//$TODO: http://www.delorie.com/djgpp/doc/rbinter/ix/29.html int 29 for console apps! //$TODO: http://msdn.microsoft.com/en-us/data/dn774154(v=vs.99).aspx public Win32Platform(IServiceProvider services, IProcessorArchitecture arch) : base(services, arch) { int3svc = new SystemService { SyscallInfo = new SyscallInfo { Vector = 3, RegisterValues = new RegValue[0], }, Name = "int3", Signature = new ProcedureSignature(null, new Identifier[0]), Characteristics = new ProcedureCharacteristics(), }; var frame = arch.CreateFrame(); int29svc = new SystemService { SyscallInfo = new SyscallInfo { Vector = 0x29, RegisterValues = new RegValue[0] }, Name = "__fastfail", Signature = new ProcedureSignature( null, frame.EnsureRegister(Registers.ecx)), //$bug what about win64? Characteristics = new ProcedureCharacteristics { Terminates = true } }; }
public SystemService Build(IPlatform platform, TypeLibrary library) { SystemService svc = new SystemService(); svc.Name = Name; svc.SyscallInfo = new SyscallInfo(); svc.SyscallInfo.Vector = SyscallInfo != null ? Convert.ToInt32(SyscallInfo.Vector, 16) : this.Ordinal; if (SyscallInfo != null) { if (SyscallInfo.RegisterValues != null) { svc.SyscallInfo.RegisterValues = new RegValue[SyscallInfo.RegisterValues.Length]; for (int i = 0; i < SyscallInfo.RegisterValues.Length; ++i) { svc.SyscallInfo.RegisterValues[i] = new RegValue { Register = platform.Architecture.GetRegister(SyscallInfo.RegisterValues[i].Register), Value = Convert.ToInt32(SyscallInfo.RegisterValues[i].Value, 16), }; } } } if (svc.SyscallInfo.RegisterValues == null) { svc.SyscallInfo.RegisterValues = new RegValue[0]; } TypeLibraryDeserializer loader = new TypeLibraryDeserializer(platform, true, library); var sser = platform.CreateProcedureSerializer(loader, "stdapi"); svc.Signature = sser.Deserialize(Signature, platform.Architecture.CreateFrame()); svc.Characteristics = Characteristics != null ? Characteristics : DefaultProcedureCharacteristics.Instance; return svc; }
public Win_x86_64_Platform(IServiceProvider sp, IProcessorArchitecture arch) : base(sp, arch, "win64") { int3svc = new SystemService { SyscallInfo = new SyscallInfo { Vector = 3, RegisterValues = new RegValue[0], }, Name = "int3", Signature = FunctionType.Action(new Identifier[0]), Characteristics = new ProcedureCharacteristics(), }; int29svc = new SystemService { SyscallInfo = new SyscallInfo { Vector = 0x29, RegisterValues = new RegValue[0] }, Name = "__fastfail", Signature = FunctionType.Action( new Identifier("ecx", PrimitiveType.Word32, Registers.ecx)), Characteristics = new ProcedureCharacteristics { Terminates = true } }; }
public SystemService Build(IProcessorArchitecture arch) { SystemService svc = new SystemService(); svc.Name = Name; svc.SyscallInfo = new SyscallInfo(); svc.SyscallInfo.Vector = Convert.ToInt32(SyscallInfo.Vector, 16); if (SyscallInfo.RegisterValues != null) { svc.SyscallInfo.RegisterValues = new RegValue[SyscallInfo.RegisterValues.Length]; for (int i = 0; i < SyscallInfo.RegisterValues.Length; ++i) { svc.SyscallInfo.RegisterValues[i] = new RegValue { Register = arch.GetRegister(SyscallInfo.RegisterValues[i].Register), Value = Convert.ToInt32(SyscallInfo.RegisterValues[i].Value, 16), }; } } else { svc.SyscallInfo.RegisterValues = new RegValue[0]; } TypeLibraryLoader loader = new TypeLibraryLoader(arch, true); ProcedureSerializer sser = arch.CreateProcedureSerializer(loader, "stdapi"); svc.Signature = sser.Deserialize(Signature, arch.CreateFrame()); svc.Characteristics = Characteristics != null ? Characteristics : DefaultProcedureCharacteristics.Instance; return svc; }
