diff options
author | Cyrille Bagard <nocbos@gmail.com> | 2017-10-18 20:50:10 (GMT) |
---|---|---|
committer | Cyrille Bagard <nocbos@gmail.com> | 2017-10-18 20:50:10 (GMT) |
commit | dce9d9cdfef1d37ef11a987a21f36e83b6b1944f (patch) | |
tree | 830623ade20e892954fcbddd3b7b05d09aac1dd7 /plugins/dalvik/pseudo | |
parent | 1e7c7de85438749d3faf7b76984b86a9c088fbc1 (diff) |
Created plugins for the Dex and Dalvik support.
Diffstat (limited to 'plugins/dalvik/pseudo')
-rw-r--r-- | plugins/dalvik/pseudo/Makefile.am | 15 | ||||
-rw-r--r-- | plugins/dalvik/pseudo/fill.c | 198 | ||||
-rw-r--r-- | plugins/dalvik/pseudo/fill.h | 60 | ||||
-rw-r--r-- | plugins/dalvik/pseudo/switch.c | 301 | ||||
-rw-r--r-- | plugins/dalvik/pseudo/switch.h | 63 |
5 files changed, 637 insertions, 0 deletions
diff --git a/plugins/dalvik/pseudo/Makefile.am b/plugins/dalvik/pseudo/Makefile.am new file mode 100644 index 0000000..6f49159 --- /dev/null +++ b/plugins/dalvik/pseudo/Makefile.am @@ -0,0 +1,15 @@ + +noinst_LTLIBRARIES = libdalvikpseudo.la + +libdalvikpseudo_la_SOURCES = \ + fill.h fill.c \ + switch.h switch.c + +libdalvikpseudo_la_LIBADD = + +libdalvikpseudo_la_CFLAGS = $(AM_CFLAGS) + + +AM_CPPFLAGS = $(LIBGTK_CFLAGS) $(LIBXML_CFLAGS) -I$(top_srcdir)/src + +AM_CFLAGS = $(DEBUG_CFLAGS) $(WARNING_FLAGS) $(COMPLIANCE_FLAGS) diff --git a/plugins/dalvik/pseudo/fill.c b/plugins/dalvik/pseudo/fill.c new file mode 100644 index 0000000..dc5683c --- /dev/null +++ b/plugins/dalvik/pseudo/fill.c @@ -0,0 +1,198 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * fill.c - prise en charge de l'instruction spéciale fill-array-data + * + * Copyright (C) 2011-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "fill.h" + + +#include <assert.h> +#include <string.h> + + +#include "../instruction-int.h" + + + +/* Définition générique d'une instruction d'architecture Dalvik (instance) */ +struct _GDalvikFillInstr +{ + GDalvikInstruction parent; /* A laisser en premier */ + + uint16_t item_width; /* Taille des éléments */ + uint32_t array_size; /* Taille du tableau */ + +}; + +/* Définition générique d'une instruction d'architecture Dalvik (classe) */ +struct _GDalvikFillInstrClass +{ + GDalvikInstructionClass parent; /* A laisser en premier */ + +}; + + + +/* Initialise la classe générique des instructions. */ +static void g_dalvik_fill_instr_class_init(GDalvikFillInstrClass *); + +/* Initialise une instance d'opérande d'architecture. */ +static void g_dalvik_fill_instr_init(GDalvikFillInstr *); + +/* Supprime toutes les références externes. */ +static void g_dalvik_fill_instr_dispose(GDalvikFillInstr *); + +/* Procède à la libération totale de la mémoire. */ +static void g_dalvik_fill_instr_finalize(GDalvikFillInstr *); + + + +/* Indique le type défini pour une pseudo-instruction Dalvik de remplissage. */ +G_DEFINE_TYPE(GDalvikFillInstr, g_dalvik_fill_instr, G_TYPE_DALVIK_INSTRUCTION); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe générique des instructions. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_fill_instr_class_init(GDalvikFillInstrClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_dalvik_fill_instr_dispose; + object->finalize = (GObjectFinalizeFunc)g_dalvik_fill_instr_finalize; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instance à initialiser. * +* * +* Description : Initialise une instance d'instruction d'architecture. