                    if (BX > 0x0C)
                                    {
                                        BX = BX & 0x03;
                                        BX = bitStm.AccumulateBit(BX);
                                        if (BX >= 0x05)
                                        {
                                            BX = bitStm.AccumulateBit(BX);
                                        }
                                        CX = ab0211[BX + 0x0B];
                                        goto l00C5;
                                    }
                                }
                                CX = ab0211[BX];
                                if (CX != 0x19)
                                {
                                    goto l00C5;
                                }


                                byte AL = bitStm.GetByte();
                                CX += AL;
                                if (AL < 0xFE)
                                {
                                    goto l00C5;
                                }

                                /*
                                 *                                      ES = ES + ((DI - 0x2000) >> 4);
                                 *                                      DI = (DI & 0F) + 0x2000;
                                 *
                                 *                                      DS = DS + (SI >> 4);
                                 *                                      SI = SI & 0x0F;
                                 *                                      DS = DS + BX;
                                 *
                                 */
                                if (AL == 0xFF)                                                 // done!
                                {
                                    goto l01C8;
                                }

                                continue;
                            }
                        }
                    }
                    BX = ab0206[BX];
                }
                CX = BX;

                // Read offset in dictionary.

l00C5:
                BX = 0;
                if (CX == +02)
                {
                    dst = CopyDictionaryWord(abU, BX, CX, bitStm, dst);
                    continue;
                }
                if (bitStm.GetBit() != 0)
                {
                    dst = CopyDictionaryWord(abU, BX, CX, bitStm, dst);
                    continue;
                }

                BX = bitStm.AccumulateBit(BX);                  // bx: [0-1]
                BX = bitStm.AccumulateBit(BX);                  // bx: [0-3]
                BX = bitStm.AccumulateBit(BX);                  // bx: [0-7]
                if (BX < 02)
                {
                    dst = CopyDictionaryWord2(abU, BX, CX, bitStm, dst);
                    continue;
                }

                BX = bitStm.AccumulateBit(BX);
                if (BX < 08)
                {
                    dst = CopyDictionaryWord2(abU, BX, CX, bitStm, dst);
                    continue;
                }

                BX = bitStm.AccumulateBit(BX);
                if (BX < 0x17)
                {
                    dst = CopyDictionaryWord2(abU, BX, CX, bitStm, dst);
                    continue;
                }

                BX  = bitStm.AccumulateBit(BX);
                BX  = (BX & 0x00DF) << 8;
                dst = CopyDictionaryWord(abU, BX, CX, bitStm, dst);
                continue;
            }


/*
 * l01C8:
 *                5B            POP	BX
 * 2DE9:01C9 8BEB          MOV	BP,BX				// unpackedBase
 * 2DE9:01CB 83C310        ADD	BX,+10				// BX => unpackedBase + 0x100
 */
l01C8:
            imgU       = new MemoryArea(addrLoad, abU);
            segmentMap = new SegmentMap(imgU.BaseAddress,
                                        new ImageSegment("image", imgU, AccessMode.ReadWriteExecute));
            return(new Program(segmentMap, arch, platform));
        }
Exemplo n.º 8
0
 public abstract IProcessorEmulator CreateEmulator(IntelArchitecture arch, SegmentMap segmentMap, IPlatformEmulator envEmulator);
Exemplo n.º 9
0
 public SystemService FindService(RtlInstruction call, ProcessorState state, SegmentMap segmentMap)
 {
     throw new NotImplementedException();
 }
Exemplo n.º 10
0
        public MemoryArea Unpack(byte [] abC, Address addrLoad)
        {
            // Extract the LZ stuff.