public Win_x86_64_Platform(IServiceProvider sp, IProcessorArchitecture arch) : base(sp, arch, "win64") { int3svc = new SystemService { SyscallInfo = new SyscallInfo { Vector = 3, RegisterValues = new RegValue[0], }, Name = "int3", Signature = new ProcedureSignature(null, new Identifier[0]), Characteristics = new ProcedureCharacteristics(), }; }
//$TODO: http://www.delorie.com/djgpp/doc/rbinter/ix/29.html int 29 for console apps! //$TODO: http://msdn.microsoft.com/en-us/data/dn774154(v=vs.99).aspx public Win32Platform(IServiceProvider services, IProcessorArchitecture arch) : base(services, arch) { //$REVIEW: should probably be loaded from configuration. Heuristics.ProcedurePrologs = new BytePattern[] { new BytePattern { Bytes = new byte[]{ 0x55, 0x8B, 0xEC }, Mask = new byte[]{ 0xFF, 0xFF, 0xFF } } }; int3svc = new SystemService { SyscallInfo = new SyscallInfo { Vector = 3, RegisterValues = new RegValue[0], }, Name = "int3", Signature = new ProcedureSignature(null, new Identifier[0]), Characteristics = new ProcedureCharacteristics(), }; var frame = arch.CreateFrame(); int29svc = new SystemService { SyscallInfo = new SyscallInfo { Vector = 0x29, RegisterValues = new RegValue[0] }, Name = "__fastfail", Signature = new ProcedureSignature( null, frame.EnsureRegister(Registers.ecx)), //$bug what about win64? Characteristics = new ProcedureCharacteristics { Terminates = true } }; }
private void ParseExports(TypeLibraryLoader lib) { while (Peek().Type == TokenType.Id) { string entryName = Expect(TokenType.Id); string internalName = null; if (PeekAndDiscard(TokenType.Eq)) { internalName = Expect(TokenType.Id); } int ordinal = -1; if (PeekAndDiscard(TokenType.At)) { ordinal = Convert.ToInt32(Expect(TokenType.Number)); PeekAndDiscard(TokenType.NONAME); } PeekAndDiscard(TokenType.PRIVATE); PeekAndDiscard(TokenType.DATA); var svc = new SystemService { Name = entryName, Signature = ParseSignature(entryName, lib), }; Debug.Print("Loaded {0} @ {1}", entryName, ordinal); if (ordinal != -1) { svc.SyscallInfo = new SyscallInfo { Vector = ordinal }; lib.LoadService(ordinal, svc); } lib.LoadService(entryName, svc); } }
public void ParseLine() { var tok = Peek(); if (tok.Type == TokenType.NUMBER) { tok = Get(); int ordinal = Convert.ToInt32(tok.Value); Expect(TokenType.ID); if (PeekAndDiscard(TokenType.MINUS)) { Expect(TokenType.ID); } tok = Get(); string fnName = tok.Value; var ssig = new SerializedSignature { Convention = "pascal" }; var args = new List<Argument_v1>(); if (PeekAndDiscard(TokenType.LPAREN)) { while (LoadParameter(ssig, args)) ; Expect(TokenType.RPAREN); } ssig.Arguments = args.ToArray(); var deser = new X86ProcedureSerializer((IntelArchitecture) platform.Architecture, tlLoader, "pascal"); var sig = deser.Deserialize(ssig, new Frame(PrimitiveType.Word16)); var svc = new SystemService { Name = fnName, Signature = sig }; tlLoader.LoadService(ordinal, svc); } for (;;) { // Discared entire line. var type = Get().Type; if (type == TokenType.EOF || type == TokenType.NL) return; } }
public void LoadService(int ordinal, SystemService svc) { var mod = EnsureModule(svc.ModuleName, this.library); mod.ServicesByOrdinal.Add(ordinal, svc); }
public void LoadService(string entryName, SystemService svc) { this.servicesByName[entryName] = svc; }