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_fill_instr_init(GDalvikFillInstr *instr) +{ + G_DALVIK_INSTRUCTION(instr)->keyword = "array-data"; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_fill_instr_dispose(GDalvikFillInstr *instr) +{ + G_OBJECT_CLASS(g_dalvik_fill_instr_parent_class)->dispose(G_OBJECT(instr)); + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_fill_instr_finalize(GDalvikFillInstr *instr) +{ + G_OBJECT_CLASS(g_dalvik_fill_instr_parent_class)->finalize(G_OBJECT(instr)); + +} + + +/****************************************************************************** +* * +* Paramètres : ident = identifiant de l'instruction déjà lu. * +* ctx = contexte lié à l'exécution du processeur. * +* content = flux de données à analyser. * +* pos = position courante dans ce flux. [OUT] * +* * +* Description : Crée une pesudo-instruction Dalvik de remplissage. * +* * +* Retour : Instruction mise en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GArchInstruction *g_dalvik_fill_instr_new(uint16_t ident, GDalvikContext *ctx, const GBinContent *content, vmpa2t *pos) +{ + GDalvikFillInstr *result; /* Structure à retourner */ + phys_t consumed; /* Données consommées */ + + assert(ident == DPO_FILL_ARRAY_DATA); + + result = g_object_new(G_TYPE_DALVIK_FILL_INSTR, NULL); + + G_DALVIK_INSTRUCTION(result)->ptype = ident; + + if (!g_binary_content_read_u16(content, pos, SRE_LITTLE, &result->item_width)) + goto gdfin_bad; + + if (!g_binary_content_read_u32(content, pos, SRE_LITTLE, &result->array_size)) + goto gdfin_bad; + + consumed = result->item_width * result->array_size; + + if (!g_dalvik_context_register_array_data(ctx, pos, result->item_width, consumed)) + goto gdfin_bad; + + return G_ARCH_INSTRUCTION(result); + + gdfin_bad: + + g_object_unref(result); + + return NULL; + +} diff --git a/plugins/dalvik/pseudo/fill.h b/plugins/dalvik/pseudo/fill.h new file mode 100644 index 0000000..2a63df9 --- /dev/null +++ b/plugins/dalvik/pseudo/fill.h @@ -0,0 +1,60 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * fill.h - prototypes pour la prise en charge de l'instruction spéciale fill-array-data + * + * Copyright (C) 2011-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_PSEUDO_FILL_H +#define _ARCH_DALVIK_PSEUDO_FILL_H + + +#include "../context.h" +#include "../instruction.h" +#include "../processor.h" + + +#include <glib-object.h> + + + +#define G_TYPE_DALVIK_FILL_INSTR g_dalvik_fill_instr_get_type() +#define G_DALVIK_FILL_INSTR(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_DALVIK_FILL_INSTR, GDalvikFillInstr)) +#define G_IS_DALVIK_FILL_INSTR(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_DALVIK_FILL_INSTR)) +#define G_DALVIK_FILL_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_DALVIK_FILL, GGDalvikFillClass)) +#define G_IS_DALVIK_FILL_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_DALVIK_FILL)) +#define G_DALVIK_FILL_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_DALVIK_FILL, GGDalvikFillClass)) + + +/* Définition générique d'une instruction d'architecture (instance) */ +typedef struct _GDalvikFillInstr GDalvikFillInstr; + +/* Définition générique d'une instruction d'architecture (classe) */ +typedef struct _GDalvikFillInstrClass GDalvikFillInstrClass; + + +/* Indique le type défini pour une pseudo-instruction Dalvik de remplissage. */ +GType g_dalvik_fill_instr_get_type(void); + +/* Crée une pesudo-instruction Dalvik de remplissage. */ +GArchInstruction *g_dalvik_fill_instr_new(uint16_t, GDalvikContext *, const GBinContent *, vmpa2t *); + + + +#endif /* _ARCH_DALVIK_PSEUDO_FILL_H */ diff --git a/plugins/dalvik/pseudo/switch.c b/plugins/dalvik/pseudo/switch.c new file mode 100644 index 0000000..90cff87 --- /dev/null +++ b/plugins/dalvik/pseudo/switch.c @@ -0,0 +1,301 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * switch.c - prise en charge des instructions spéciales (packed|sparse)switch + * + * Copyright (C) 2011-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "switch.h" + + +#include <assert.h> +#include <malloc.h> + + +#include "../instruction-int.h" + + + +/* Définition générique d'une instruction d'architecture Dalvik (instance) */ +struct _GDalvikSwitchInstr +{ + GDalvikInstruction parent; /* A laisser en premier */ + + uint16_t switch_size; /* Taille du switch considéré */ + + int32_t *keys; /* Table de