            ImageReader rdr = new LeImageReader(abC, (uint)lzHdrOffset);

            lzIp = rdr.ReadLeUInt16();
            lzCs = rdr.ReadLeUInt16();
            ushort lzSp             = rdr.ReadLeUInt16();
            ushort lzSs             = rdr.ReadLeUInt16();
            ushort lzcpCompressed   = rdr.ReadLeUInt16();
            ushort lzcpDecompressed = rdr.ReadLeUInt16();

            // Find the start of the compressed stream.

            int ifile = lzHdrOffset - (lzcpCompressed << 4);

            // Allocate space for the decompressed goo.

            int cbUncompressed = ((int)lzcpDecompressed + lzcpDecompressed) << 4;

            byte [] abU = new byte[cbUncompressed];

            // Decompress this sorry mess.

            int       len;
            int       span;
            int       p    = 0;
            BitStream bits = new BitStream(abC, ifile);

            for (;;)
            {
                if (bits.GetBit() != 0)
                {
                    // 1....
                    abU[p++] = bits.GetByte();
                    continue;
                }

                if (bits.GetBit() == 0)
                {
                    // 00.....
                    len  = bits.GetBit() << 1;
                    len |= bits.GetBit();
                    len += 2;
                    span = bits.GetByte() | ~0xFF;
                }
                else
                {
                    // 01.....

                    span  = bits.GetByte();
                    len   = bits.GetByte();;
                    span |= ((len & ~0x07) << 5) | ~0x1FFF;
                    len   = (len & 0x07) + 2;
                    if (len == 2)
                    {
                        len = bits.GetByte();

                        if (len == 0)
                        {
                            break;                                // end mark of compressed load module
                        }
                        if (len == 1)
                        {
                            continue;                             // segment change
                        }
                        else
                        {
                            ++len;
                        }
                    }
                }
                for ( ; len > 0; --len, ++p)
                {
                    abU[p] = abU[p + span];
                }
            }

            // Create a new image based on the uncompressed data.

            this.imgLoaded  = new MemoryArea(addrLoad, abU);
            this.segmentMap = imgLoaded.CreateImageMap();
            return(imgLoaded);
        }
Exemplo n.º 11
0
 public override IProcessorEmulator CreateEmulator(IntelArchitecture arch, SegmentMap segmentMap, IPlatformEmulator envEmulator)
 {
     return(new X86Protected32Emulator(arch, segmentMap, envEmulator));
 }
Exemplo n.º 12
0
 public Host(OdbgScriptLoader loader, SegmentMap segmentMap)
 {
     this.loader     = loader;
     this.SegmentMap = segmentMap;
 }
Exemplo n.º 13
0
 public override IEnumerable <Address> CreatePointerScanner(SegmentMap map, ImageReader rdr, IEnumerable <Address> knownLinAddresses, PointerScannerFlags flags)
 {
     throw new NotImplementedException();
 }
Exemplo n.º 14
0
            void parseSection64(uint protection, SegmentMap segmentMap)
            {
                var   abSectname = rdr.ReadBytes(16);
                var   abSegname  = rdr.ReadBytes(16);
                ulong addr;
                ulong size;
                uint  offset;
                uint  align;
                uint  reloff;
                uint  nreloc;
                uint  flags;
                uint  reserved1;
                uint  reserved2;
                uint  reserved3;

                if (!rdr.TryReadUInt64(out addr) ||
                    !rdr.TryReadUInt64(out size) ||
                    !rdr.TryReadUInt32(out offset) ||
                    !rdr.TryReadUInt32(out align) ||
                    !rdr.TryReadUInt32(out reloff) ||
                    !rdr.TryReadUInt32(out nreloc) ||
                    !rdr.TryReadUInt32(out flags) ||
                    !rdr.TryReadUInt32(out reserved1) ||
                    !rdr.TryReadUInt32(out reserved2) ||
                    !rdr.TryReadUInt32(out reserved3))
                {
                    throw new BadImageFormatException("Could not read Mach-O section.");
                }

                var sectionName = GetAsciizString(abSectname);
                var segmentName = GetAsciizString(abSegname);

                Debug.Print("Found section '{0}' in segment '{1}, addr = 0x{2:X}, size = 0x{3:X}.",
                            sectionName,
                            segmentName,
                            addr,
                            size);