public void Bwi_IndirectCallMatchedByPlatform() { var platform = mr.StrictMock<IPlatform>(); var reg0 = proc.Frame.EnsureRegister(new RegisterStorage("r0", 0, 0, PrimitiveType.Pointer32)); var reg1 = proc.Frame.EnsureRegister(new RegisterStorage("r1", 1, 0, PrimitiveType.Pointer32)); var sysSvc = new SystemService { Name = "SysSvc", Signature = new ProcedureSignature(null, reg1), Characteristics = new ProcedureCharacteristics() }; platform.Expect(p => p.FindService(null, arch.CreateProcessorState())).IgnoreArguments().Return(sysSvc); platform.Stub(p => p.PointerType).Return(PrimitiveType.Pointer32); program.Platform = platform; scanner.Stub(f => f.FindContainingBlock(Address.Ptr32(0x100000))).Return(block); scanner.Stub(f => f.FindContainingBlock(Address.Ptr32(0x100004))).Return(block); scanner.Stub(f => f.GetCallSignatureAtAddress(Address.Ptr32(0x100000))).Return(null); scanner.Stub(s => s.GetTrace(null, null, null)).IgnoreArguments().Return(trace); mr.ReplayAll(); trace.Add(m => m.Call(m.LoadDw(m.IAdd(reg0, -32)), 4)); var wi = CreateWorkItem(Address.Ptr32(0x100000), arch.CreateProcessorState()); wi.ProcessInternal(); Assert.AreEqual("SysSvc(r1)", block.Statements[0].ToString()); mr.VerifyAll(); }
public void SetTreeNodeProperties(SystemService svc) { TreeNode.Text = svc.Name; TreeNode.ImageName = "Binary.ico"; }
public Tuple<int?, SystemService> ParseLine() { try { int? ordinal = ParseOrdinal(); string callconv = ParseCallingConvention(); var options = ParseOptions(); var tok = Get(); string fnName = tok.Value; var ssig = new SerializedSignature { Convention = callconv, }; ssig.Arguments = ParseParameters(ssig); SkipToEndOfLine(); var deser = new X86ProcedureSerializer((IntelArchitecture)platform.Architecture, tlLoader, callconv); var sig = deser.Deserialize(ssig, new Frame(platform.FramePointerType)); var svc = new SystemService { ModuleName = moduleName.ToUpper(), Name = fnName, Signature = sig }; return Tuple.Create(ordinal, svc); } catch { Services.RequireService<DecompilerEventListener>().Warn( new NullCodeLocation(moduleName), "Line {0} in the Wine spec file could not be read; skipping.", lexer.lineNumber); SkipToEndOfLine(); return null; } }
public void LoadService(string entryName, SystemService svc) { var mod = EnsureModule(svc.ModuleName, this.library); mod.ServicesByName[entryName] = svc; }
public void LoadService(int ordinal, SystemService svc) { this.servicesByOrdinal[ordinal] = svc; }
private void ParseExports(TypeLibraryDeserializer deserializer) { while (Peek().Type == TokenType.Id) { string entryName = Expect(TokenType.Id); string internalName = null; if (PeekAndDiscard(TokenType.Eq)) { internalName = Expect(TokenType.Id); } int ordinal = -1; if (PeekAndDiscard(TokenType.At)) { ordinal = Convert.ToInt32(Expect(TokenType.Number)); PeekAndDiscard(TokenType.NONAME); } PeekAndDiscard(TokenType.PRIVATE); PeekAndDiscard(TokenType.DATA); var ep = ParseSignature(entryName, deserializer); var svc = new SystemService { ModuleName = moduleName, Name = ep != null ? ep.Name : entryName, Signature = ep != null ? ep.Signature : null, }; Debug.Print("Loaded {0} @ {1}", entryName, ordinal); if (ordinal != -1) { svc.SyscallInfo = new SyscallInfo { Vector = ordinal }; deserializer.LoadService(ordinal, svc); } deserializer.LoadService(entryName, svc); } }
public void ParseLine() { int? ordinal = ParseOrdinal(); string callconv = ParseCallingConvention(); var options = ParseOptions(); var tok = Get(); string fnName = tok.Value; var ssig = new SerializedSignature { Convention = callconv, }; ssig.Arguments = ParseParameters(ssig); var deser = new X86ProcedureSerializer((IntelArchitecture)platform.Architecture, tlLoader, callconv); var sig = deser.Deserialize(ssig, new Frame(platform.FramePointerType)); var svc = new SystemService { ModuleName = moduleName.ToUpper(), Name = fnName, Signature = sig }; if (ordinal.HasValue) { tlLoader.LoadService(ordinal.Value, svc); } else { tlLoader.LoadService(fnName, svc); } for (;;) { // Discared entire line. var type = Get().Type; if (type == TokenType.EOF || type == TokenType.NL) return; } }