clefs */ + int32_t *targets; /* Table des sauts relatifs */ + +}; + +/* Définition générique d'une instruction d'architecture Dalvik (classe) */ +struct _GDalvikSwitchInstrClass +{ + GDalvikInstructionClass parent; /* A laisser en premier */ + +}; + + + +/* Initialise la classe générique des instructions. */ +static void g_dalvik_switch_instr_class_init(GDalvikSwitchInstrClass *); + +/* Initialise une instance d'opérande d'architecture. */ +static void g_dalvik_switch_instr_init(GDalvikSwitchInstr *); + +/* Supprime toutes les références externes. */ +static void g_dalvik_switch_instr_dispose(GDalvikSwitchInstr *); + +/* Procède à la libération totale de la mémoire. */ +static void g_dalvik_switch_instr_finalize(GDalvikSwitchInstr *); + +/* Lit toutes les valeurs associés aux branchements. */ +static bool g_dalvik_switch_decode_data(GDalvikSwitchInstr *, const GBinContent *, const vmpa2t *); + + + +/* Indique le type défini pour une pseudo-instruction Dalvik de remplissage. */ +G_DEFINE_TYPE(GDalvikSwitchInstr, g_dalvik_switch_instr, G_TYPE_DALVIK_INSTRUCTION); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe générique des instructions. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_switch_instr_class_init(GDalvikSwitchInstrClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_dalvik_switch_instr_dispose; + object->finalize = (GObjectFinalizeFunc)g_dalvik_switch_instr_finalize; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instance à initialiser. * +* * +* Description : Initialise une instance d'instruction d'architecture. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_switch_instr_init(GDalvikSwitchInstr *instr) +{ + G_DALVIK_INSTRUCTION(instr)->keyword = "switch-data"; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_switch_instr_dispose(GDalvikSwitchInstr *instr) +{ + G_OBJECT_CLASS(g_dalvik_switch_instr_parent_class)->dispose(G_OBJECT(instr)); + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_switch_instr_finalize(GDalvikSwitchInstr *instr) +{ + if (instr->keys != NULL) + free(instr->keys); + + if (instr->targets != NULL) + free(instr->targets); + + G_OBJECT_CLASS(g_dalvik_switch_instr_parent_class)->finalize(G_OBJECT(instr)); + +} + + +/****************************************************************************** +* * +* Paramètres : ident = identifiant de l'instruction déjà lu. * +* ctx = contexte lié à l'exécution du processeur. * +* content = flux de données à analyser. * +* pos = position courante dans ce flux. [OUT] * +* * +* Description : Crée une pesudo-instruction Dalvik de branchement. * +* * +* Retour : Instruction mise en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GArchInstruction *g_dalvik_switch_instr_new(uint16_t ident, GDalvikContext *ctx, const GBinContent *content, vmpa2t *pos) +{ + GDalvikSwitchInstr *result; /* Structure à retourner */ + phys_t consumed; /* Données consommées */ + + assert(ident == DPO_PACKED_SWITCH || ident == DPO_SPARSE_SWITCH); + + result = g_object_new(G_TYPE_DALVIK_SWITCH_INSTR, NULL); + + G_DALVIK_INSTRUCTION(result)->ptype = ident; + + if (!g_binary_content_read_u16(content, pos, SRE_LITTLE, &result->switch_size)) + goto gdsin_bad; + + if (!g_dalvik_switch_decode_data(result, content, pos)) + goto gdsin_bad; + + if (ident == DPO_PACKED_SWITCH) + consumed = (1 + result->switch_size) * sizeof(int32_t); + else + consumed = (2 * result->switch_size) * sizeof(int32_t); + + if (!g_dalvik_context_register_switch_data(ctx, pos, consumed)) + goto gdsin_bad; + + return G_ARCH_INSTRUCTION(result); + + gdsin_bad: + + g_object_unref(result); + + return NULL; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instruction d'assemblage à compléter. * +* content = flux de données à analyser. * +* pos = position de lecture courante dans ce flux. * +* * +* Description : Lit toutes les valeurs associés aux branchements. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_dalvik_switch_decode_data(GDalvikSwitchInstr *instr, const GBinContent *content, const vmpa2t *pos) +{ + vmpa2t iter; /* Position modifiable */ + int32_t first_key; /* Première clef */ + uint16_t i; /* Boucle de parcours */ + + instr->keys = (int32_t *)calloc(instr->switch_size, sizeof(int32_t)); + instr->targets = (int32_t *)calloc(instr->switch_size, sizeof(int32_t)); + + copy_vmpa(&iter, pos); + + if (G_DALVIK_INSTRUCTION(instr)->ptype == DPO_PACKED_SWITCH) + { + if (!g_binary_content_read_s32(content, &iter, SRE_LITTLE, &first_key)) + goto gdsdd_bad; + + for (i = 0; i < instr->switch_size; i++) + { + instr->keys[i] = first_key + i; + + if (!g_binary_content_read_s32(content, &iter, SRE_LITTLE, &instr->targets[i])) + goto gdsdd_bad; + + } + + } + + else + { + for (i = 0; i < instr->switch_size; i++) + if (!g_binary_content_read_s32(content, &iter, SRE_LITTLE, &instr->keys[i])) + goto gdsdd_bad; + + for (i = 0; i < instr->switch_size; i++) + if (!g_binary_content_read_s32(content, &iter, SRE_LITTLE, &instr->targets[i])) + goto gdsdd_bad; + + } + + return true; + + gdsdd_bad: + + return false; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instruction d'assemblage à compléter. * +* keys = tableau renseignant les conditions de saut. [OUT] * +* targets = tableau renseignant les sauts relatifs. [OUT] * +* * +* Description : Fournit les données associées à un branchement Dalvik. * +* * +* Retour : Taille des tableaux renseignés. * +* * +* Remarques : - * +* * +******************************************************************************/ + +uint16_t g_dalvik_switch_get_data(GDalvikSwitchInstr *instr, const int32_t **keys, const int32_t **targets) +{ + if (keys != NULL) + *keys = instr->keys; + + if (targets != NULL) + *targets = instr->targets; + + return instr->switch_size; + +} diff --git a/plugins/dalvik/pseudo/switch.h b/plugins/dalvik/pseudo/switch.h new file mode 100644 index 0000000..d672f86 --- /dev/null +++ b/plugins/dalvik/pseudo/switch.h @@ -0,0 +1,63 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * switch.h - prototypes pour la prise en charge des instructions spéciales (packed|sparse)switch + * + * Copyright (C) 2011-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_PSEUDO_SWITCH_H +#define _ARCH_DALVIK_PSEUDO_SWITCH_H + + +#include "../context.h" +#include "../instruction.h" +#include "../processor.h" + + +#include <glib-object.h> + + + +#define G_TYPE_DALVIK_SWITCH_INSTR g_dalvik_switch_instr_get_type() +#define G_DALVIK_SWITCH_INSTR(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_DALVIK_SWITCH_INSTR, GDalvikSwitchInstr)) +#define G_IS_DALVIK_SWITCH_INSTR(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_DALVIK_SWITCH_INSTR)) +#define G_DALVIK_SWITCH_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_DALVIK_SWITCH, GGDalvikSwitchClass)) +#define G_IS_DALVIK_SWITCH_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_DALVIK_SWITCH)) +#define G_DALVIK_SWITCH_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_DALVIK_SWITCH, GGDalvikSwitchClass)) + + +/* Définition générique d'une instruction d'architecture (instance) */ +typedef struct _GDalvikSwitchInstr GDalvikSwitchInstr; + +/* Définition générique d'une instruction d'architecture (classe) */ +typedef struct _GDalvikSwitchInstrClass GDalvikSwitchInstrClass; + + +/* Indique le type défini pour une pseudo-instruction Dalvik de remplissage. */ +GType g_dalvik_switch_instr_get_type(void); + +/* Crée une pesudo-instruction Dalvik de branchement. */ +GArchInstruction *g_dalvik_switch_instr_new(uint16_t, GDalvikContext *, const GBinContent *, vmpa2t *); + +/* Fournit les données associées à un branchement Dalvik. */ +uint16_t g_dalvik_switch_get_data(GDalvikSwitchInstr *, const int32_t **, const int32_t **); + + + +#endif /* _ARCH_DALVIK_PSEUDO_SWITCH_H */ |