                AccessMode am = 0;

                if ((protection & VM_PROT_READ) != 0)
                {
                    am |= AccessMode.Read;
                }
                if ((protection & VM_PROT_WRITE) != 0)
                {
                    am |= AccessMode.Write;
                }
                if ((protection & VM_PROT_EXECUTE) != 0)
                {
                    am |= AccessMode.Execute;
                }

                var bytes = rdr.CreateNew(this.ldr.RawImage, offset);
                var mem   = new MemoryArea(
                    Address.Ptr64(addr),
                    bytes.ReadBytes((uint)size));
                var imageSection = new ImageSegment(
                    string.Format("{0},{1}", segmentName, sectionName),
                    mem,
                    am);

                //imageSection.setBss((section.flags & SECTION_TYPE) == S_ZEROFILL);

                //if (!imageSection.isBss()) {
                //    auto pos = source_->pos();
                //    if (!source_->seek(section.offset)) {
                //        throw ParseError("Could not seek to the beginning of the section's content.");
                //    }
                //    auto bytes = source_->read(section.size);
                //    if (checked_cast<uint>(bytes.size()) != section.size) {
                //        log_.warning("Could not read all the section's content.");
                //    } else {
                //        imageSection->setContent(std::move(bytes));
                //    }
                //    source_->seek(pos);
                //}

                //sections_.push_back(imageSection.get());
                //image_->addSection(std::move(imageSection));
                segmentMap.AddSegment(imageSection);
            }
Exemplo n.º 15
0
        public Program ParseLoadCommands(mach_header_64 hdr, Address addrLoad)
        {
            var imageMap = new SegmentMap(addrLoad);

            Debug.Print("Parsing {0} load commands.", hdr.ncmds);

            for (uint i = 0; i < hdr.ncmds; ++i)
            {
                var pos = rdr.Offset;
                if (!rdr.TryReadUInt32(out uint cmd) ||
                    !rdr.TryReadUInt32(out uint cmdsize))
                {
                    throw new BadImageFormatException(string.Format(
                                                          "Unable to read Mach-O command ({0:X}).",
                                                          rdr.Offset));
                }
                Debug.Print("{0,2}: Read MachO load command 0x{1:X} {2} of size {3}.", i, cmd, (Command)cmd, cmdsize);

                switch ((Command)(cmd & ~(uint)LC_REQ_DYLD))
                {
                case LC_SEGMENT:
                    ParseSegmentCommand32(imageMap);
                    break;

                case LC_SEGMENT_64:
                    ParseSegmentCommand64(imageMap);
                    break;

                case LC_SYMTAB:
                    ParseSymtabCommand(specific.Architecture);
                    break;

                case LC_DYSYMTAB:
                    ParseDysymtabCommand();
                    break;

                case LC_FUNCTION_STARTS:
                    ParseFunctionStarts(rdr.Clone());
                    break;

                case LC_UNIXTHREAD:
                    ParseUnixThread(hdr.cputype);
                    break;

                case LC_VERSION_MIN_MACOSX:
                    platformName = "macOsX";
                    break;

                case LC_MAIN & ~LC_REQ_DYLD:
                    ParseMain();
                    break;
                }
                rdr.Offset = pos + cmdsize;
            }
            ldr.program.Architecture = specific.Architecture;
            ldr.program.SegmentMap   = imageMap;
            if (!string.IsNullOrEmpty(platformName))
            {
                var env = cfgSvc.GetEnvironment(platformName);
                ldr.program.Platform = env.Load(ldr.Services, specific.Architecture);
            }
            else
            {
                ldr.program.Platform = new DefaultPlatform(ldr.Services, specific.Architecture);
            }
            return(ldr.program);
        }
Exemplo n.º 16
0
 public C64Emulator(SegmentMap segmentMap, Dictionary <Address, ImportReference> importReferences)
 {
     this.segmentMap       = segmentMap;
     this.importReferences = importReferences;
     this.InterceptedCalls = new Dictionary <Address, ExternalProcedure>();
 }
Exemplo n.º 17
0
        public override SegmentMap LoadImageBytes(IPlatform platform, byte[] rawImage, Address addrPreferred)
        {
            var segMap = AllocateMemoryAreas(
                Segments
                .Where(p => IsLoadable(p.p_pmemsz, p.p_type))
                .Select(p => Tuple.Create(
                            Address.Ptr32((uint)p.p_vaddr),
                            (uint)p.p_pmemsz)));

            foreach (var ph in Segments)
            {
                ElfImageLoader.trace.Inform("ph: addr {0:X8} filesize {0:X8} memsize {0:X8}", ph.p_vaddr, ph.p_filesz, ph.p_pmemsz);
                if (!IsLoadable(ph.p_pmemsz, ph.p_type))
                {
                    continue;
                }
                var vaddr = Address.Ptr32((uint)ph.p_vaddr);
                segMap.TryGetLowerBound(vaddr, out var mem);
                if (ph.p_filesz > 0)
                {
                    Array.Copy(
                        rawImage,
                        (long)ph.p_offset, mem.Bytes,
                        vaddr - mem.BaseAddress, (long)ph.p_filesz);
                }
            }
            var segmentMap = new SegmentMap(addrPreferred);

            if (Sections.Count > 0)
            {
                foreach (var section in Sections)
                {
                    if (string.IsNullOrEmpty(section.Name) || section.Address == null)
                    {
                        continue;
                    }

                    if (segMap.TryGetLowerBound(section.Address, out var mem) &&
                        section.Address < mem.EndAddress)
                    {
                        AccessMode mode = AccessModeOf(section.Flags);
                        var        seg  = segmentMap.AddSegment(new ImageSegment(
                                                                    section.Name,
                                                                    section.Address,
                                                                    mem, mode)
                        {
                            Size = (uint)section.Size
                        });
                        seg.Designer = CreateRenderer(section, machine);
                    }
                    else
                    {
                        //$TODO: warn
                    }
                }
            }
            else
            {
                // There are stripped ELF binaries with 0 sections. If we have one
                // create a pseudo-section from the segMap.
                foreach (var segment in segMap)
                {
                    var elfSegment = this.GetSegmentByAddress(segment.Value.BaseAddress.ToLinear());
                    var imgSegment = new ImageSegment(
                        segment.Value.BaseAddress.GenerateName("seg", ""),
                        segment.Value,
                        elfSegment != null
                            ? elfSegment.GetAccessMode()
                            : AccessMode.ReadExecute)

                    {
                        Size = (uint)segment.Value.Length,
                    };
                    segmentMap.AddSegment(imgSegment);
                }
            }
            segmentMap.DumpSections();
            return(segmentMap);
        }
Exemplo n.º 18
0
 public override IPlatformEmulator CreateEmulator(SegmentMap segmentMap, Dictionary <Address, ImportReference> importReferences)
 {
     return(new DefaultPlatformEmulator());
 }
Exemplo n.º 19
0
 public void Setup()
 {
     this.pf          = new ProgramDataFlow();
     this.progBuilder = new ProgramBuilder();
     this.segmentMap  = new SegmentMap(Address.Ptr32(0));
 }
Exemplo n.º 20
0
 public override abstract IEnumerable <Address> CreatePointerScanner(
     SegmentMap map,
     EndianImageReader rdr,
     IEnumerable <Address> addrs,
     PointerScannerFlags flags);
Exemplo n.º 21
0
 public override IProcessorEmulator CreateEmulator(SegmentMap segmentMap, IPlatformEmulator envEmulator)
 => ProcessorModel.CreateEmulator(this, segmentMap, envEmulator);
Exemplo n.º 22
0
 public Expression GetValue(SegmentedAccess access, SegmentMap segmentMap)
 {
     return(access);
 }
Exemplo n.º 23
0
 public override IEnumerable <Address> CreatePointerScanner(SegmentMap map, EndianImageReader rdr, IEnumerable <Address> knownAddresses, PointerScannerFlags flags)
 {
     return(mode.CreateInstructionScanner(map, rdr, knownAddresses, flags));
 }
Exemplo n.º 24
0
 public EmulatorBase(SegmentMap map)
 {
     this.map       = map;
     this.bpExecute = new Dictionary <ulong, Action>();
 }
Exemplo n.º 25
0
        public override RelocationResults Relocate(Program program, Address addrLoad)
        {
            SegmentMap        imageMap = segmentMap;
            EndianImageReader rdr      = new LeImageReader(ExeLoader.RawImage, ExeLoader.e_lfaRelocations);
            int i        = ExeLoader.e_cRelocations;
            var segments = new Dictionary <Address, ushort>();
            var linBase  = addrLoad.ToLinear();

            segmentMap.AddOverlappingSegment(
                addrLoad.Selector.Value.ToString("X4"),
                imgLoaded,
                addrLoad,
                AccessMode.ReadWriteExecute);
            segments.Add(addrLoad, addrLoad.Selector.Value);

            while (i != 0)
            {
                uint   offset    = rdr.ReadLeUInt16();
                ushort segOffset = rdr.ReadLeUInt16();
                offset += segOffset * 0x0010u;

                ushort seg = (ushort)(imgLoaded.ReadLeUInt16(offset) + addrLoad.Selector.Value);
                imgLoaded.WriteLeUInt16(offset, seg);

                var segment = AddSegmentReference(offset + linBase, seg);

                segments[segment.Address] = seg;
                --i;
            }

            // Create an identifier for each segment.
            foreach (var de in segments)
            {
                var tmp = new TemporaryStorage(
                    string.Format("seg{0:X4}", de.Value),
                    0,
                    PrimitiveType.SegmentSelector);
                segmentMap.Segments[de.Key].Identifier = new Identifier(
                    tmp.Name,
                    PrimitiveType.SegmentSelector,
                    tmp);
            }

            // Found the start address.

            Address addrStart = Address.SegPtr((ushort)(ExeLoader.e_cs + addrLoad.Selector.Value), ExeLoader.e_ip);

            segmentMap.AddSegment(new ImageSegment(
                                      addrStart.Selector.Value.ToString("X4"),
                                      Address.SegPtr(addrStart.Selector.Value, 0),
                                      imgLoaded,
                                      AccessMode.ReadWriteExecute));
            DumpSegments(imageMap);

            var ep      = CreateEntryPointSymbol(addrLoad, addrStart, addrStackTop);
            var sym     = platform.FindMainProcedure(program, addrStart);
            var results = new RelocationResults(
                new List <ImageSymbol> {
                ep
            },
                new SortedList <Address, ImageSymbol> {
                { ep.Address, ep }
            });

            if (sym != null)
            {
                results.Symbols[sym.Address] = sym;
                ep.NoDecompile = true;
            }

            try
            {
                LoadDebugSymbols(results.Symbols, addrLoad);
            }
            catch (Exception ex)
            {
                var listener = Services.RequireService <DecompilerEventListener>();
                listener.Error(
                    new NullCodeLocation(Filename),
                    ex,
                    "Detected debug symbols but failed to load them.");
            }
            return(results);
        }
Exemplo n.º 26
0
        public override IEnumerable <Address> CreateInstructionScanner(SegmentMap map, EndianImageReader rdr, IEnumerable <Address> knownAddresses, PointerScannerFlags flags)
        {
            var knownLinAddresses = knownAddresses.Select(a => (ulong)a.ToLinear()).ToHashSet();

            return(new X86PointerScanner64(rdr, knownLinAddresses, flags).Select(li => map.MapLinearAddressToAddress(li)));
        }
Exemplo n.º 27
0
 public override IPlatformEmulator CreateEmulator(SegmentMap segmentMap, Dictionary <Address, ImportReference> importReferences)
 {
     throw new NotImplementedException();
 }
Exemplo n.º 28
0
 public abstract IEnumerable <Address> CreateInstructionScanner(SegmentMap map, EndianImageReader rdr, IEnumerable <Address> knownAddresses, PointerScannerFlags flags);
Exemplo n.º 29
0
 public IEnumerable <Address> CreatePointerScanner(SegmentMap map, EndianImageReader rdr, IEnumerable <Address> addr, PointerScannerFlags flags)
 {
     throw new NotImplementedException();
 }
Exemplo n.º 30
0
 public ConstantPointerTraversal(IProcessorArchitecture arch, StructureType globalStr, SegmentMap segmentMap)
 {
     this.arch        = arch;
     this.globalStr   = globalStr;
     this.segmentMap  = segmentMap;
     this.Discoveries = new List <StructureField>();
 }